Merge branch 'main' into tausbn/python-add-support-for-python-3.12-type-syntax

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,17 @@
+## 0.12.0
+
+### Breaking Changes
+
+* The expressions `AssignPointerAddExpr` and `AssignPointerSubExpr` are no longer subtypes of `AssignBitwiseOperation`.
+
+### Minor Analysis Improvements
+
+* The "Returning stack-allocated memory" (`cpp/return-stack-allocated-memory`) query now also detects returning stack-allocated memory allocated by calls to `alloca`, `strdupa`, and `strndupa`.
+* Added models for `strlcpy` and `strlcat`.
+* Added models for the `sprintf` variants from the `StrSafe.h` header.
+* Added SQL API models for `ODBC`.
+* Added taint models for `realloc` and related functions.
+
 ## 0.11.0
 
 ### Breaking Changes

cpp/ql/lib/change-notes/2023-10-30-realloc-flow.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added taint models for `realloc` and related functions.

cpp/ql/lib/change-notes/2023-10-31-assign-pointer-add-sub-expr.md

@@ -1,4 +0,0 @@
----
-category: breaking
----
-* The expressions `AssignPointerAddExpr` and `AssignPointerSubExpr` are no longer subtypes of `AssignBitwiseOperation`.

cpp/ql/lib/change-notes/2023-10-31-odbc-models.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added SQL API models for `ODBC`.

cpp/ql/lib/change-notes/2023-11-08-strsafe-models.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added models for the `sprintf` variants from the `StrSafe.h` header.

cpp/ql/lib/change-notes/2023-11-10-strlcpy-strlcat-models.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added models for `strlcpy` and `strlcat`.

cpp/ql/lib/change-notes/2023-11-15-return-stack-allocated-memory.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* The "Returning stack-allocated memory" (`cpp/return-stack-allocated-memory`) query now also detects returning stack-allocated memory allocated by calls to `alloca`, `strdupa`, and `strndupa`.

cpp/ql/lib/change-notes/released/0.12.0.md

@@ -0,0 +1,13 @@
+## 0.12.0
+
+### Breaking Changes
+
+* The expressions `AssignPointerAddExpr` and `AssignPointerSubExpr` are no longer subtypes of `AssignBitwiseOperation`.
+
+### Minor Analysis Improvements
+
+* The "Returning stack-allocated memory" (`cpp/return-stack-allocated-memory`) query now also detects returning stack-allocated memory allocated by calls to `alloca`, `strdupa`, and `strndupa`.
+* Added models for `strlcpy` and `strlcat`.
+* Added models for the `sprintf` variants from the `StrSafe.h` header.
+* Added SQL API models for `ODBC`.
+* Added taint models for `realloc` and related functions.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.11.0
+lastReleaseVersion: 0.12.0

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.11.1-dev
+version: 0.12.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll

@@ -1273,31 +1273,90 @@ abstract private class IndirectExprNodeBase extends Node {
   }
 }
 
-private class IndirectOperandIndirectExprNode extends IndirectExprNodeBase instanceof IndirectOperand
+/** A signature for converting an indirect node to an expression. */
-{
+private signature module IndirectNodeToIndirectExprSig {
-  IndirectOperandIndirectExprNode() {
+  /** The indirect node class to be converted to an expression */
-    exists(Expr e, int n, int indirectionIndex |
+  class IndirectNode;
-      indirectExprNodeShouldBeIndirectOperand(this, e, n, indirectionIndex) and
+
-      not indirectExprNodeShouldBeIndirectOperand(_, e, n + 1, indirectionIndex)
+  /**
-    )
+   * Holds if the indirect expression at indirection index `indirectionIndex`
+   * of `node` is `e`. The integer `n` specifies how many conversions has been
+   * applied to `node`.
+   */
+  predicate indirectNodeHasIndirectExpr(IndirectNode node, Expr e, int n, int indirectionIndex);
+}
+
+/**
+ * A module that implements the logic for deciding whether an indirect node
+ * should be an `IndirectExprNode`.
+ */
+private module IndirectNodeToIndirectExpr<IndirectNodeToIndirectExprSig Sig> {
+  import Sig
+
+  /**
+   * This predicate shifts the indirection index by one when `conv` is a
+   * `ReferenceDereferenceExpr`.
+   *
+   * This is necessary because `ReferenceDereferenceExpr` is a conversion
+   * in the AST, but appears as a `LoadInstruction` in the IR.
+   */
+  bindingset[e, indirectionIndex]
+  private predicate adjustForReference(
+    Expr e, int indirectionIndex, Expr conv, int adjustedIndirectionIndex
+  ) {
+    conv.(ReferenceDereferenceExpr).getExpr() = e and
+    adjustedIndirectionIndex = indirectionIndex - 1
+    or
+    not conv instanceof ReferenceDereferenceExpr and
+    conv = e and
+    adjustedIndirectionIndex = indirectionIndex
   }
 
-  final override Expr getConvertedExpr(int n, int index) {
+  /** Holds if `node` should be an `IndirectExprNode`. */
-    indirectExprNodeShouldBeIndirectOperand(this, result, n, index)
+  predicate charpred(IndirectNode node) {
+    exists(Expr e, int n, int indirectionIndex |
+      indirectNodeHasIndirectExpr(node, e, n, indirectionIndex) and
+      not exists(Expr conv, int adjustedIndirectionIndex |
+        adjustForReference(e, indirectionIndex, conv, adjustedIndirectionIndex) and
+        indirectNodeHasIndirectExpr(_, conv, n + 1, adjustedIndirectionIndex)
+      )
+    )
   }
 }
 
-private class IndirectInstructionIndirectExprNode extends IndirectExprNodeBase instanceof IndirectInstruction
+private module IndirectOperandIndirectExprNodeImpl implements IndirectNodeToIndirectExprSig {
+  class IndirectNode = IndirectOperand;
+
+  predicate indirectNodeHasIndirectExpr = indirectExprNodeShouldBeIndirectOperand/4;
+}
+
+module IndirectOperandToIndirectExpr =
+  IndirectNodeToIndirectExpr<IndirectOperandIndirectExprNodeImpl>;
+
+private class IndirectOperandIndirectExprNode extends IndirectExprNodeBase instanceof IndirectOperand
 {
-  IndirectInstructionIndirectExprNode() {
+  IndirectOperandIndirectExprNode() { IndirectOperandToIndirectExpr::charpred(this) }
-    exists(Expr e, int n, int indirectionIndex |
-      indirectExprNodeShouldBeIndirectInstruction(this, e, n, indirectionIndex) and
-      not indirectExprNodeShouldBeIndirectInstruction(_, e, n + 1, indirectionIndex)
-    )
-  }
 
   final override Expr getConvertedExpr(int n, int index) {
-    indirectExprNodeShouldBeIndirectInstruction(this, result, n, index)
+    IndirectOperandToIndirectExpr::indirectNodeHasIndirectExpr(this, result, n, index)
+  }
+}
+
+private module IndirectInstructionIndirectExprNodeImpl implements IndirectNodeToIndirectExprSig {
+  class IndirectNode = IndirectInstruction;
+
+  predicate indirectNodeHasIndirectExpr = indirectExprNodeShouldBeIndirectInstruction/4;
+}
+
+module IndirectInstructionToIndirectExpr =
+  IndirectNodeToIndirectExpr<IndirectInstructionIndirectExprNodeImpl>;
+
+private class IndirectInstructionIndirectExprNode extends IndirectExprNodeBase instanceof IndirectInstruction
+{
+  IndirectInstructionIndirectExprNode() { IndirectInstructionToIndirectExpr::charpred(this) }
+
+  final override Expr getConvertedExpr(int n, int index) {
+    IndirectInstructionToIndirectExpr::indirectNodeHasIndirectExpr(this, result, n, index)
   }
 }
 

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.8.3
+
+### Minor Analysis Improvements
+
+* The `cpp/uninitialized-local` query has been improved to produce fewer false positives.
+
 ## 0.8.2
 
 No user-facing changes.

cpp/ql/src/change-notes/released/0.8.3.md

@@ -1,4 +1,5 @@
----
+## 0.8.3
-category: minorAnalysis
+
----
+### Minor Analysis Improvements
+
 * The `cpp/uninitialized-local` query has been improved to produce fewer false positives.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.2
+lastReleaseVersion: 0.8.3

cpp/ql/src/experimental/cryptography/inventory/new_models/AllAsymmetricAlgorithms.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/all-asymmetric-algorithms
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/experimental/cryptography/inventory/new_models/AllCryptoAlgorithms.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/all-cryptographic-algorithms
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricEncryptionAlgorithms.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/all-asymmetric-encryption-algorithms
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/experimental/cryptography/inventory/new_models/AuthenticatedEncryptionAlgorithms.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/authenticated-encryption-algorithms
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeAlgorithms.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/block-cipher-mode
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeKnownIVsOrNonces.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/iv-sources
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeUnknownIVsOrNonces.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/unkown-iv-sources
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithmSize.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/elliptic-curve-key-length
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithms.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/elliptic-curve-algorithms
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/experimental/cryptography/inventory/new_models/HashingAlgorithms.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/hash-algorithms
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/experimental/cryptography/inventory/new_models/KeyExchangeAlgorithms.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/key-exchange
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/experimental/cryptography/inventory/new_models/KnownAsymmetricKeyGeneration.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/asymmetric-key-generation
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/experimental/cryptography/inventory/new_models/SigningAlgorithms.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/signing-algorithms
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricEncryptionAlgorithms.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/symmetric-encryption-algorithms
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/experimental/cryptography/inventory/new_models/UnknownAsymmetricKeyGeneration.ql

@@ -4,7 +4,6 @@
  * @kind problem
  * @id cpp/quantum-readiness/cbom/unkwon-asymmetric-key-generation
  * @problem.severity error
- * @precision high
  * @tags cbom
  *       cryptography
  */

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.8.3-dev
+version: 0.8.4-dev
 groups:
   - cpp
   - queries

cpp/ql/test/library-tests/dataflow/dataflow-tests/TestBase.qll

@@ -0,0 +1,103 @@
+module AstTest {
+  import semmle.code.cpp.dataflow.DataFlow
+  private import semmle.code.cpp.controlflow.Guards
+
+  /**
+   * A `BarrierGuard` that stops flow to all occurrences of `x` within statement
+   * S in `if (guarded(x)) S`.
+   */
+  // This is tested in `BarrierGuard.cpp`.
+  predicate testBarrierGuard(GuardCondition g, Expr checked, boolean isTrue) {
+    g.(FunctionCall).getTarget().getName() = "guarded" and
+    checked = g.(FunctionCall).getArgument(0) and
+    isTrue = true
+  }
+
+  /** Common data flow configuration to be used by tests. */
+  module AstTestAllocationConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) {
+      source.asExpr().(FunctionCall).getTarget().getName() = "source"
+      or
+      source.asParameter().getName().matches("source%")
+      or
+      source.asExpr().(FunctionCall).getTarget().getName() = "indirect_source"
+      or
+      source.(DataFlow::DefinitionByReferenceNode).getParameter().getName().matches("ref_source%")
+      or
+      // Track uninitialized variables
+      exists(source.asUninitialized())
+    }
+
+    predicate isSink(DataFlow::Node sink) {
+      exists(FunctionCall call |
+        call.getTarget().getName() = ["sink", "indirect_sink"] and
+        sink.asExpr() = call.getAnArgument()
+      )
+    }
+
+    predicate isBarrier(DataFlow::Node barrier) {
+      barrier.asExpr().(VariableAccess).getTarget().hasName("barrier") or
+      barrier = DataFlow::BarrierGuard<testBarrierGuard/3>::getABarrierNode()
+    }
+  }
+
+  module AstFlow = DataFlow::Global<AstTestAllocationConfig>;
+}
+
+module IRTest {
+  private import cpp
+  import semmle.code.cpp.ir.dataflow.DataFlow
+  private import semmle.code.cpp.ir.IR
+  private import semmle.code.cpp.controlflow.IRGuards
+
+  /**
+   * A `BarrierGuard` that stops flow to all occurrences of `x` within statement
+   * S in `if (guarded(x)) S`.
+   */
+  // This is tested in `BarrierGuard.cpp`.
+  predicate testBarrierGuard(IRGuardCondition g, Expr checked, boolean isTrue) {
+    exists(Call call |
+      call = g.getUnconvertedResultExpression() and
+      call.getTarget().hasName("guarded") and
+      checked = call.getArgument(0) and
+      isTrue = true
+    )
+  }
+
+  /** Common data flow configuration to be used by tests. */
+  module IRTestAllocationConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) {
+      source.asExpr().(FunctionCall).getTarget().getName() = "source"
+      or
+      source.asIndirectExpr(1).(FunctionCall).getTarget().getName() = "indirect_source"
+      or
+      source.asParameter().getName().matches("source%")
+      or
+      source.(DataFlow::DefinitionByReferenceNode).getParameter().getName().matches("ref_source%")
+      or
+      exists(source.asUninitialized())
+    }
+
+    predicate isSink(DataFlow::Node sink) {
+      exists(FunctionCall call, Expr e | e = call.getAnArgument() |
+        call.getTarget().getName() = "sink" and
+        sink.asExpr() = e
+        or
+        call.getTarget().getName() = "indirect_sink" and
+        sink.asIndirectExpr() = e
+      )
+    }
+
+    predicate isBarrier(DataFlow::Node barrier) {
+      exists(Expr barrierExpr | barrierExpr in [barrier.asExpr(), barrier.asIndirectExpr()] |
+        barrierExpr.(VariableAccess).getTarget().hasName("barrier")
+      )
+      or
+      barrier = DataFlow::BarrierGuard<testBarrierGuard/3>::getABarrierNode()
+      or
+      barrier = DataFlow::BarrierGuard<testBarrierGuard/3>::getAnIndirectBarrierNode()
+    }
+  }
+
+  module IRFlow = DataFlow::Global<IRTestAllocationConfig>;
+}

cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected

@@ -24,6 +24,7 @@ argHasPostUpdate
 | lambdas.cpp:45:2:45:2 | e | ArgumentNode is missing PostUpdateNode. |
 | test.cpp:67:29:67:35 | source1 | ArgumentNode is missing PostUpdateNode. |
 | test.cpp:813:19:813:35 | * ... | ArgumentNode is missing PostUpdateNode. |
+| test.cpp:848:23:848:25 | rpx | ArgumentNode is missing PostUpdateNode. |
 postWithInFlow
 | BarrierGuard.cpp:49:6:49:6 | x [post update] | PostUpdateNode should not be the target of local flow. |
 | BarrierGuard.cpp:60:7:60:7 | x [post update] | PostUpdateNode should not be the target of local flow. |

cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected

@@ -0,0 +1,294 @@
+WARNING: Module DataFlow has been deprecated and may be removed in future (test-source-sink.ql:3,25-42)
+WARNING: Module DataFlow has been deprecated and may be removed in future (test-source-sink.ql:3,57-74)
+astFlow
+| BarrierGuard.cpp:5:19:5:24 | source | BarrierGuard.cpp:9:10:9:15 | source |
+| BarrierGuard.cpp:13:17:13:22 | source | BarrierGuard.cpp:15:10:15:15 | source |
+| BarrierGuard.cpp:21:17:21:22 | source | BarrierGuard.cpp:25:10:25:15 | source |
+| BarrierGuard.cpp:29:16:29:21 | source | BarrierGuard.cpp:31:10:31:15 | source |
+| BarrierGuard.cpp:29:16:29:21 | source | BarrierGuard.cpp:33:10:33:15 | source |
+| BarrierGuard.cpp:49:10:49:15 | call to source | BarrierGuard.cpp:51:13:51:13 | x |
+| BarrierGuard.cpp:49:10:49:15 | call to source | BarrierGuard.cpp:53:13:53:13 | x |
+| BarrierGuard.cpp:49:10:49:15 | call to source | BarrierGuard.cpp:55:13:55:13 | x |
+| BarrierGuard.cpp:60:11:60:16 | call to source | BarrierGuard.cpp:62:14:62:14 | x |
+| BarrierGuard.cpp:60:11:60:16 | call to source | BarrierGuard.cpp:64:14:64:14 | x |
+| BarrierGuard.cpp:60:11:60:16 | call to source | BarrierGuard.cpp:66:14:66:14 | x |
+| acrossLinkTargets.cpp:19:27:19:32 | call to source | acrossLinkTargets.cpp:12:8:12:8 | x |
+| clang.cpp:12:9:12:20 | sourceArray1 | clang.cpp:18:8:18:19 | sourceArray1 |
+| clang.cpp:12:9:12:20 | sourceArray1 | clang.cpp:22:8:22:20 | & ... |
+| clang.cpp:12:9:12:20 | sourceArray1 | clang.cpp:23:17:23:29 | & ... |
+| clang.cpp:29:27:29:32 | call to source | clang.cpp:30:27:30:28 | m1 |
+| clang.cpp:29:27:29:32 | call to source | clang.cpp:31:27:31:34 | call to getFirst |
+| clang.cpp:35:32:35:37 | call to source | clang.cpp:38:10:38:11 | m2 |
+| clang.cpp:44:35:44:40 | call to source | clang.cpp:46:17:46:18 | m2 |
+| clang.cpp:51:19:51:24 | call to source | clang.cpp:52:8:52:17 | stackArray |
+| clang.cpp:51:19:51:24 | call to source | clang.cpp:53:17:53:26 | stackArray |
+| dispatch.cpp:9:37:9:42 | call to source | dispatch.cpp:35:16:35:25 | call to notSource1 |
+| dispatch.cpp:9:37:9:42 | call to source | dispatch.cpp:43:15:43:24 | call to notSource1 |
+| dispatch.cpp:10:37:10:42 | call to source | dispatch.cpp:36:16:36:25 | call to notSource2 |
+| dispatch.cpp:10:37:10:42 | call to source | dispatch.cpp:44:15:44:24 | call to notSource2 |
+| dispatch.cpp:37:19:37:24 | call to source | dispatch.cpp:11:38:11:38 | x |
+| dispatch.cpp:45:18:45:23 | call to source | dispatch.cpp:11:38:11:38 | x |
+| globals.cpp:5:17:5:22 | call to source | globals.cpp:6:10:6:14 | local |
+| lambdas.cpp:8:10:8:15 | call to source | lambdas.cpp:14:3:14:6 | t |
+| lambdas.cpp:8:10:8:15 | call to source | lambdas.cpp:18:8:18:8 | call to operator() |
+| lambdas.cpp:8:10:8:15 | call to source | lambdas.cpp:21:3:21:6 | t |
+| lambdas.cpp:8:10:8:15 | call to source | lambdas.cpp:29:3:29:6 | t |
+| lambdas.cpp:8:10:8:15 | call to source | lambdas.cpp:35:8:35:8 | a |
+| lambdas.cpp:8:10:8:15 | call to source | lambdas.cpp:41:8:41:8 | a |
+| lambdas.cpp:43:7:43:12 | call to source | lambdas.cpp:46:7:46:7 | w |
+| ref.cpp:29:11:29:16 | call to source | ref.cpp:62:10:62:11 | x3 |
+| ref.cpp:53:9:53:10 | x1 | ref.cpp:56:10:56:11 | x1 |
+| ref.cpp:53:13:53:14 | x2 | ref.cpp:59:10:59:11 | x2 |
+| ref.cpp:53:17:53:18 | x3 | ref.cpp:62:10:62:11 | x3 |
+| ref.cpp:53:21:53:22 | x4 | ref.cpp:65:10:65:11 | x4 |
+| ref.cpp:55:23:55:28 | call to source | ref.cpp:56:10:56:11 | x1 |
+| ref.cpp:94:15:94:20 | call to source | ref.cpp:129:13:129:15 | val |
+| ref.cpp:109:15:109:20 | call to source | ref.cpp:132:13:132:15 | val |
+| ref.cpp:122:23:122:28 | call to source | ref.cpp:123:13:123:15 | val |
+| ref.cpp:125:19:125:24 | call to source | ref.cpp:126:13:126:15 | val |
+| self-Iterator.cpp:19:23:19:28 | call to source | self-Iterator.cpp:20:10:20:10 | x |
+| test.cpp:6:12:6:17 | call to source | test.cpp:7:8:7:9 | t1 |
+| test.cpp:6:12:6:17 | call to source | test.cpp:9:8:9:9 | t1 |
+| test.cpp:6:12:6:17 | call to source | test.cpp:10:8:10:9 | t2 |
+| test.cpp:6:12:6:17 | call to source | test.cpp:15:8:15:9 | t2 |
+| test.cpp:6:12:6:17 | call to source | test.cpp:26:8:26:9 | t1 |
+| test.cpp:35:10:35:15 | call to source | test.cpp:30:8:30:8 | t |
+| test.cpp:36:13:36:18 | call to source | test.cpp:31:8:31:8 | c |
+| test.cpp:50:14:50:19 | call to source | test.cpp:58:10:58:10 | t |
+| test.cpp:66:30:66:36 | source1 | test.cpp:71:8:71:9 | x4 |
+| test.cpp:75:7:75:8 | u1 | test.cpp:76:8:76:9 | u1 |
+| test.cpp:83:7:83:8 | u2 | test.cpp:84:8:84:18 | ... ? ... : ... |
+| test.cpp:83:7:83:8 | u2 | test.cpp:86:8:86:9 | i1 |
+| test.cpp:89:28:89:34 | source1 | test.cpp:90:8:90:14 | source1 |
+| test.cpp:100:13:100:18 | call to source | test.cpp:103:10:103:12 | ref |
+| test.cpp:138:27:138:32 | call to source | test.cpp:140:8:140:8 | y |
+| test.cpp:151:33:151:38 | call to source | test.cpp:144:8:144:8 | s |
+| test.cpp:151:33:151:38 | call to source | test.cpp:152:8:152:8 | y |
+| test.cpp:164:34:164:39 | call to source | test.cpp:157:8:157:8 | x |
+| test.cpp:164:34:164:39 | call to source | test.cpp:165:8:165:8 | y |
+| test.cpp:171:11:171:16 | call to source | test.cpp:178:8:178:8 | y |
+| test.cpp:245:14:245:19 | call to source | test.cpp:260:12:260:12 | x |
+| test.cpp:265:22:265:27 | call to source | test.cpp:266:12:266:12 | x |
+| test.cpp:305:17:305:22 | call to source | test.cpp:289:14:289:14 | x |
+| test.cpp:314:4:314:9 | call to source | test.cpp:318:7:318:7 | x |
+| test.cpp:347:17:347:22 | call to source | test.cpp:349:10:349:18 | globalVar |
+| test.cpp:359:13:359:18 | call to source | test.cpp:365:10:365:14 | field |
+| test.cpp:373:13:373:18 | call to source | test.cpp:369:10:369:14 | field |
+| test.cpp:373:13:373:18 | call to source | test.cpp:375:10:375:14 | field |
+| test.cpp:382:48:382:54 | source1 | test.cpp:385:8:385:10 | tmp |
+| test.cpp:388:53:388:59 | source1 | test.cpp:392:8:392:10 | tmp |
+| test.cpp:388:53:388:59 | source1 | test.cpp:394:10:394:12 | tmp |
+| test.cpp:399:7:399:9 | tmp | test.cpp:401:8:401:10 | tmp |
+| test.cpp:405:7:405:9 | tmp | test.cpp:408:8:408:10 | tmp |
+| test.cpp:416:7:416:11 | local | test.cpp:418:8:418:12 | local |
+| test.cpp:417:16:417:20 | ref arg local | test.cpp:418:8:418:12 | local |
+| test.cpp:422:7:422:11 | local | test.cpp:424:8:424:12 | local |
+| test.cpp:423:20:423:25 | ref arg & ... | test.cpp:424:8:424:12 | local |
+| test.cpp:433:7:433:11 | local | test.cpp:435:8:435:12 | local |
+| test.cpp:433:7:433:11 | local | test.cpp:436:8:436:13 | * ... |
+| test.cpp:434:20:434:24 | ref arg local | test.cpp:435:8:435:12 | local |
+| test.cpp:434:20:434:24 | ref arg local | test.cpp:436:8:436:13 | * ... |
+| test.cpp:440:7:440:11 | local | test.cpp:442:8:442:12 | local |
+| test.cpp:441:18:441:23 | ref arg & ... | test.cpp:442:8:442:12 | local |
+| test.cpp:448:7:448:11 | local | test.cpp:450:8:450:12 | local |
+| test.cpp:448:7:448:11 | local | test.cpp:451:8:451:13 | * ... |
+| test.cpp:449:18:449:22 | ref arg local | test.cpp:450:8:450:12 | local |
+| test.cpp:449:18:449:22 | ref arg local | test.cpp:451:8:451:13 | * ... |
+| test.cpp:456:26:456:32 | source1 | test.cpp:457:9:457:22 | (statement expression) |
+| test.cpp:456:26:456:32 | source1 | test.cpp:468:8:468:12 | local |
+| test.cpp:472:8:472:13 | call to source | test.cpp:478:8:478:8 | x |
+| test.cpp:506:8:506:13 | call to source | test.cpp:513:8:513:8 | x |
+| test.cpp:517:7:517:16 | stackArray | test.cpp:521:8:521:20 | access to array |
+| test.cpp:519:19:519:24 | call to source | test.cpp:521:8:521:20 | access to array |
+| test.cpp:551:9:551:9 | y | test.cpp:541:10:541:10 | y |
+| test.cpp:583:11:583:16 | call to source | test.cpp:590:8:590:8 | x |
+| test.cpp:628:20:628:25 | ref arg buffer | test.cpp:629:17:629:22 | buffer |
+| test.cpp:633:18:633:23 | call to source | test.cpp:634:8:634:8 | x |
+| test.cpp:702:38:702:43 | source | test.cpp:695:8:695:10 | buf |
+| test.cpp:726:11:726:16 | call to source | test.cpp:735:8:735:8 | x |
+| test.cpp:733:7:733:7 | x | test.cpp:735:8:735:8 | x |
+| test.cpp:749:27:749:32 | call to source | test.cpp:740:10:740:10 | x |
+| test.cpp:751:27:751:32 | call to source | test.cpp:740:10:740:10 | x |
+| test.cpp:753:32:753:37 | call to source | test.cpp:740:10:740:10 | x |
+| test.cpp:755:32:755:37 | call to source | test.cpp:740:10:740:10 | x |
+| test.cpp:769:27:769:32 | call to source | test.cpp:760:10:760:10 | x |
+| test.cpp:771:27:771:32 | call to source | test.cpp:760:10:760:10 | x |
+| test.cpp:773:32:773:37 | call to source | test.cpp:760:10:760:10 | x |
+| test.cpp:775:32:775:37 | call to source | test.cpp:760:10:760:10 | x |
+| test.cpp:788:31:788:36 | call to source | test.cpp:782:12:782:12 | x |
+| test.cpp:790:31:790:36 | call to source | test.cpp:782:12:782:12 | x |
+| test.cpp:797:22:797:28 | ref arg content | test.cpp:798:19:798:25 | content |
+| test.cpp:842:11:842:16 | call to source | test.cpp:844:8:844:8 | y |
+| test.cpp:846:13:846:27 | call to indirect_source | test.cpp:848:23:848:25 | rpx |
+| true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
+| true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |
+| true_upon_entry.cpp:33:11:33:16 | call to source | true_upon_entry.cpp:39:8:39:8 | x |
+| true_upon_entry.cpp:43:11:43:16 | call to source | true_upon_entry.cpp:49:8:49:8 | x |
+| true_upon_entry.cpp:54:11:54:16 | call to source | true_upon_entry.cpp:57:8:57:8 | x |
+| true_upon_entry.cpp:70:11:70:16 | call to source | true_upon_entry.cpp:78:8:78:8 | x |
+| true_upon_entry.cpp:83:11:83:16 | call to source | true_upon_entry.cpp:86:8:86:8 | x |
+irFlow
+| BarrierGuard.cpp:5:19:5:24 | source | BarrierGuard.cpp:9:10:9:15 | source |
+| BarrierGuard.cpp:13:17:13:22 | source | BarrierGuard.cpp:15:10:15:15 | source |
+| BarrierGuard.cpp:21:17:21:22 | source | BarrierGuard.cpp:25:10:25:15 | source |
+| BarrierGuard.cpp:29:16:29:21 | source | BarrierGuard.cpp:31:10:31:15 | source |
+| BarrierGuard.cpp:29:16:29:21 | source | BarrierGuard.cpp:33:10:33:15 | source |
+| BarrierGuard.cpp:49:10:49:15 | call to source | BarrierGuard.cpp:53:13:53:13 | x |
+| BarrierGuard.cpp:49:10:49:15 | call to source | BarrierGuard.cpp:55:13:55:13 | x |
+| BarrierGuard.cpp:60:11:60:16 | call to source | BarrierGuard.cpp:64:14:64:14 | x |
+| BarrierGuard.cpp:60:11:60:16 | call to source | BarrierGuard.cpp:66:14:66:14 | x |
+| acrossLinkTargets.cpp:19:27:19:32 | call to source | acrossLinkTargets.cpp:12:8:12:8 | x |
+| clang.cpp:12:9:12:20 | sourceArray1 | clang.cpp:18:8:18:19 | sourceArray1 |
+| clang.cpp:12:9:12:20 | sourceArray1 | clang.cpp:23:17:23:29 | & ... indirection |
+| clang.cpp:29:27:29:32 | call to source | clang.cpp:30:27:30:28 | m1 |
+| clang.cpp:29:27:29:32 | call to source | clang.cpp:31:27:31:34 | call to getFirst |
+| clang.cpp:35:32:35:37 | call to source | clang.cpp:38:10:38:11 | m2 |
+| clang.cpp:40:42:40:47 | call to source | clang.cpp:42:18:42:19 | m2 |
+| clang.cpp:44:35:44:40 | call to source | clang.cpp:46:17:46:18 | m2 |
+| clang.cpp:50:7:50:16 | definition of stackArray | clang.cpp:52:8:52:17 | stackArray |
+| clang.cpp:50:25:50:30 | call to source | clang.cpp:53:17:53:26 | stackArray indirection |
+| clang.cpp:50:35:50:40 | call to source | clang.cpp:53:17:53:26 | stackArray indirection |
+| clang.cpp:51:19:51:24 | call to source | clang.cpp:53:17:53:26 | stackArray indirection |
+| dispatch.cpp:9:37:9:42 | call to source | dispatch.cpp:35:16:35:25 | call to notSource1 |
+| dispatch.cpp:9:37:9:42 | call to source | dispatch.cpp:43:15:43:24 | call to notSource1 |
+| dispatch.cpp:10:37:10:42 | call to source | dispatch.cpp:36:16:36:25 | call to notSource2 |
+| dispatch.cpp:10:37:10:42 | call to source | dispatch.cpp:44:15:44:24 | call to notSource2 |
+| dispatch.cpp:16:37:16:42 | call to source | dispatch.cpp:32:16:32:24 | call to isSource2 |
+| dispatch.cpp:16:37:16:42 | call to source | dispatch.cpp:40:15:40:23 | call to isSource2 |
+| dispatch.cpp:22:37:22:42 | call to source | dispatch.cpp:31:16:31:24 | call to isSource1 |
+| dispatch.cpp:22:37:22:42 | call to source | dispatch.cpp:39:15:39:23 | call to isSource1 |
+| dispatch.cpp:22:37:22:42 | call to source | dispatch.cpp:55:22:55:30 | call to isSource1 |
+| dispatch.cpp:22:37:22:42 | call to source | dispatch.cpp:58:28:58:36 | call to isSource1 |
+| dispatch.cpp:33:18:33:23 | call to source | dispatch.cpp:23:38:23:38 | x |
+| dispatch.cpp:37:19:37:24 | call to source | dispatch.cpp:11:38:11:38 | x |
+| dispatch.cpp:41:17:41:22 | call to source | dispatch.cpp:23:38:23:38 | x |
+| dispatch.cpp:45:18:45:23 | call to source | dispatch.cpp:11:38:11:38 | x |
+| dispatch.cpp:69:15:69:20 | call to source | dispatch.cpp:23:38:23:38 | x |
+| dispatch.cpp:73:14:73:19 | call to source | dispatch.cpp:23:38:23:38 | x |
+| dispatch.cpp:81:13:81:18 | call to source | dispatch.cpp:23:38:23:38 | x |
+| dispatch.cpp:107:17:107:22 | call to source | dispatch.cpp:96:8:96:8 | x |
+| dispatch.cpp:140:8:140:13 | call to source | dispatch.cpp:96:8:96:8 | x |
+| dispatch.cpp:144:8:144:13 | call to source | dispatch.cpp:96:8:96:8 | x |
+| flowOut.cpp:5:16:5:21 | call to source | flowOut.cpp:19:9:19:9 | x |
+| globals.cpp:5:17:5:22 | call to source | globals.cpp:6:10:6:14 | local |
+| globals.cpp:13:23:13:28 | call to source | globals.cpp:12:10:12:24 | flowTestGlobal1 |
+| globals.cpp:23:23:23:28 | call to source | globals.cpp:19:10:19:24 | flowTestGlobal2 |
+| lambdas.cpp:8:10:8:15 | call to source | lambdas.cpp:14:8:14:8 | t |
+| lambdas.cpp:8:10:8:15 | call to source | lambdas.cpp:18:8:18:8 | call to operator() |
+| lambdas.cpp:8:10:8:15 | call to source | lambdas.cpp:21:8:21:8 | t |
+| lambdas.cpp:8:10:8:15 | call to source | lambdas.cpp:29:8:29:8 | t |
+| lambdas.cpp:8:10:8:15 | call to source | lambdas.cpp:35:8:35:8 | a |
+| lambdas.cpp:8:10:8:15 | call to source | lambdas.cpp:41:8:41:8 | a |
+| lambdas.cpp:43:7:43:12 | call to source | lambdas.cpp:46:7:46:7 | w |
+| ref.cpp:29:11:29:16 | call to source | ref.cpp:62:10:62:11 | x3 |
+| ref.cpp:53:9:53:10 | definition of x1 | ref.cpp:56:10:56:11 | x1 |
+| ref.cpp:53:13:53:14 | definition of x2 | ref.cpp:59:10:59:11 | x2 |
+| ref.cpp:53:17:53:18 | definition of x3 | ref.cpp:62:10:62:11 | x3 |
+| ref.cpp:53:21:53:22 | definition of x4 | ref.cpp:65:10:65:11 | x4 |
+| ref.cpp:55:23:55:28 | call to source | ref.cpp:56:10:56:11 | x1 |
+| ref.cpp:94:15:94:20 | call to source | ref.cpp:129:13:129:15 | val |
+| ref.cpp:109:15:109:20 | call to source | ref.cpp:132:13:132:15 | val |
+| ref.cpp:122:23:122:28 | call to source | ref.cpp:123:13:123:15 | val |
+| ref.cpp:125:19:125:24 | call to source | ref.cpp:126:13:126:15 | val |
+| self-Iterator.cpp:19:23:19:30 | call to source | self-Iterator.cpp:20:10:20:10 | x |
+| test.cpp:6:12:6:17 | call to source | test.cpp:7:8:7:9 | t1 |
+| test.cpp:6:12:6:17 | call to source | test.cpp:9:8:9:9 | t1 |
+| test.cpp:6:12:6:17 | call to source | test.cpp:10:8:10:9 | t2 |
+| test.cpp:6:12:6:17 | call to source | test.cpp:15:8:15:9 | t2 |
+| test.cpp:6:12:6:17 | call to source | test.cpp:26:8:26:9 | t1 |
+| test.cpp:35:10:35:15 | call to source | test.cpp:30:8:30:8 | t |
+| test.cpp:36:13:36:18 | call to source | test.cpp:31:8:31:8 | c |
+| test.cpp:50:14:50:19 | call to source | test.cpp:58:10:58:10 | t |
+| test.cpp:66:30:66:36 | source1 | test.cpp:71:8:71:9 | x4 |
+| test.cpp:75:7:75:8 | definition of u1 | test.cpp:76:8:76:9 | u1 |
+| test.cpp:83:7:83:8 | definition of u2 | test.cpp:84:8:84:18 | ... ? ... : ... |
+| test.cpp:83:7:83:8 | definition of u2 | test.cpp:86:8:86:9 | i1 |
+| test.cpp:89:28:89:34 | source1 indirection | test.cpp:90:8:90:14 | source1 |
+| test.cpp:100:13:100:18 | call to source | test.cpp:103:10:103:12 | ref |
+| test.cpp:138:27:138:32 | call to source | test.cpp:140:8:140:8 | y |
+| test.cpp:151:33:151:38 | call to source | test.cpp:144:8:144:8 | s |
+| test.cpp:151:33:151:38 | call to source | test.cpp:152:8:152:8 | y |
+| test.cpp:164:34:164:39 | call to source | test.cpp:157:8:157:8 | x |
+| test.cpp:164:34:164:39 | call to source | test.cpp:165:8:165:8 | y |
+| test.cpp:171:11:171:16 | call to source | test.cpp:178:8:178:8 | y |
+| test.cpp:245:14:245:19 | call to source | test.cpp:260:12:260:12 | x |
+| test.cpp:265:22:265:27 | call to source | test.cpp:266:12:266:12 | x |
+| test.cpp:305:17:305:22 | call to source | test.cpp:289:14:289:14 | x |
+| test.cpp:314:4:314:9 | call to source | test.cpp:318:7:318:7 | x |
+| test.cpp:333:17:333:22 | call to source | test.cpp:337:10:337:18 | globalVar |
+| test.cpp:333:17:333:22 | call to source | test.cpp:339:10:339:18 | globalVar |
+| test.cpp:333:17:333:22 | call to source | test.cpp:343:10:343:18 | globalVar |
+| test.cpp:333:17:333:22 | call to source | test.cpp:349:10:349:18 | globalVar |
+| test.cpp:347:17:347:22 | call to source | test.cpp:337:10:337:18 | globalVar |
+| test.cpp:347:17:347:22 | call to source | test.cpp:339:10:339:18 | globalVar |
+| test.cpp:347:17:347:22 | call to source | test.cpp:343:10:343:18 | globalVar |
+| test.cpp:347:17:347:22 | call to source | test.cpp:349:10:349:18 | globalVar |
+| test.cpp:359:13:359:18 | call to source | test.cpp:365:10:365:14 | field |
+| test.cpp:373:13:373:18 | call to source | test.cpp:369:10:369:14 | field |
+| test.cpp:373:13:373:18 | call to source | test.cpp:375:10:375:14 | field |
+| test.cpp:382:48:382:54 | source1 | test.cpp:385:8:385:10 | tmp |
+| test.cpp:388:53:388:59 | source1 | test.cpp:392:8:392:10 | tmp |
+| test.cpp:388:53:388:59 | source1 | test.cpp:394:10:394:12 | tmp |
+| test.cpp:399:7:399:9 | definition of tmp | test.cpp:401:8:401:10 | tmp |
+| test.cpp:405:7:405:9 | definition of tmp | test.cpp:408:8:408:10 | tmp |
+| test.cpp:416:7:416:11 | definition of local | test.cpp:418:8:418:12 | local |
+| test.cpp:417:16:417:20 | intRefSource output argument | test.cpp:418:8:418:12 | local |
+| test.cpp:422:7:422:11 | definition of local | test.cpp:424:8:424:12 | local |
+| test.cpp:423:20:423:25 | intPointerSource output argument | test.cpp:424:8:424:12 | local |
+| test.cpp:433:7:433:11 | definition of local | test.cpp:435:8:435:12 | local |
+| test.cpp:434:20:434:24 | intPointerSource output argument | test.cpp:436:8:436:13 | * ... |
+| test.cpp:440:7:440:11 | definition of local | test.cpp:442:8:442:12 | local |
+| test.cpp:441:18:441:23 | intArraySource output argument | test.cpp:442:8:442:12 | local |
+| test.cpp:448:7:448:11 | definition of local | test.cpp:450:8:450:12 | local |
+| test.cpp:449:18:449:22 | intArraySource output argument | test.cpp:451:8:451:13 | * ... |
+| test.cpp:456:26:456:32 | source1 | test.cpp:457:9:457:22 | (statement expression) |
+| test.cpp:456:26:456:32 | source1 | test.cpp:468:8:468:12 | local |
+| test.cpp:472:8:472:13 | call to source | test.cpp:478:8:478:8 | x |
+| test.cpp:506:8:506:13 | call to source | test.cpp:513:8:513:8 | x |
+| test.cpp:519:19:519:24 | call to source | test.cpp:521:8:521:20 | access to array |
+| test.cpp:531:29:531:34 | call to source | test.cpp:532:8:532:9 | * ... |
+| test.cpp:547:9:547:9 | definition of x | test.cpp:536:10:536:11 | * ... |
+| test.cpp:551:9:551:9 | definition of y | test.cpp:541:10:541:10 | y |
+| test.cpp:562:17:562:31 | call to indirect_source indirection | test.cpp:566:10:566:19 | * ... |
+| test.cpp:562:17:562:31 | call to indirect_source indirection | test.cpp:568:10:568:19 | * ... |
+| test.cpp:562:17:562:31 | call to indirect_source indirection | test.cpp:572:10:572:19 | * ... |
+| test.cpp:562:17:562:31 | call to indirect_source indirection | test.cpp:578:10:578:19 | * ... |
+| test.cpp:576:17:576:31 | call to indirect_source indirection | test.cpp:566:10:566:19 | * ... |
+| test.cpp:576:17:576:31 | call to indirect_source indirection | test.cpp:568:10:568:19 | * ... |
+| test.cpp:576:17:576:31 | call to indirect_source indirection | test.cpp:572:10:572:19 | * ... |
+| test.cpp:576:17:576:31 | call to indirect_source indirection | test.cpp:578:10:578:19 | * ... |
+| test.cpp:594:12:594:26 | call to indirect_source indirection | test.cpp:597:8:597:13 | * ... |
+| test.cpp:601:20:601:20 | intPointerSource output argument | test.cpp:603:8:603:9 | * ... |
+| test.cpp:607:20:607:20 | intPointerSource output argument | test.cpp:609:8:609:9 | * ... |
+| test.cpp:614:20:614:20 | intPointerSource output argument | test.cpp:616:8:616:17 | * ... |
+| test.cpp:628:20:628:25 | intPointerSource output argument | test.cpp:629:17:629:22 | buffer indirection |
+| test.cpp:633:18:633:23 | call to source | test.cpp:634:8:634:8 | x |
+| test.cpp:646:7:646:12 | call to source | test.cpp:645:8:645:8 | x |
+| test.cpp:660:7:660:12 | call to source | test.cpp:658:8:658:8 | x |
+| test.cpp:664:18:664:23 | call to source | test.cpp:666:8:666:16 | * ... |
+| test.cpp:681:7:681:12 | call to source | test.cpp:679:8:679:16 | * ... |
+| test.cpp:733:7:733:7 | definition of x | test.cpp:735:8:735:8 | x |
+| test.cpp:751:27:751:32 | call to source | test.cpp:740:10:740:10 | x |
+| test.cpp:753:32:753:37 | call to source | test.cpp:740:10:740:10 | x |
+| test.cpp:755:32:755:37 | call to source | test.cpp:740:10:740:10 | x |
+| test.cpp:771:27:771:32 | call to source | test.cpp:760:10:760:10 | x |
+| test.cpp:773:32:773:37 | call to source | test.cpp:760:10:760:10 | x |
+| test.cpp:775:32:775:37 | call to source | test.cpp:760:10:760:10 | x |
+| test.cpp:788:31:788:36 | call to source | test.cpp:782:12:782:12 | x |
+| test.cpp:790:31:790:36 | call to source | test.cpp:782:12:782:12 | x |
+| test.cpp:797:22:797:28 | intPointerSource output argument | test.cpp:798:19:798:25 | content indirection |
+| test.cpp:808:25:808:39 | call to indirect_source indirection | test.cpp:813:19:813:35 | * ... indirection |
+| test.cpp:818:26:818:31 | call to source | test.cpp:823:10:823:27 | * ... |
+| test.cpp:832:21:832:26 | call to source | test.cpp:836:10:836:22 | global_direct |
+| test.cpp:842:11:842:16 | call to source | test.cpp:844:8:844:8 | y |
+| test.cpp:846:13:846:27 | call to indirect_source indirection | test.cpp:848:17:848:25 | rpx indirection |
+| true_upon_entry.cpp:9:11:9:16 | call to source | true_upon_entry.cpp:13:8:13:8 | x |
+| true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
+| true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |
+| true_upon_entry.cpp:33:11:33:16 | call to source | true_upon_entry.cpp:39:8:39:8 | x |
+| true_upon_entry.cpp:43:11:43:16 | call to source | true_upon_entry.cpp:49:8:49:8 | x |
+| true_upon_entry.cpp:54:11:54:16 | call to source | true_upon_entry.cpp:57:8:57:8 | x |
+| true_upon_entry.cpp:62:11:62:16 | call to source | true_upon_entry.cpp:66:8:66:8 | x |
+| true_upon_entry.cpp:70:11:70:16 | call to source | true_upon_entry.cpp:78:8:78:8 | x |
+| true_upon_entry.cpp:83:11:83:16 | call to source | true_upon_entry.cpp:86:8:86:8 | x |
+| true_upon_entry.cpp:98:11:98:16 | call to source | true_upon_entry.cpp:105:8:105:8 | x |

cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.ql

@@ -0,0 +1,9 @@
+import TestBase
+
+query predicate astFlow(AstTest::DataFlow::Node source, AstTest::DataFlow::Node sink) {
+  AstTest::AstFlow::flow(source, sink)
+}
+
+query predicate irFlow(IRTest::DataFlow::Node source, IRTest::DataFlow::Node sink) {
+  IRTest::IRFlow::flow(source, sink)
+}

cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp

@@ -836,4 +836,14 @@ namespace MoreGlobalTests {
     sink(global_direct); // $ ir MISSING: ast
     indirect_sink(global_direct); // clean
   }
+}
+
+void test_references() {
+  int x = source();
+  int &y = x;
+  sink(y); // $ ast,ir
+
+  int* px = indirect_source();
+  int*& rpx = px;
+  indirect_sink((int*)rpx); // $ ast,ir
 }

cpp/ql/test/library-tests/dataflow/dataflow-tests/test.expected

@@ -1,9 +1,2 @@
-WARNING: Module DataFlow has been deprecated and may be removed in future (test.ql:19,45-53)
-WARNING: Module DataFlow has been deprecated and may be removed in future (test.ql:20,24-32)
-WARNING: Module DataFlow has been deprecated and may be removed in future (test.ql:27,15-23)
-WARNING: Module DataFlow has been deprecated and may be removed in future (test.ql:33,22-30)
-WARNING: Module DataFlow has been deprecated and may be removed in future (test.ql:40,25-33)
-WARNING: Module DataFlow has been deprecated and may be removed in future (test.ql:42,17-25)
-WARNING: Module DataFlow has been deprecated and may be removed in future (test.ql:46,20-28)
 testFailures
 failures

cpp/ql/test/library-tests/dataflow/dataflow-tests/test.ql

@@ -1,107 +1,3 @@
+import TestBase
 import TestUtilities.dataflow.FlowTestCommon
-
-module AstTest {
-  private import semmle.code.cpp.dataflow.DataFlow
-  private import semmle.code.cpp.controlflow.Guards
-
-  /**
-   * A `BarrierGuard` that stops flow to all occurrences of `x` within statement
-   * S in `if (guarded(x)) S`.
-   */
-  // This is tested in `BarrierGuard.cpp`.
-  predicate testBarrierGuard(GuardCondition g, Expr checked, boolean isTrue) {
-    g.(FunctionCall).getTarget().getName() = "guarded" and
-    checked = g.(FunctionCall).getArgument(0) and
-    isTrue = true
-  }
-
-  /** Common data flow configuration to be used by tests. */
-  module AstTestAllocationConfig implements DataFlow::ConfigSig {
-    predicate isSource(DataFlow::Node source) {
-      source.asExpr().(FunctionCall).getTarget().getName() = "source"
-      or
-      source.asParameter().getName().matches("source%")
-      or
-      source.asExpr().(FunctionCall).getTarget().getName() = "indirect_source"
-      or
-      source.(DataFlow::DefinitionByReferenceNode).getParameter().getName().matches("ref_source%")
-      or
-      // Track uninitialized variables
-      exists(source.asUninitialized())
-    }
-
-    predicate isSink(DataFlow::Node sink) {
-      exists(FunctionCall call |
-        call.getTarget().getName() = ["sink", "indirect_sink"] and
-        sink.asExpr() = call.getAnArgument()
-      )
-    }
-
-    predicate isBarrier(DataFlow::Node barrier) {
-      barrier.asExpr().(VariableAccess).getTarget().hasName("barrier") or
-      barrier = DataFlow::BarrierGuard<testBarrierGuard/3>::getABarrierNode()
-    }
-  }
-
-  module AstFlow = DataFlow::Global<AstTestAllocationConfig>;
-}
-
-module IRTest {
-  private import cpp
-  private import semmle.code.cpp.ir.dataflow.DataFlow
-  private import semmle.code.cpp.ir.IR
-  private import semmle.code.cpp.controlflow.IRGuards
-
-  /**
-   * A `BarrierGuard` that stops flow to all occurrences of `x` within statement
-   * S in `if (guarded(x)) S`.
-   */
-  // This is tested in `BarrierGuard.cpp`.
-  predicate testBarrierGuard(IRGuardCondition g, Expr checked, boolean isTrue) {
-    exists(Call call |
-      call = g.getUnconvertedResultExpression() and
-      call.getTarget().hasName("guarded") and
-      checked = call.getArgument(0) and
-      isTrue = true
-    )
-  }
-
-  /** Common data flow configuration to be used by tests. */
-  module IRTestAllocationConfig implements DataFlow::ConfigSig {
-    predicate isSource(DataFlow::Node source) {
-      source.asExpr().(FunctionCall).getTarget().getName() = "source"
-      or
-      source.asIndirectExpr(1).(FunctionCall).getTarget().getName() = "indirect_source"
-      or
-      source.asParameter().getName().matches("source%")
-      or
-      source.(DataFlow::DefinitionByReferenceNode).getParameter().getName().matches("ref_source%")
-      or
-      exists(source.asUninitialized())
-    }
-
-    predicate isSink(DataFlow::Node sink) {
-      exists(FunctionCall call, Expr e | e = call.getAnArgument() |
-        call.getTarget().getName() = "sink" and
-        sink.asExpr() = e
-        or
-        call.getTarget().getName() = "indirect_sink" and
-        sink.asIndirectExpr() = e
-      )
-    }
-
-    predicate isBarrier(DataFlow::Node barrier) {
-      exists(Expr barrierExpr | barrierExpr in [barrier.asExpr(), barrier.asIndirectExpr()] |
-        barrierExpr.(VariableAccess).getTarget().hasName("barrier")
-      )
-      or
-      barrier = DataFlow::BarrierGuard<testBarrierGuard/3>::getABarrierNode()
-      or
-      barrier = DataFlow::BarrierGuard<testBarrierGuard/3>::getAnIndirectBarrierNode()
-    }
-  }
-
-  module IRFlow = DataFlow::Global<IRTestAllocationConfig>;
-}
-
 import MakeTest<MergeTests<AstFlowTest<AstTest::AstFlow>, IRFlowTest<IRTest::IRFlow>>>

cpp/ql/test/query-tests/Security/CWE/CWE-114/semmle/UncontrolledProcessOperation/UncontrolledProcessOperation.expected

@@ -5,7 +5,6 @@ edges
 | test.cpp:43:18:43:34 | call to getenv indirection | test.cpp:29:30:29:36 | command indirection |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:62:10:62:15 | buffer indirection |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:63:10:63:13 | data indirection |
-| test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | (reference dereference) indirection |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | dataref indirection |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:65:10:65:14 | data2 indirection |
 | test.cpp:76:12:76:17 | fgets output argument | test.cpp:78:10:78:15 | buffer indirection |
@@ -22,7 +21,6 @@ nodes
 | test.cpp:56:12:56:17 | fgets output argument | semmle.label | fgets output argument |
 | test.cpp:62:10:62:15 | buffer indirection | semmle.label | buffer indirection |
 | test.cpp:63:10:63:13 | data indirection | semmle.label | data indirection |
-| test.cpp:64:10:64:16 | (reference dereference) indirection | semmle.label | (reference dereference) indirection |
 | test.cpp:64:10:64:16 | dataref indirection | semmle.label | dataref indirection |
 | test.cpp:65:10:65:14 | data2 indirection | semmle.label | data2 indirection |
 | test.cpp:76:12:76:17 | fgets output argument | semmle.label | fgets output argument |
@@ -39,7 +37,6 @@ subpaths
 | test.cpp:31:10:31:16 | command indirection | test.cpp:43:18:43:34 | call to getenv indirection | test.cpp:31:10:31:16 | command indirection | The value of this argument may come from $@ and is being passed to system. | test.cpp:43:18:43:34 | call to getenv indirection | an environment variable |
 | test.cpp:62:10:62:15 | buffer indirection | test.cpp:56:12:56:17 | fgets output argument | test.cpp:62:10:62:15 | buffer indirection | The value of this argument may come from $@ and is being passed to system. | test.cpp:56:12:56:17 | fgets output argument | string read by fgets |
 | test.cpp:63:10:63:13 | data indirection | test.cpp:56:12:56:17 | fgets output argument | test.cpp:63:10:63:13 | data indirection | The value of this argument may come from $@ and is being passed to system. | test.cpp:56:12:56:17 | fgets output argument | string read by fgets |
-| test.cpp:64:10:64:16 | (reference dereference) indirection | test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | (reference dereference) indirection | The value of this argument may come from $@ and is being passed to system. | test.cpp:56:12:56:17 | fgets output argument | string read by fgets |
 | test.cpp:64:10:64:16 | dataref indirection | test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | dataref indirection | The value of this argument may come from $@ and is being passed to system. | test.cpp:56:12:56:17 | fgets output argument | string read by fgets |
 | test.cpp:65:10:65:14 | data2 indirection | test.cpp:56:12:56:17 | fgets output argument | test.cpp:65:10:65:14 | data2 indirection | The value of this argument may come from $@ and is being passed to system. | test.cpp:56:12:56:17 | fgets output argument | string read by fgets |
 | test.cpp:78:10:78:15 | buffer indirection | test.cpp:76:12:76:17 | fgets output argument | test.cpp:78:10:78:15 | buffer indirection | The value of this argument may come from $@ and is being passed to system. | test.cpp:76:12:76:17 | fgets output argument | string read by fgets |

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Assets.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using System.Linq;
 using Newtonsoft.Json.Linq;
@@ -143,14 +144,31 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             }
         }
 
+        private static bool TryReadAllText(string path, ProgressMonitor progressMonitor, [NotNullWhen(returnValue: true)] out string? content)
+        {
+            try
+            {
+                content = File.ReadAllText(path);
+                return true;
+            }
+            catch (Exception e)
+            {
+                progressMonitor.LogInfo($"Failed to read assets file '{path}': {e.Message}");
+                content = null;
+                return false;
+            }
+        }
+
         public static DependencyContainer GetCompilationDependencies(ProgressMonitor progressMonitor, IEnumerable<string> assets)
         {
             var parser = new Assets(progressMonitor);
             var dependencies = new DependencyContainer();
             assets.ForEach(asset =>
             {
-                var json = File.ReadAllText(asset);
+                if (TryReadAllText(asset, progressMonitor, out var json))
-                parser.TryParse(json, dependencies);
+                {
+                    parser.TryParse(json, dependencies);
+                }
             });
             return dependencies;
         }

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs

@@ -128,7 +128,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         [GeneratedRegex("Restored\\s+(.+\\.csproj)", RegexOptions.Compiled)]
         private static partial Regex RestoredProjectRegex();
 
-        [GeneratedRegex("[Assets\\sfile\\shas\\snot\\schanged.\\sSkipping\\sassets\\sfile\\swriting.|Writing\\sassets\\sfile\\sto\\sdisk.]\\sPath:\\s(.*)", RegexOptions.Compiled)]
+        [GeneratedRegex("[Assets\\sfile\\shas\\snot\\schanged.\\sSkipping\\sassets\\sfile\\swriting.|Writing\\sassets\\sfile\\sto\\sdisk.]\\sPath:\\s(.+)", RegexOptions.Compiled)]
         private static partial Regex AssetsFileRegex();
     }
 }

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.3
+
+No user-facing changes.
+
 ## 1.7.2
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.3.md

@@ -0,0 +1,3 @@
+## 1.7.3
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.2
+lastReleaseVersion: 1.7.3

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.3-dev
+version: 1.7.4-dev
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.3
+
+No user-facing changes.
+
 ## 1.7.2
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.3.md

@@ -0,0 +1,3 @@
+## 1.7.3
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.2
+lastReleaseVersion: 1.7.3

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.3-dev
+version: 1.7.4-dev
 groups:
   - csharp
   - solorigate

csharp/ql/integration-tests/all-platforms/dotnet_pack/test.py

@@ -2,10 +2,10 @@ import os
 from create_database_utils import *
 from diagnostics_test_utils import *
 
-run_codeql_database_create(['dotnet pack'], db=None, lang="csharp")
+run_codeql_database_create(['dotnet pack -o nugetpackage'], db=None, lang="csharp")
 
 ## Check that the NuGet package is created.
-if not os.path.isfile("bin/Debug/dotnet_pack.1.0.0.nupkg"):
+if not os.path.isfile("nugetpackage/dotnet_pack.1.0.0.nupkg"):
     raise Exception("The NuGet package was not created.")
 
 check_diagnostics()

csharp/ql/integration-tests/posix-only/dotnet_test_mstest/dotnet_test_mstest.csproj

@@ -7,6 +7,7 @@
 
     <IsPackable>false</IsPackable>
     <OutputType>Exe</OutputType>
+    <SelfContained>false</SelfContained>
   </PropertyGroup>
 
   <ItemGroup>

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,49 @@
+## 0.8.3
+
+### Minor Analysis Improvements
+
+* The predicate `UnboundGeneric::getName` now prints the number of type parameters as a `` `N`` suffix, instead of a `<,...,>` suffix. For example, the unbound generic type
+`System.Collections.Generic.IList<T>` is printed as ``IList`1`` instead of `IList<>`.
+* The predicates `hasQualifiedName`, `getQualifiedName`, and `getQualifiedNameWithTypes` have been deprecated, and are instead replaced by `hasFullyQualifiedName`, `getFullyQualifiedName`, and `getFullyQualifiedNameWithTypes`, respectively. The new predicates use the same format for unbound generic types as mentioned above.
+* These changes also affect models-as-data rows that refer to a field or a property belonging to a generic type. For example, instead of writing
+```yml
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: summaryModel
+      data:
+        - ["System.Collections.Generic", "Dictionary<TKey,TValue>", False, "Add", "(System.Collections.Generic.KeyValuePair<TKey,TValue>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
+```
+one now writes
+```yml
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: summaryModel
+      data:
+        - ["System.Collections.Generic", "Dictionary<TKey,TValue>", False, "Add", "(System.Collections.Generic.KeyValuePair<TKey,TValue>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
+```
+* The models-as-data format for types and methods with type parameters has been changed to include the names of the type parameters. For example, instead of writing
+```yml
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: summaryModel
+      data:
+        - ["System.Collections.Generic", "IList<>", True, "Insert", "(System.Int32,T)", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
+        - ["System.Linq", "Enumerable", False, "Select<,>", "(System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,System.Int32,TResult>)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "manual"]
+```
+one now writes
+```yml
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: summaryModel
+      data:
+        - ["System.Collections.Generic", "IList<T>", True, "Insert", "(System.Int32,T)", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
+        - ["System.Linq", "Enumerable", False, "Select<TSource,TResult>", "(System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,System.Int32,TResult>)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "manual"]
+```
+
 ## 0.8.2
 
 No user-facing changes.

csharp/ql/lib/change-notes/2023-11-09-mad-generics.md

@@ -1,24 +0,0 @@
----
-category: minorAnalysis
----
-
-* The models-as-data format for types and methods with type parameters has been changed to include the names of the type parameters. For example, instead of writing
-```yml
-extensions:
-  - addsTo:
-      pack: codeql/csharp-all
-      extensible: summaryModel
-      data:
-        - ["System.Collections.Generic", "IList<>", True, "Insert", "(System.Int32,T)", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
-        - ["System.Linq", "Enumerable", False, "Select<,>", "(System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,System.Int32,TResult>)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "manual"]
-```
-one now writes
-```yml
-extensions:
-  - addsTo:
-      pack: codeql/csharp-all
-      extensible: summaryModel
-      data:
-        - ["System.Collections.Generic", "IList<T>", True, "Insert", "(System.Int32,T)", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
-        - ["System.Linq", "Enumerable", False, "Select<TSource,TResult>", "(System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,System.Int32,TResult>)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "manual"]
-```

csharp/ql/lib/change-notes/released/0.8.3.md

@@ -1,6 +1,6 @@
----
+## 0.8.3
-category: minorAnalysis
+
----
+### Minor Analysis Improvements
 
 * The predicate `UnboundGeneric::getName` now prints the number of type parameters as a `` `N`` suffix, instead of a `<,...,>` suffix. For example, the unbound generic type
 `System.Collections.Generic.IList<T>` is printed as ``IList`1`` instead of `IList<>`.
@@ -23,3 +23,23 @@ extensions:
       data:
         - ["System.Collections.Generic", "Dictionary<TKey,TValue>", False, "Add", "(System.Collections.Generic.KeyValuePair<TKey,TValue>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
 ```
+* The models-as-data format for types and methods with type parameters has been changed to include the names of the type parameters. For example, instead of writing
+```yml
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: summaryModel
+      data:
+        - ["System.Collections.Generic", "IList<>", True, "Insert", "(System.Int32,T)", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
+        - ["System.Linq", "Enumerable", False, "Select<,>", "(System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,System.Int32,TResult>)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "manual"]
+```
+one now writes
+```yml
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: summaryModel
+      data:
+        - ["System.Collections.Generic", "IList<T>", True, "Insert", "(System.Int32,T)", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
+        - ["System.Linq", "Enumerable", False, "Select<TSource,TResult>", "(System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,System.Int32,TResult>)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "manual"]
+```

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.2
+lastReleaseVersion: 0.8.3

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.3-dev
+version: 0.8.4-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.8.3
+
+### Minor Analysis Improvements
+
+* CIL extraction is now disabled by default. It is still possible to turn on CIL extraction by setting the `cil` extractor option to `true` or by setting the environment variable `$CODEQL_EXTRACTOR_CSHARP_OPTION_CIL` to `true`. This is the first step towards sun-setting the CIL extractor entirely.
+
 ## 0.8.2
 
 No user-facing changes.

csharp/ql/src/Security Features/InsecureRandomness.qhelp

@@ -29,11 +29,6 @@ number generator. <code>Random</code> is not cryptographically secure, and shoul
 security contexts. For contexts which are not security sensitive, <code>Random</code> may be
 preferable as it has a more convenient interface, and is likely to be faster.
 </p>
-<p>
-For the specific use-case of generating passwords, consider
-<code>System.Web.Security.Membership.GeneratePassword</code>, which provides a cryptographically
-secure method of generating random passwords.
-</p>
 
 </recommendation>
 
@@ -54,10 +49,7 @@ purpose. In this case, it is much harder to predict the generated integers.
 </p>
 <p>
 In the final example, the password is generated using the <code>Membership.GeneratePassword</code>
-library method, which uses a cryptographically secure random number generator to generate a random
+library method, which generates a password with a bias, therefore should be avoided.
-series of characters. This method should be preferred when generating passwords, if possible, as it
-avoids potential pitfalls when converting the output of a random number generator (usually an int or
-a byte) to a series of permitted characters.
 </p>
 <sample src="InsecureRandomness.cs" />
 

csharp/ql/src/change-notes/released/0.8.3.md

@@ -1,4 +1,5 @@
----
+## 0.8.3
-category: minorAnalysis
+
----
+### Minor Analysis Improvements
-* CIL extraction is now disabled by default. It is still possible to turn on CIL extraction by setting the `cil` extractor option to `true` or by setting the environment variable `$CODEQL_EXTRACTOR_CSHARP_OPTION_CIL` to `true`. This is the first step towards sun-setting the CIL extractor entirely.
+
+* CIL extraction is now disabled by default. It is still possible to turn on CIL extraction by setting the `cil` extractor option to `true` or by setting the environment variable `$CODEQL_EXTRACTOR_CSHARP_OPTION_CIL` to `true`. This is the first step towards sun-setting the CIL extractor entirely.

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.2
+lastReleaseVersion: 0.8.3

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.3-dev
+version: 0.8.4-dev
 groups:
   - csharp
   - queries

docs/codeql/codeql-for-visual-studio-code/using-the-codeql-model-editor.rst

@@ -119,8 +119,8 @@ Testing CodeQL model packs
 
 You can test any CodeQL model packs you create in VS Code by toggling the "use model packs" setting on and off. This method works for both databases and for variant analysis repositories.
 
-- To run queries on a CodeQL database with any model packs that are stored within the ``.github/codeql/extensions`` directory of the workspace, update your ``settings.json`` file with: ``"codeQL.runningQueries.useModelPacks": all,``
+- To run queries on a CodeQL database with any model packs that are stored within the ``.github/codeql/extensions`` directory of the workspace, update your ``settings.json`` file with: ``"codeQL.runningQueries.useExtensionPacks": "all",``
-- To run queries on a CodeQL database without using model packs, update your ``settings.json`` file with: ``"codeQL.runningQueries.useModelPacks": none,``
+- To run queries on a CodeQL database without using model packs, update your ``settings.json`` file with: ``"codeQL.runningQueries.useExtensionPacks": "none",``
 
 If your model is working well, you should see a difference in the results of the two different runs. If you don't see any differences in results, you may need to introduce a known bug to verify that the model behaves as expected.
 

go/ql/consistency-queries/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.0.2
+
+No user-facing changes.
+
 ## 0.0.1
 
 No user-facing changes.

go/ql/consistency-queries/change-notes/released/0.0.2.md

@@ -0,0 +1,3 @@
+## 0.0.2
+
+No user-facing changes.

go/ql/consistency-queries/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.1
+lastReleaseVersion: 0.0.2

go/ql/consistency-queries/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 0.0.2-dev
+version: 0.0.3-dev
 groups:
   - go
   - queries

go/ql/lib/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 0.7.3
+
+### Minor Analysis Improvements
+
+* Added the [gin cors](https://github.com/gin-contrib/cors) library to the CorsMisconfiguration.ql query
+
+### Bug Fixes
+
+* A bug has been fixed that meant that value flow through an array was not tracked correctly in some circumstances. Taint flow was tracked correctly.
+
 ## 0.7.2
 
 ### Minor Analysis Improvements

go/ql/lib/change-notes/2023-10-31-add-gin-cors-framework.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added the [gin cors](https://github.com/gin-contrib/cors) library to the CorsMisconfiguration.ql query

go/ql/lib/change-notes/2023-11-15-bug-fix-value-flow-in-array.md

@@ -1,4 +0,0 @@
----
-category: fix
----
-* A bug has been fixed that meant that value flow through an array was not tracked correctly in some circumstances. Taint flow was tracked correctly.

go/ql/lib/change-notes/released/0.7.3.md

@@ -0,0 +1,9 @@
+## 0.7.3
+
+### Minor Analysis Improvements
+
+* Added the [gin cors](https://github.com/gin-contrib/cors) library to the CorsMisconfiguration.ql query
+
+### Bug Fixes
+
+* A bug has been fixed that meant that value flow through an array was not tracked correctly in some circumstances. Taint flow was tracked correctly.

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.2
+lastReleaseVersion: 0.7.3

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.3-dev
+version: 0.7.4-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.7.3
+
+No user-facing changes.
+
 ## 0.7.2
 
 ### Minor Analysis Improvements

go/ql/src/change-notes/released/0.7.3.md

@@ -0,0 +1,3 @@
+## 0.7.3
+
+No user-facing changes.

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.2
+lastReleaseVersion: 0.7.3

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.3-dev
+version: 0.7.4-dev
 groups:
   - go
   - queries

java/kotlin-extractor/build.py

@@ -87,7 +87,7 @@ def write_arg_file(arg_file, args):
                 raise Exception('Single quote in argument: ' + arg)
             f.write("'" + arg.replace('\\', '/') + "'\n")
 
-def compile_to_dir(build_dir, srcs, language_version, classpath, java_classpath, output):
+def compile_to_dir(build_dir, srcs, version, classpath, java_classpath, output):
     # Use kotlinc to compile .kt files:
     kotlin_arg_file = build_dir + '/kotlin.args'
     kotlin_args = ['-Werror',
@@ -96,7 +96,7 @@ def compile_to_dir(build_dir, srcs, language_version, classpath, java_classpath,
                    '-d', output,
                    '-module-name', 'codeql-kotlin-extractor',
                    '-Xsuppress-version-warnings',
-                   '-language-version', language_version,
+                   '-language-version', version.toLanguageVersionString(),
                    '-no-reflect', '-no-stdlib',
                    '-jvm-target', '1.8',
                    '-classpath', classpath] + srcs
@@ -116,14 +116,14 @@ def compile_to_dir(build_dir, srcs, language_version, classpath, java_classpath,
     run_process([javac, '@' + java_arg_file])
 
 
-def compile_to_jar(build_dir, tmp_src_dir, srcs, language_version, classpath, java_classpath, output):
+def compile_to_jar(build_dir, tmp_src_dir, srcs, version, classpath, java_classpath, output):
     class_dir = build_dir + '/classes'
 
     if os.path.exists(class_dir):
         shutil.rmtree(class_dir)
     os.makedirs(class_dir)
 
-    compile_to_dir(build_dir, srcs, language_version, classpath, java_classpath, class_dir)
+    compile_to_dir(build_dir, srcs, version, classpath, java_classpath, class_dir)
 
     run_process(['jar', 'cf', output,
                  '-C', class_dir, '.',
@@ -161,7 +161,7 @@ def transform_to_embeddable(srcs):
             f.write(content)
 
 
-def compile(jars, java_jars, dependency_folder, transform_to_embeddable, output, build_dir, current_version):
+def compile(jars, java_jars, dependency_folder, transform_to_embeddable, output, build_dir, version_str):
     classpath = bases_to_classpath(dependency_folder, jars)
     java_classpath = bases_to_classpath(dependency_folder, java_jars)
 
@@ -179,23 +179,16 @@ def compile(jars, java_jars, dependency_folder, transform_to_embeddable, output,
     with open(resource_dir + '/extractor.name', 'w') as f:
         f.write(output)
 
-    parsed_current_version = kotlin_plugin_versions.version_string_to_tuple(
+    version = kotlin_plugin_versions.version_string_to_version(version_str)
-        current_version)
 
-    for version in kotlin_plugin_versions.many_versions:
+    for a_version in kotlin_plugin_versions.many_versions_versions_asc:
-        parsed_version = kotlin_plugin_versions.version_string_to_tuple(
+        if a_version.lessThanOrEqual(version):
-            version)
-        if parsed_version[0] < parsed_current_version[0] or \
-            (parsed_version[0] == parsed_current_version[0] and parsed_version[1] < parsed_current_version[1]) or \
-                (parsed_version[0] == parsed_current_version[0] and parsed_version[1] == parsed_current_version[1] and parsed_version[2] <= parsed_current_version[2]):
             d = tmp_src_dir + '/main/kotlin/utils/versions/v_' + \
-                version.replace('.', '_')
+                a_version.toString().replace('.', '_')
             if os.path.exists(d):
                 # copy and overwrite files from the version folder to the include folder
                 shutil.copytree(d, include_version_folder, dirs_exist_ok=True)
 
-    language_version = str(parsed_current_version[0]) + '.' + str(parsed_current_version[1])
-
     # remove all version folders:
     shutil.rmtree(tmp_src_dir + '/main/kotlin/utils/versions')
 
@@ -203,7 +196,7 @@ def compile(jars, java_jars, dependency_folder, transform_to_embeddable, output,
 
     transform_to_embeddable(srcs)
 
-    compile_to_jar(build_dir, tmp_src_dir, srcs, language_version, classpath, java_classpath, output)
+    compile_to_jar(build_dir, tmp_src_dir, srcs, version, classpath, java_classpath, output)
 
     shutil.rmtree(tmp_src_dir)
 

java/kotlin-extractor/kotlin_plugin_versions.py

@@ -14,19 +14,40 @@ def is_windows():
         return True
     return False
 
-def version_tuple_to_string(version):
+class Version:
-    return f'{version[0]}.{version[1]}.{version[2]}{version[3]}'
+    def __init__(self, major, minor, patch, tag):
+        self.major = major
+        self.minor = minor
+        self.patch = patch
+        self.tag = tag
 
-def version_string_to_tuple(version):
+    def toTupleWithTag(self):
+        return [self.major, self.minor, self.patch, self.tag]
+
+    def toTupleNoTag(self):
+        return [self.major, self.minor, self.patch]
+
+    def lessThanOrEqual(self, other):
+        return self.toTupleNoTag() <= other.toTupleNoTag()
+
+    def toString(self):
+        return f'{self.major}.{self.minor}.{self.patch}{self.tag}'
+
+    def toLanguageVersionString(self):
+        return f'{self.major}.{self.minor}'
+
+def version_string_to_version(version):
     m = re.match(r'([0-9]+)\.([0-9]+)\.([0-9]+)(.*)', version)
-    return tuple([int(m.group(i)) for i in range(1, 4)] + [m.group(4)])
+    return Version(int(m.group(1)), int(m.group(2)), int(m.group(3)), m.group(4))
 
 # Version number used by CI.
 ci_version = '1.9.0'
 
 many_versions = [ '1.5.0', '1.5.10', '1.5.20', '1.5.30', '1.6.0', '1.6.20', '1.7.0', '1.7.20', '1.8.0', '1.9.0-Beta', '1.9.20-Beta' ]
 
-many_versions_tuples = [version_string_to_tuple(v) for v in many_versions]
+many_versions_versions = [version_string_to_version(v) for v in many_versions]
+many_versions_versions_asc  = sorted(many_versions_versions, key = lambda v: v.toTupleWithTag())
+many_versions_versions_desc = reversed(many_versions_versions_asc)
 
 class KotlincNotFoundException(Exception):
     pass
@@ -40,13 +61,11 @@ def get_single_version(fakeVersionOutput = None):
     m = re.match(r'.* kotlinc-jvm ([0-9]+\.[0-9]+\.[0-9]+-?[a-zA-Z]*) .*', versionOutput)
     if m is None:
         raise Exception('Cannot detect version of kotlinc (got ' + str(versionOutput) + ')')
-    current_version = version_string_to_tuple(m.group(1))
+    current_version = version_string_to_version(m.group(1))
 
-    many_versions_tuples.sort(reverse = True)
+    for version in many_versions_versions_desc:
-
+        if version.lessThanOrEqual(current_version):
-    for version in many_versions_tuples:
+            return version.toString()
-        if version[0:3] <= current_version[0:3]:
-            return version_tuple_to_string(version)
 
     raise Exception(f'No suitable kotlinc version found for {current_version} (got {versionOutput}; know about {str(many_versions)})')
 

java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt

@@ -2457,8 +2457,12 @@ open class KotlinFileExtractor(
 
         val fn = getFunctionsByFqName(pluginContext, functionPkg, functionName)
             .firstOrNull { fnSymbol ->
-                fnSymbol.owner.parentClassOrNull?.fqNameWhenAvailable?.asString() == type &&
+                val owner = fnSymbol.owner
-                fnSymbol.owner.valueParameters.map { it.type.classFqName?.asString() }.toTypedArray() contentEquals parameterTypes
+                (owner.parentClassOrNull?.fqNameWhenAvailable?.asString() == type
+                 ||
+                 (owner.parent is IrExternalPackageFragment && getFileClassFqName(owner)?.asString() == type))
+                &&
+                owner.valueParameters.map { it.type.classFqName?.asString() }.toTypedArray() contentEquals parameterTypes
             }?.owner
 
         if (fn != null) {

java/ql/automodel/src/AutomodelAlertSinkUtil.qll

@@ -90,7 +90,7 @@ class PotentialSinkModelExpr extends Expr {
     string package, string type, boolean subtypes, string name, string signature, string input
   ) {
     exists(Call call, Callable callable, int argIdx |
-      call.getCallee() = callable and
+      call.getCallee().getSourceDeclaration() = callable and
       (
         this = call.getArgument(argIdx)
         or

java/ql/automodel/src/AutomodelApplicationModeCharacteristics.qll

@@ -100,7 +100,7 @@ class ExplicitArgument extends ApplicationModeEndpoint, TExplicitArgument {
 
   ExplicitArgument() { this = TExplicitArgument(call, arg) }
 
-  override Callable getCallable() { result = call.getCallee() }
+  override Callable getCallable() { result = call.getCallee().getSourceDeclaration() }
 
   override Call getCall() { result = call }
 
@@ -123,7 +123,7 @@ class InstanceArgument extends ApplicationModeEndpoint, TInstanceArgument {
 
   InstanceArgument() { this = TInstanceArgument(call, arg) }
 
-  override Callable getCallable() { result = call.getCallee() }
+  override Callable getCallable() { result = call.getCallee().getSourceDeclaration() }
 
   override Call getCall() { result = call }
 
@@ -154,7 +154,7 @@ class ImplicitVarargsArray extends ApplicationModeEndpoint, TImplicitVarargsArra
 
   ImplicitVarargsArray() { this = TImplicitVarargsArray(call, vararg, idx) }
 
-  override Callable getCallable() { result = call.getCallee() }
+  override Callable getCallable() { result = call.getCallee().getSourceDeclaration() }
 
   override Call getCall() { result = call }
 
@@ -178,7 +178,7 @@ class MethodReturnValue extends ApplicationModeEndpoint, TMethodReturnValue {
 
   MethodReturnValue() { this = TMethodReturnValue(call) }
 
-  override Callable getCallable() { result = call.getCallee() }
+  override Callable getCallable() { result = call.getCallee().getSourceDeclaration() }
 
   override Call getCall() { result = call }
 
@@ -208,7 +208,7 @@ class OverriddenParameter extends ApplicationModeEndpoint, TOverriddenParameter
     // candidate model will be about the overridden method, not the overriding
     // method. This is a more general model, that also applies to other
     // subclasses of the overridden class.
-    result = overriddenMethod
+    result = overriddenMethod.getSourceDeclaration()
   }
 
   override Call getCall() { none() }
@@ -335,6 +335,9 @@ private module ApplicationModeGetCallable implements AutomodelSharedGetCallable:
 
   /**
    * Returns the API callable being modeled.
+   *
+   * We usually want to use `.getSourceDeclaration()` instead of just 'the' callable,
+   * because the source declaration callable has erased generic type parameters.
    */
   Callable getCallable(Endpoint e) { result = e.getCall().getCallee() }
 }

java/ql/automodel/src/CHANGELOG.md

@@ -1,7 +1,10 @@
-## 0.0.7
+## 0.0.8
 
 No user-facing changes.
 
+## 0.0.7
+
+Support for extracting source candidates.
 ## 0.0.6
 
 No user-facing changes.

java/ql/automodel/src/change-notes/released/0.0.8.md

@@ -0,0 +1,3 @@
+## 0.0.8
+
+No user-facing changes.

java/ql/automodel/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.7
+lastReleaseVersion: 0.0.8

java/ql/automodel/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.8-dev
+version: 0.0.9-dev
 groups:
     - java
     - automodel

java/ql/automodel/test/AutomodelApplicationModeExtraction/AutomodelApplicationModeExtractCandidates.expected

@@ -1,6 +1,6 @@
 | PluginImpl.java:5:27:5:37 | name | Related locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@, $@. | PluginImpl.java:5:27:5:37 | name | CallContext | hudson/Plugin.java:5:5:5:31 | /** Configure method doc */ | MethodDoc | hudson/Plugin.java:3:1:3:17 | /** Plugin doc */ | ClassDoc | file://hudson:1:1:1:1 | hudson | package | file://Plugin:1:1:1:1 | Plugin | type | file://true:1:1:1:1 | true | subtypes | file://configure:1:1:1:1 | configure | name | file://(String,String):1:1:1:1 | (String,String) | signature | file://:1:1:1:1 |  | input | file://Parameter[0]:1:1:1:1 | Parameter[0] | output | file://false:1:1:1:1 | false | isVarargsArray | file://:1:1:1:1 |  | alreadyAiModeled | file://sourceModel:1:1:1:1 | sourceModel | extensibleType |
 | PluginImpl.java:5:40:5:51 | value | Related locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@, $@. | PluginImpl.java:5:40:5:51 | value | CallContext | hudson/Plugin.java:5:5:5:31 | /** Configure method doc */ | MethodDoc | hudson/Plugin.java:3:1:3:17 | /** Plugin doc */ | ClassDoc | file://hudson:1:1:1:1 | hudson | package | file://Plugin:1:1:1:1 | Plugin | type | file://true:1:1:1:1 | true | subtypes | file://configure:1:1:1:1 | configure | name | file://(String,String):1:1:1:1 | (String,String) | signature | file://:1:1:1:1 |  | input | file://Parameter[1]:1:1:1:1 | Parameter[1] | output | file://false:1:1:1:1 | false | isVarargsArray | file://:1:1:1:1 |  | alreadyAiModeled | file://sourceModel:1:1:1:1 | sourceModel | extensibleType |
-| Test.java:19:3:19:11 | reference | Related locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:19:3:19:24 | set(...) | CallContext | Test.java:19:3:19:11 | reference | MethodDoc | Test.java:19:3:19:11 | reference | ClassDoc | file://java.util.concurrent.atomic:1:1:1:1 | java.util.concurrent.atomic | package | file://AtomicReference:1:1:1:1 | AtomicReference | type | file://false:1:1:1:1 | false | subtypes | file://set:1:1:1:1 | set | name | file://(String):1:1:1:1 | (String) | signature | file://Argument[this]:1:1:1:1 | Argument[this] | input | file://:1:1:1:1 |  | output | file://false:1:1:1:1 | false | isVarargsArray | file://:1:1:1:1 |  | alreadyAiModeled | file://sinkModel:1:1:1:1 | sinkModel | extensibleType |
+| Test.java:19:3:19:11 | reference | Related locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:19:3:19:24 | set(...) | CallContext | Test.java:19:3:19:11 | reference | MethodDoc | Test.java:19:3:19:11 | reference | ClassDoc | file://java.util.concurrent.atomic:1:1:1:1 | java.util.concurrent.atomic | package | file://AtomicReference:1:1:1:1 | AtomicReference | type | file://false:1:1:1:1 | false | subtypes | file://set:1:1:1:1 | set | name | file://(Object):1:1:1:1 | (Object) | signature | file://Argument[this]:1:1:1:1 | Argument[this] | input | file://:1:1:1:1 |  | output | file://false:1:1:1:1 | false | isVarargsArray | file://:1:1:1:1 |  | alreadyAiModeled | file://sinkModel:1:1:1:1 | sinkModel | extensibleType |
 | Test.java:24:3:24:10 | supplier | Related locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:24:3:24:16 | get(...) | CallContext | Test.java:24:3:24:10 | supplier | MethodDoc | Test.java:24:3:24:10 | supplier | ClassDoc | file://java.util.function:1:1:1:1 | java.util.function | package | file://Supplier:1:1:1:1 | Supplier | type | file://true:1:1:1:1 | true | subtypes | file://get:1:1:1:1 | get | name | file://():1:1:1:1 | () | signature | file://Argument[this]:1:1:1:1 | Argument[this] | input | file://:1:1:1:1 |  | output | file://false:1:1:1:1 | false | isVarargsArray | file://:1:1:1:1 |  | alreadyAiModeled | file://sinkModel:1:1:1:1 | sinkModel | extensibleType |
 | Test.java:24:3:24:16 | get(...) | Related locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:24:3:24:16 | get(...) | CallContext | Test.java:24:3:24:16 | get(...) | MethodDoc | Test.java:24:3:24:16 | get(...) | ClassDoc | file://java.util.function:1:1:1:1 | java.util.function | package | file://Supplier:1:1:1:1 | Supplier | type | file://true:1:1:1:1 | true | subtypes | file://get:1:1:1:1 | get | name | file://():1:1:1:1 | () | signature | file://:1:1:1:1 |  | input | file://ReturnValue:1:1:1:1 | ReturnValue | output | file://false:1:1:1:1 | false | isVarargsArray | file://:1:1:1:1 |  | alreadyAiModeled | file://sourceModel:1:1:1:1 | sourceModel | extensibleType |
 | Test.java:28:3:32:3 | copy(...) | Related locations: $@, $@, $@.\nmetadata: $@, $@, $@, $@, $@, $@, $@, $@, $@, $@. | Test.java:28:3:32:3 | copy(...) | CallContext | Test.java:28:3:32:3 | copy(...) | MethodDoc | Test.java:28:3:32:3 | copy(...) | ClassDoc | file://java.nio.file:1:1:1:1 | java.nio.file | package | file://Files:1:1:1:1 | Files | type | file://false:1:1:1:1 | false | subtypes | file://copy:1:1:1:1 | copy | name | file://(Path,Path,CopyOption[]):1:1:1:1 | (Path,Path,CopyOption[]) | signature | file://:1:1:1:1 |  | input | file://ReturnValue:1:1:1:1 | ReturnValue | output | file://false:1:1:1:1 | false | isVarargsArray | file://:1:1:1:1 |  | alreadyAiModeled | file://sourceModel:1:1:1:1 | sourceModel | extensibleType |

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 0.8.3
+
+### Deprecated APIs
+
+* In `SensitiveApi.qll`, `javaApiCallablePasswordParam`, `javaApiCallableUsernameParam`, `javaApiCallableCryptoKeyParam`, and `otherApiCallableCredentialParam` predicates have been deprecated. They have been replaced with a new class `CredentialsSinkNode` and its child classes `PasswordSink`, `UsernameSink`, and `CryptoKeySink`. The predicates have been changed to using the new classes, so there may be minor changes in results relying on these predicates.
+
+### Minor Analysis Improvements
+
+* The types `java.util.SequencedCollection`, `SequencedSet` and `SequencedMap`, as well as the related `Collections.unmodifiableSequenced*` methods are now modelled. This means alerts may be raised relating to data flow through these types and methods.
+
 ## 0.8.2
 
 ### Minor Analysis Improvements

java/ql/lib/change-notes/2023-11-06-jdk21-models.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* The types `java.util.SequencedCollection`, `SequencedSet` and `SequencedMap`, as well as the related `Collections.unmodifiableSequenced*` methods are now modelled. This means alerts may be raised relating to data flow through these types and methods.

java/ql/lib/change-notes/released/0.8.3.md

@@ -1,4 +1,9 @@
----
+## 0.8.3
-category: deprecated
+
----
+### Deprecated APIs
+
 * In `SensitiveApi.qll`, `javaApiCallablePasswordParam`, `javaApiCallableUsernameParam`, `javaApiCallableCryptoKeyParam`, and `otherApiCallableCredentialParam` predicates have been deprecated. They have been replaced with a new class `CredentialsSinkNode` and its child classes `PasswordSink`, `UsernameSink`, and `CryptoKeySink`. The predicates have been changed to using the new classes, so there may be minor changes in results relying on these predicates.
+
+### Minor Analysis Improvements
+
+* The types `java.util.SequencedCollection`, `SequencedSet` and `SequencedMap`, as well as the related `Collections.unmodifiableSequenced*` methods are now modelled. This means alerts may be raised relating to data flow through these types and methods.

java/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.2
+lastReleaseVersion: 0.8.3

java/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.8.3-dev
+version: 0.8.4-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

java/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.8.3
+
+### Minor Analysis Improvements
+
+* The query `java/unsafe-deserialization` has been improved to detect insecure calls to `ObjectMessage.getObject` in JMS.
+
 ## 0.8.2
 
 ### Minor Analysis Improvements

java/ql/src/change-notes/released/0.8.3.md

@@ -1,4 +1,5 @@
----
+## 0.8.3
-category: minorAnalysis
+
----
+### Minor Analysis Improvements
+
 * The query `java/unsafe-deserialization` has been improved to detect insecure calls to `ObjectMessage.getObject` in JMS.

java/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.2
+lastReleaseVersion: 0.8.3

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.8.3-dev
+version: 0.8.4-dev
 groups:
   - java
   - queries

javascript/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.8.3
+
+No user-facing changes.
+
 ## 0.8.2
 
 No user-facing changes.

javascript/ql/lib/change-notes/released/0.8.3.md

@@ -0,0 +1,3 @@
+## 0.8.3
+
+No user-facing changes.

javascript/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.2
+lastReleaseVersion: 0.8.3

javascript/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.8.3-dev
+version: 0.8.4-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript

javascript/ql/src/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 0.8.3
+
+### Query Metadata Changes
+
+* Lower the severity of log-injection to medium.
+* Increase the severity of XSS to high.
+
 ## 0.8.2
 
 ### Minor Analysis Improvements

javascript/ql/src/change-notes/2023-10-09-adjust-xss-and-log-injection-severity.md

@@ -1,6 +0,0 @@
----
-category: queryMetadata
----
-
-* Lower the severity of log-injection to medium.
-* Increase the severity of XSS to high.