Merge branch 'github:main' into java-mad-test

java/documentation/library-coverage/coverage.csv

@@ -76,63 +76,61 @@ jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
 jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
 jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
 jakarta.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,
-java.applet,,,14,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,14,
-java.awt,1,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,2,3
-java.beans,,,193,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,193,
-java.io,66,1,256,,,,,,,,,22,,,,,,,,,,,,,,,44,,,,,,,,,,,,,,,,,,,,,,1,,249,7
-java.lang,38,3,756,,13,,,,,,1,,,,,,,,,,,,8,,,,11,,,4,,,1,,,,,,,,,,,,,,,3,,,681,75
+java.applet,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,11,
+java.awt,1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,3
+java.beans,,,177,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,82,95
+java.io,66,1,226,,,,,,,,,22,,,,,,,,,,,,,,,44,,,,,,,,,,,,,,,,,,,,,,1,,203,23
+java.lang,38,3,783,,13,,,,,,1,,,,,,,,,,,,8,,,,11,,,4,,,1,,,,,,,,,,,,,,,3,,,506,277
 java.math,,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9
-java.net,23,3,279,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,,,,,,,,,,,,,,3,275,4
-java.nio,47,,373,,,,,,,,,5,,,,,,,,,,,,,,,41,,,,,,,,,1,,,,,,,,,,,,,,,267,106
-java.rmi,,,71,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,71,
-java.security,21,,547,,,11,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,543,4
-java.sql,15,1,303,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,,1,,,,303,
-java.text,,,134,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,134,
-java.time,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35,88
-java.util,48,2,1221,,,,,,,,,1,,,,,,,,,,,34,,,,3,,,,5,2,,1,2,,,,,,,,,,,,,2,,,705,516
+java.net,23,3,347,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,,,,,,,,,,,,,,3,248,99
+java.nio,47,,499,,,,,,,,,5,,,,,,,,,,,,,,,41,,,,,,,,,1,,,,,,,,,,,,,,,302,197
+java.rmi,,,68,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,23
+java.security,21,,583,,,11,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,285,298
+java.sql,15,1,292,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,,1,,,,274,18
+java.text,,,154,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,72,82
+java.time,,,131,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,27,104
+java.util,48,2,1339,,,,,,,,,1,,,,,,,,,,,34,,,,3,,,,5,2,,1,2,,,,,,,,,,,,,2,,,558,781
 javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
-javax.accessibility,,,31,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,31,
+javax.accessibility,,,63,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,28,35
 javax.activation,2,,7,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,,7,
-javax.annotation.processing,,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,
-javax.crypto,19,,128,,,12,3,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,128,
+javax.annotation.processing,,,28,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,3
+javax.crypto,19,,114,,,12,3,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,61,53
 javax.faces.context,4,7,,,,,,,,,,,,,,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,7,,
-javax.imageio,1,,261,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,261,
+javax.imageio,1,,304,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,138,166
 javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
 javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
-javax.lang.model.element,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,
-javax.lang.model.type,,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,
-javax.lang.model.util,,,68,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,68,
-javax.management,2,,802,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,801,1
-javax.naming,7,,324,,,,,,,,,,,,,,,,,6,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,318,6
-javax.net,4,,86,,,,2,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,86,
-javax.portlet,1,,61,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,61,
-javax.print,2,,100,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,
-javax.rmi.ssl,,,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,
-javax.script,1,,42,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,42,
-javax.security.auth,7,,137,,,4,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,137,
+javax.lang.model,,,277,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,217,60
+javax.management,2,,766,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,363,403
+javax.naming,7,,341,,,,,,,,,,,,,,,,,6,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,191,150
+javax.net,4,,136,,,,2,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,87,49
+javax.portlet,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
+javax.print,2,,133,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,102,31
+javax.rmi.ssl,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6
+javax.script,1,,50,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,14,36
+javax.security.auth,7,,147,,,4,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,50,97
 javax.security.cert,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,
-javax.security.sasl,,,28,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,28,
+javax.security.sasl,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,42,7
 javax.servlet,10,22,3,,,,,,,,,,,,,,1,,,,,,,,,,2,,,,,,,,,,3,,,2,2,,,,,,,,,22,3,
-javax.smartcardio,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30,
-javax.sound.midi,,,29,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,29,
-javax.sound.sampled,,,66,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,66,
-javax.sql,7,,63,,,,4,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,63,
-javax.tools,,,31,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,31,
+javax.smartcardio,,,34,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,24,10
+javax.sound.midi,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,51,9
+javax.sound.sampled,,,90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,53,37
+javax.sql,7,,126,,,,4,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,68,58
+javax.tools,,,66,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,62,4
 javax.transaction.xa,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
 javax.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
 javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
 javax.ws.rs.core,3,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,2,,,,,,,,,94,55
 javax.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,
-javax.xml.catalog,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,1
-javax.xml.crypto,,,126,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,126,
-javax.xml.datatype,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,
-javax.xml.namespace,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,
-javax.xml.parsers,,,18,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,
-javax.xml.stream,,,36,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,36,
-javax.xml.transform,2,,89,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,1,,,,,,,89,
-javax.xml.validation,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,
-javax.xml.xpath,3,,12,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,12,
+javax.xml.catalog,,,12,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,11,1
+javax.xml.crypto,,,269,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,172,97
+javax.xml.datatype,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,1
+javax.xml.namespace,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,10
+javax.xml.parsers,,,37,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35,2
+javax.xml.stream,,,221,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,201,20
+javax.xml.transform,2,,134,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,1,,,,,,,72,62
+javax.xml.validation,,,29,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,29,
+javax.xml.xpath,3,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,26,
 jenkins,,,523,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,500,23
 jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10
 kotlin,16,,1849,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,2,,,,,,,,,,,,,,,1836,13
@@ -233,7 +231,7 @@ org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3
 org.springframework.boot.jdbc,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
 org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
 org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-org.springframework.core.io,17,,5,,,,,,,,,,,,,,,,,,,,,,,,16,,,,,,,,,1,,,,,,,,,,,,,,,5,
+org.springframework.core.io,17,,6,,,,,,,,,,,,,,,,,,,,,,,,16,,,,,,,,,1,,,,,,,,,,,,,,,6,
 org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
 org.springframework.http,14,,77,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,,,,,,,67,10
 org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,,,,
@@ -248,14 +246,13 @@ org.springframework.util,10,,142,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,,,
 org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,
 org.springframework.web.client,13,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,3,,
 org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,
-org.springframework.web.multipart,,12,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,13,
+org.springframework.web.multipart,,12,12,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,12,
 org.springframework.web.portlet,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
 org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,
 org.springframework.web.servlet,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
 org.springframework.web.util,,9,157,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,132,25
 org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,2,
-org.w3c.dom,,,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,56,1
-org.xml.sax,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,
+org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,
 org.yaml.snakeyaml,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 play.libs.ws,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,
@@ -271,21 +268,17 @@ ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
 ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
 retrofit2,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,1,
 software.amazon.awssdk.transfer.s3.model,8,,,,,,,,,,,,,,,,,,,,,,,,,,8,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.awt,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,
 sun.jvmstat.perfdata.monitor.protocol.local,3,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 sun.jvmstat.perfdata.monitor.protocol.rmi,1,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.management.spi,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 sun.misc,3,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 sun.net.ftp,5,,,,,,2,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 sun.net.www.protocol.http,3,,,,,,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.nio.ch,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,
 sun.security.acl,1,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 sun.security.jgss.krb5,2,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.security.krb5,9,,7,,,3,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,
+sun.security.krb5,9,,,,,3,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 sun.security.pkcs,4,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 sun.security.pkcs11,3,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 sun.security.provider,2,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 sun.security.ssl,3,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 sun.security.x509,1,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 sun.tools.jconsole,28,,,,,,13,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.util.logging.internal,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,

java/documentation/library-coverage/coverage.rst

@@ -18,10 +18,10 @@ Java framework & library support
    `Google Guava <https://guava.dev/>`_,``com.google.common.*``,,730,43,9,,,,,
    JBoss Logging,``org.jboss.logging``,,,324,,,,,,
    `JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,
-   Java Standard Library,``java.*``,10,4284,259,99,,9,,,26
-   Java extensions,"``javax.*``, ``jakarta.*``",69,3260,90,10,4,2,1,1,4
+   Java Standard Library,``java.*``,10,4622,259,99,,9,,,26
+   Java extensions,"``javax.*``, ``jakarta.*``",69,4159,90,10,4,2,1,1,4
    Kotlin Standard Library,``kotlin*``,,1849,16,14,,,,,2
    `Spring <https://spring.io/>`_,``org.springframework.*``,38,486,143,26,,28,14,,35
-   Others,"``actions.osgi``, ``antlr``, ``ch.ethz.ssh2``, ``cn.hutool.core.codec``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.amazonaws.auth``, ``com.auth0.jwt.algorithms``, ``com.azure.identity``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.microsoft.sqlserver.jdbc``, ``com.mitchellbosecke.pebble``, ``com.mongodb``, ``com.opensymphony.xwork2``, ``com.rabbitmq.client``, ``com.sshtools.j2ssh.authentication``, ``com.sun.crypto.provider``, ``com.sun.jndi.ldap``, ``com.sun.net.httpserver``, ``com.sun.net.ssl``, ``com.sun.rowset``, ``com.sun.security.auth.module``, ``com.sun.security.ntlm``, ``com.sun.security.sasl.digest``, ``com.thoughtworks.xstream``, ``com.trilead.ssh2``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``io.undertow.server.handlers.resource``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``liquibase.database.jvm``, ``liquibase.statement.core``, ``net.lingala.zip4j``, ``net.schmizz.sshj``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hadoop.hive.ql.exec``, ``org.apache.hadoop.hive.ql.metadata``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.ibatis.mapping``, ``org.apache.log4j``, ``org.apache.shiro.authc``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.shiro.mgt``, ``org.apache.sshd.client.session``, ``org.apache.struts.beanvalidation.validation.interceptor``, ``org.apache.struts2``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.hibernate``, ``org.influxdb``, ``org.jboss.vfs``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.jooq``, ``org.keycloak.models.map.storage``, ``org.kohsuke.stapler``, ``org.lastaflute.web``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.pac4j.jwt.config.encryption``, ``org.pac4j.jwt.config.signature``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.w3c.dom``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``, ``software.amazon.awssdk.transfer.s3.model``, ``sun.awt``, ``sun.jvmstat.perfdata.monitor.protocol.local``, ``sun.jvmstat.perfdata.monitor.protocol.rmi``, ``sun.management.spi``, ``sun.misc``, ``sun.net.ftp``, ``sun.net.www.protocol.http``, ``sun.nio.ch``, ``sun.security.acl``, ``sun.security.jgss.krb5``, ``sun.security.krb5``, ``sun.security.pkcs``, ``sun.security.pkcs11``, ``sun.security.provider``, ``sun.security.ssl``, ``sun.security.x509``, ``sun.tools.jconsole``, ``sun.util.logging.internal``",133,10603,908,140,6,22,18,,208
-   Totals,,312,25170,2635,404,16,128,33,1,409
+   Others,"``actions.osgi``, ``antlr``, ``ch.ethz.ssh2``, ``cn.hutool.core.codec``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.amazonaws.auth``, ``com.auth0.jwt.algorithms``, ``com.azure.identity``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.microsoft.sqlserver.jdbc``, ``com.mitchellbosecke.pebble``, ``com.mongodb``, ``com.opensymphony.xwork2``, ``com.rabbitmq.client``, ``com.sshtools.j2ssh.authentication``, ``com.sun.crypto.provider``, ``com.sun.jndi.ldap``, ``com.sun.net.httpserver``, ``com.sun.net.ssl``, ``com.sun.rowset``, ``com.sun.security.auth.module``, ``com.sun.security.ntlm``, ``com.sun.security.sasl.digest``, ``com.thoughtworks.xstream``, ``com.trilead.ssh2``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``io.undertow.server.handlers.resource``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``liquibase.database.jvm``, ``liquibase.statement.core``, ``net.lingala.zip4j``, ``net.schmizz.sshj``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hadoop.hive.ql.exec``, ``org.apache.hadoop.hive.ql.metadata``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.ibatis.mapping``, ``org.apache.log4j``, ``org.apache.shiro.authc``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.shiro.mgt``, ``org.apache.sshd.client.session``, ``org.apache.struts.beanvalidation.validation.interceptor``, ``org.apache.struts2``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.hibernate``, ``org.influxdb``, ``org.jboss.vfs``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.jooq``, ``org.keycloak.models.map.storage``, ``org.kohsuke.stapler``, ``org.lastaflute.web``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.pac4j.jwt.config.encryption``, ``org.pac4j.jwt.config.signature``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``, ``software.amazon.awssdk.transfer.s3.model``, ``sun.jvmstat.perfdata.monitor.protocol.local``, ``sun.jvmstat.perfdata.monitor.protocol.rmi``, ``sun.misc``, ``sun.net.ftp``, ``sun.net.www.protocol.http``, ``sun.security.acl``, ``sun.security.jgss.krb5``, ``sun.security.krb5``, ``sun.security.pkcs``, ``sun.security.pkcs11``, ``sun.security.provider``, ``sun.security.ssl``, ``sun.security.x509``, ``sun.tools.jconsole``",133,10525,908,140,6,22,18,,208
+   Totals,,312,26329,2635,404,16,128,33,1,409
 

java/downgrades/1fd1afa7862b82955785edd29820054ab6c9ec81/erasure.ql

@@ -0,0 +1,9 @@
+class ClassOrInterface extends @classorinterface {
+  string toString() { none() }
+}
+
+from ClassOrInterface x, ClassOrInterface y
+where
+  classes_or_interfaces(x, _, _, y) and
+  x != y
+select x, y

java/downgrades/1fd1afa7862b82955785edd29820054ab6c9ec81/upgrade.properties

@@ -0,0 +1,3 @@
+description: Remove erasure
+compatibility: full
+erasure.rel: run erasure.qlo

java/downgrades/876cabc76c5c83912271db331481f8cba2749643/fields.ql

@@ -0,0 +1,15 @@
+class Field extends @field {
+  string toString() { none() }
+}
+
+class Type extends @type {
+  string toString() { none() }
+}
+
+class RefType extends @reftype {
+  string toString() { none() }
+}
+
+from Field f, string name, Type t, RefType parent
+where fields(f, name, t, parent)
+select f, name, t, parent, f

java/downgrades/876cabc76c5c83912271db331481f8cba2749643/upgrade.properties

@@ -0,0 +1,3 @@
+description: Remove fields.sourceid
+compatibility: full
+fields.rel: run fields.qlo

java/kotlin-extractor/deps.bzl

@@ -17,7 +17,7 @@ def _get_dep(repository_ctx, name):
     return repository_ctx.path(Label("//java/kotlin-extractor/deps:%s" % name))
 
 def _kotlin_dep_impl(repository_ctx):
-    _, _, name = repository_ctx.name.rpartition("~")
+    _, _, name = repository_ctx.name.rpartition("+")
     lfs_smudge(repository_ctx, [_get_dep(repository_ctx, name + ".jar")])
 
     # for some reason rules_kotlin warns about these jars missing, this is to silence those warnings

java/kotlin-extractor/src/main/kotlin/KotlinExtractorExtension.kt

@@ -140,6 +140,7 @@ class KotlinExtractorExtension(
             val logger = Logger(loggerBase, tw)
             logger.info("Extraction started")
             logger.flush()
+            logger.infoVerbosity()
             logger.info("Extraction for invocation TRAP file $invocationTrapFile")
             logger.flush()
             logger.info("Kotlin version ${KotlinCompilerVersion.getVersion()}")

java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt

@@ -27,30 +27,7 @@ import org.jetbrains.kotlin.ir.expressions.impl.*
 import org.jetbrains.kotlin.ir.symbols.*
 import org.jetbrains.kotlin.ir.types.*
 import org.jetbrains.kotlin.ir.types.impl.makeTypeProjection
-import org.jetbrains.kotlin.ir.util.companionObject
-import org.jetbrains.kotlin.ir.util.constructors
-import org.jetbrains.kotlin.ir.util.fqNameWhenAvailable
-import org.jetbrains.kotlin.ir.util.hasAnnotation
-import org.jetbrains.kotlin.ir.util.hasInterfaceParent
-import org.jetbrains.kotlin.ir.util.isAnnotationClass
-import org.jetbrains.kotlin.ir.util.isAnonymousObject
-import org.jetbrains.kotlin.ir.util.isFakeOverride
-import org.jetbrains.kotlin.ir.util.isFunctionOrKFunction
-import org.jetbrains.kotlin.ir.util.isInterface
-import org.jetbrains.kotlin.ir.util.isLocal
-import org.jetbrains.kotlin.ir.util.isNonCompanionObject
-import org.jetbrains.kotlin.ir.util.isObject
-import org.jetbrains.kotlin.ir.util.isSuspend
-import org.jetbrains.kotlin.ir.util.isSuspendFunctionOrKFunction
-import org.jetbrains.kotlin.ir.util.isVararg
-import org.jetbrains.kotlin.ir.util.kotlinFqName
-import org.jetbrains.kotlin.ir.util.packageFqName
-import org.jetbrains.kotlin.ir.util.parentAsClass
-import org.jetbrains.kotlin.ir.util.parentClassOrNull
-import org.jetbrains.kotlin.ir.util.parents
-import org.jetbrains.kotlin.ir.util.primaryConstructor
-import org.jetbrains.kotlin.ir.util.render
-import org.jetbrains.kotlin.ir.util.target
+import org.jetbrains.kotlin.ir.util.*
 import org.jetbrains.kotlin.load.java.JvmAnnotationNames
 import org.jetbrains.kotlin.load.java.NOT_NULL_ANNOTATIONS
 import org.jetbrains.kotlin.load.java.NULLABLE_ANNOTATIONS
@@ -192,11 +169,17 @@ open class KotlinFileExtractor(
         }
 
     private fun FunctionDescriptor.tryIsHiddenToOvercomeSignatureClash(d: IrFunction): Boolean {
+        // `org.jetbrains.kotlin.ir.descriptors.IrBasedClassConstructorDescriptor.isHiddenToOvercomeSignatureClash`
+        // throws one exception or other in Kotlin 2, depending on the version.
+        // TODO: We need a replacement for this for Kotlin 2
         try {
             return this.isHiddenToOvercomeSignatureClash
         } catch (e: NotImplementedError) {
-            // `org.jetbrains.kotlin.ir.descriptors.IrBasedClassConstructorDescriptor.isHiddenToOvercomeSignatureClash` throws the exception
-            // TODO: We need a replacement for this for Kotlin 2
+            if (!usesK2) {
+                logger.warnElement("Couldn't query if element is fake, deciding it's not.", d, e)
+            }
+            return false
+        } catch (e: IllegalStateException) {
             if (!usesK2) {
                 logger.warnElement("Couldn't query if element is fake, deciding it's not.", d, e)
             }
@@ -501,8 +484,6 @@ open class KotlinFileExtractor(
                 tw.writeIsRaw(id)
             }
 
-            val unbound = useClassSource(c)
-            tw.writeErasure(id, unbound)
             extractClassModifiers(c, id)
             extractClassSupertypes(
                 c,
@@ -826,7 +807,7 @@ open class KotlinFileExtractor(
         fun exprId() = tw.getLabelFor<DbExpr>("@\"annotationExpr;{$parent};$idx\"")
 
         return when (v) {
-            is IrConst<*> -> {
+            is CodeQLIrConst<*> -> {
                 extractConstant(v, parent, idx, null, null, overrideId = exprId())
             }
             is IrGetEnumValue -> {
@@ -1020,7 +1001,7 @@ open class KotlinFileExtractor(
                     // here.
                     val instance = useObjectClassInstance(c)
                     val type = useSimpleTypeClass(c, emptyList(), false)
-                    tw.writeFields(instance.id, instance.name, type.javaResult.id, id, instance.id)
+                    tw.writeFields(instance.id, instance.name, type.javaResult.id, id)
                     tw.writeFieldsKotlinType(instance.id, type.kotlinResult.id)
                     tw.writeHasLocation(instance.id, locId)
                     addModifiers(instance.id, "public", "static", "final")
@@ -1237,8 +1218,7 @@ open class KotlinFileExtractor(
                                 instance.id,
                                 instance.name,
                                 type.javaResult.id,
-                                parentId,
-                                instance.id
+                                parentId
                             )
                             tw.writeFieldsKotlinType(instance.id, type.kotlinResult.id)
                             tw.writeHasLocation(instance.id, innerLocId)
@@ -2600,7 +2580,7 @@ open class KotlinFileExtractor(
         isStatic: Boolean
     ): Label<out DbField> {
         val t = useType(type)
-        tw.writeFields(id, name, t.javaResult.id, parentId, id)
+        tw.writeFields(id, name, t.javaResult.id, parentId)
         tw.writeFieldsKotlinType(id, t.kotlinResult.id)
         tw.writeHasLocation(id, locId)
 
@@ -2757,7 +2737,7 @@ open class KotlinFileExtractor(
             DeclarationStackAdjuster(ee).use {
                 val id = useEnumEntry(ee)
                 val type = getEnumEntryType(ee) ?: return
-                tw.writeFields(id, ee.name.asString(), type.javaResult.id, parentId, id)
+                tw.writeFields(id, ee.name.asString(), type.javaResult.id, parentId)
                 tw.writeFieldsKotlinType(id, type.kotlinResult.id)
                 val locId = tw.getLocation(ee)
                 tw.writeHasLocation(id, locId)
@@ -5765,7 +5745,14 @@ open class KotlinFileExtractor(
     ) =
         exprIdOrFresh<DbNullliteral>(overrideId).also {
             val type = useType(t)
-            tw.writeExprs_nullliteral(it, type.javaResult.id, parent, idx)
+            // Match Java by using a special <nulltype> for nulls, rather than Kotlin's view of this which is
+            // kotlin.Nothing?, the type that can only contain null.
+            val nullTypeName = "<nulltype>"
+            val javaNullType = tw.getLabelFor<DbPrimitive>(
+                "@\"type;$nullTypeName\"",
+                { tw.writePrimitives(it, nullTypeName) }
+            )
+            tw.writeExprs_nullliteral(it, javaNullType, parent, idx)
             tw.writeExprsKotlinType(it, type.kotlinResult.id)
             extractExprContext(it, locId, callable, enclosingStmt)
         }
@@ -5999,7 +5986,7 @@ open class KotlinFileExtractor(
                         extractExpressionExpr(a, callable, id, i, exprParent.enclosingStmt)
                     }
                 }
-                is IrConst<*> -> {
+                is CodeQLIrConst<*> -> {
                     val exprParent = parent.expr(e, callable)
                     extractConstant(
                         e,
@@ -6211,9 +6198,9 @@ open class KotlinFileExtractor(
                     if (
                         (isAndAnd || isOrOr) &&
                             e.branches.size == 2 &&
-                            (e.branches[1].condition as? IrConst<*>)?.value == true &&
+                            (e.branches[1].condition as? CodeQLIrConst<*>)?.value == true &&
                             (e.branches[if (e.origin == IrStatementOrigin.ANDAND) 1 else 0].result
-                                    as? IrConst<*>)
+                                    as? CodeQLIrConst<*>)
                                 ?.value == isOrOr
                     ) {
 
@@ -6869,7 +6856,7 @@ open class KotlinFileExtractor(
         }
 
     private fun extractConstant(
-        e: IrConst<*>,
+        e: CodeQLIrConst<*>,
         parent: Label<out DbExprparent>,
         idx: Int,
         enclosingCallable: Label<out DbCallable>?,
@@ -9041,7 +9028,7 @@ open class KotlinFileExtractor(
         tw.writeHasLocation(id, locId)
 
         // Extract constructor
-        val unitType = useType(pluginContext.irBuiltIns.unitType)
+        val unitType = useType(pluginContext.irBuiltIns.unitType, TypeContext.RETURN)
         tw.writeConstrs(ids.constructor, "", "", unitType.javaResult.id, id, ids.constructor)
         tw.writeConstrsKotlinType(ids.constructor, unitType.kotlinResult.id)
         tw.writeHasLocation(ids.constructor, locId)

java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt

@@ -5,7 +5,7 @@ import com.github.codeql.utils.versions.*
 import com.semmle.extractor.java.OdasaOutput
 import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
 import org.jetbrains.kotlin.backend.common.ir.*
-import org.jetbrains.kotlin.backend.jvm.ir.propertyIfAccessor
+import org.jetbrains.kotlin.backend.jvm.ir.*
 import org.jetbrains.kotlin.codegen.JvmCodegenUtil
 import org.jetbrains.kotlin.descriptors.*
 import org.jetbrains.kotlin.ir.ObsoleteDescriptorBasedAPI
@@ -24,6 +24,7 @@ import org.jetbrains.kotlin.load.kotlin.getJvmModuleNameForDeserializedDescripto
 import org.jetbrains.kotlin.name.FqName
 import org.jetbrains.kotlin.name.NameUtils
 import org.jetbrains.kotlin.name.SpecialNames
+import org.jetbrains.kotlin.resolve.descriptorUtil.propertyIfAccessor
 import org.jetbrains.kotlin.types.Variance
 import org.jetbrains.kotlin.util.OperatorNameConventions
 
@@ -84,7 +85,7 @@ open class KotlinUsesExtractor(
     }
 
     private fun extractFileClass(fqName: FqName): Label<out DbClassorinterface> {
-        val pkg = if (fqName.isRoot()) "" else fqName.parent().asString()
+        val pkg = if (fqName.codeQlIsRoot()) "" else fqName.parent().asString()
         val jvmName = fqName.shortName().asString()
         return extractFileClass(pkg, jvmName)
     }
@@ -779,7 +780,7 @@ open class KotlinUsesExtractor(
                 // array.length
                 val length = tw.getLabelFor<DbField>("@\"field;{$it};length\"")
                 val intTypeIds = useType(pluginContext.irBuiltIns.intType)
-                tw.writeFields(length, "length", intTypeIds.javaResult.id, it, length)
+                tw.writeFields(length, "length", intTypeIds.javaResult.id, it)
                 tw.writeFieldsKotlinType(length, intTypeIds.kotlinResult.id)
                 addModifiers(length, "public", "final")
 
@@ -906,7 +907,7 @@ open class KotlinUsesExtractor(
                 return arrayInfo.componentTypeResults
             }
             owner is IrClass -> {
-                val args = if (s.isRawType()) null else s.arguments
+                val args = if (s.codeQlIsRawType()) null else s.arguments
 
                 return useSimpleTypeClass(owner, args, s.isNullable())
             }
@@ -1232,9 +1233,10 @@ open class KotlinUsesExtractor(
     // false if it has `@JvmSuppressWildcards(false)`,
     // and null if the annotation is not present.
     @Suppress("UNCHECKED_CAST")
-    private fun getWildcardSuppressionDirective(t: IrAnnotationContainer) =
+    private fun getWildcardSuppressionDirective(t: IrAnnotationContainer): Boolean? =
         t.getAnnotation(jvmWildcardSuppressionAnnotation)?.let {
-            (it.getValueArgument(0) as? IrConst<Boolean>)?.value ?: true
+            @Suppress("USELESS_CAST") // `as? Boolean` is not needed for Kotlin < 2.1
+            (it.getValueArgument(0) as? CodeQLIrConst<Boolean>)?.value as? Boolean ?: true
         }
 
     private fun addJavaLoweringArgumentWildcards(

java/kotlin-extractor/src/main/kotlin/MetaAnnotationSupport.kt

@@ -27,13 +27,7 @@ import org.jetbrains.kotlin.ir.expressions.IrClassReference
 import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
 import org.jetbrains.kotlin.ir.expressions.IrGetEnumValue
 import org.jetbrains.kotlin.ir.expressions.IrVararg
-import org.jetbrains.kotlin.ir.expressions.impl.IrClassReferenceImpl
-import org.jetbrains.kotlin.ir.expressions.impl.IrConstructorCallImpl
-import org.jetbrains.kotlin.ir.expressions.impl.IrGetEnumValueImpl
-import org.jetbrains.kotlin.ir.expressions.impl.IrGetFieldImpl
-import org.jetbrains.kotlin.ir.expressions.impl.IrGetValueImpl
-import org.jetbrains.kotlin.ir.expressions.impl.IrReturnImpl
-import org.jetbrains.kotlin.ir.expressions.impl.IrVarargImpl
+import org.jetbrains.kotlin.ir.expressions.impl.*
 import org.jetbrains.kotlin.ir.symbols.IrClassSymbol
 import org.jetbrains.kotlin.ir.types.typeWith
 import org.jetbrains.kotlin.ir.util.constructedClass

java/kotlin-extractor/src/main/kotlin/utils/JvmNames.kt

@@ -1,12 +1,12 @@
 package com.github.codeql.utils
 
 import com.github.codeql.utils.versions.allOverriddenIncludingSelf
+import com.github.codeql.utils.versions.CodeQLIrConst
 import org.jetbrains.kotlin.builtins.StandardNames
 import org.jetbrains.kotlin.ir.declarations.IrAnnotationContainer
 import org.jetbrains.kotlin.ir.declarations.IrClass
 import org.jetbrains.kotlin.ir.declarations.IrFunction
 import org.jetbrains.kotlin.ir.declarations.IrSimpleFunction
-import org.jetbrains.kotlin.ir.expressions.IrConst
 import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
 import org.jetbrains.kotlin.ir.types.IrSimpleType
 import org.jetbrains.kotlin.ir.util.fqNameWhenAvailable
@@ -82,7 +82,7 @@ fun getJvmName(container: IrAnnotationContainer): String? {
             if (owner is IrClass) {
                 val aPkg = owner.packageFqName?.asString()
                 val name = owner.name.asString()
-                if (aPkg == "kotlin.jvm" && name == "JvmName" && v is IrConst<*>) {
+                if (aPkg == "kotlin.jvm" && name == "JvmName" && v is CodeQLIrConst<*>) {
                     val value = v.value
                     if (value is String) {
                         return value

java/kotlin-extractor/src/main/kotlin/utils/Logger.kt

@@ -244,6 +244,10 @@ open class LoggerBase(val logCounter: LogCounter) {
         }
     }
 
+    fun infoVerbosity(dtw: DiagnosticTrapWriter) {
+        info(dtw, "Kotlin extractor verbosity is " + verbosity.toString())
+    }
+
     fun warn(dtw: DiagnosticTrapWriter, msg: String, extraInfo: String?) {
         if (verbosity >= 2) {
             diagnostic(dtw, Severity.Warn, msg, extraInfo)
@@ -301,6 +305,10 @@ open class Logger(val loggerBase: LoggerBase, val dtw: DiagnosticTrapWriter) {
         loggerBase.info(dtw, msg)
     }
 
+    fun infoVerbosity() {
+        loggerBase.infoVerbosity(dtw)
+    }
+
     private fun warn(msg: String, extraInfo: String?) {
         loggerBase.warn(dtw, msg, extraInfo)
     }

java/kotlin-extractor/src/main/kotlin/utils/TypeSubstitution.kt

@@ -15,7 +15,7 @@ import org.jetbrains.kotlin.ir.declarations.IrTypeParametersContainer
 import org.jetbrains.kotlin.ir.declarations.impl.IrExternalPackageFragmentImpl
 import org.jetbrains.kotlin.ir.declarations.impl.IrFactoryImpl
 import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
-import org.jetbrains.kotlin.ir.expressions.impl.IrConstructorCallImpl
+import org.jetbrains.kotlin.ir.expressions.impl.*
 import org.jetbrains.kotlin.ir.symbols.IrTypeParameterSymbol
 import org.jetbrains.kotlin.ir.symbols.impl.DescriptorlessExternalPackageFragmentSymbol
 import org.jetbrains.kotlin.ir.types.*

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/CodeQLIrConst.kt

@@ -0,0 +1,5 @@
+package com.github.codeql.utils.versions
+
+import org.jetbrains.kotlin.ir.expressions.IrConst
+
+typealias CodeQLIrConst<T> = IrConst<T>

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/CodeQLIsRoot.kt

@@ -0,0 +1,5 @@
+package com.github.codeql.utils.versions
+
+import org.jetbrains.kotlin.name.FqName
+
+fun FqName.codeQlIsRoot() = this.isRoot()

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_5_0/Types.kt

@@ -3,4 +3,4 @@ package com.github.codeql.utils.versions
 import org.jetbrains.kotlin.backend.jvm.codegen.isRawType
 import org.jetbrains.kotlin.ir.types.IrSimpleType
 
-fun IrSimpleType.isRawType() = this.isRawType()
+fun IrSimpleType.codeQlIsRawType() = this.isRawType()

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_20/Types.kt

@@ -3,4 +3,4 @@ package com.github.codeql.utils.versions
 import org.jetbrains.kotlin.backend.jvm.ir.isRawType
 import org.jetbrains.kotlin.ir.types.IrSimpleType
 
-fun IrSimpleType.isRawType() = this.isRawType()
+fun IrSimpleType.codeQlIsRawType() = this.isRawType()

java/kotlin-extractor/src/main/kotlin/utils/versions/v_2_1_0-Beta1/CodeQLIrConst.kt

@@ -0,0 +1,5 @@
+package com.github.codeql.utils.versions
+
+import org.jetbrains.kotlin.ir.expressions.IrConst
+
+typealias CodeQLIrConst<T> = IrConst

java/kotlin-extractor/src/main/kotlin/utils/versions/v_2_1_0-Beta1/CodeQLIsRoot.kt

@@ -0,0 +1,5 @@
+package com.github.codeql.utils.versions
+
+import org.jetbrains.kotlin.name.FqName
+
+fun FqName.codeQlIsRoot() = this.isRoot

java/kotlin-extractor/versions.bzl

@@ -13,6 +13,7 @@ VERSIONS = [
     "1.9.20-Beta",
     "2.0.0-RC1",
     "2.0.20-Beta2",
+    "2.1.0-Beta1",
 ]
 
 def _version_to_tuple(v):

java/ql/automodel/src/CHANGELOG.md

@@ -1,3 +1,15 @@
+## 1.0.11
+
+No user-facing changes.
+
+## 1.0.10
+
+No user-facing changes.
+
+## 1.0.9
+
+No user-facing changes.
+
 ## 1.0.8
 
 No user-facing changes.

java/ql/automodel/src/change-notes/released/1.0.10.md

@@ -0,0 +1,3 @@
+## 1.0.10
+
+No user-facing changes.

java/ql/automodel/src/change-notes/released/1.0.11.md

@@ -0,0 +1,3 @@
+## 1.0.11
+
+No user-facing changes.

java/ql/automodel/src/change-notes/released/1.0.9.md

@@ -0,0 +1,3 @@
+## 1.0.9
+
+No user-facing changes.

java/ql/automodel/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.8
+lastReleaseVersion: 1.0.11

java/ql/automodel/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 1.0.9-dev
+version: 1.0.12-dev
 groups:
     - java
     - automodel

java/ql/integration-tests/java/buildless-maven-executable-war/source_archive.expected

@@ -5,3 +5,4 @@ src/main/resources/page.xml
 src/main/resources/struts.xml
 src/test/java/com/example/AppTest.java
 test-db/log/ext/javac.properties
+test-db/working/settings.xml

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/buildless-fetches.expected

@@ -0,0 +1,26 @@
+https://repo.maven.apache.org/maven2/com/feiniaojin/naaf/naaf-graceful-response-example/1.0/naaf-graceful-response-example-1.0.jar
+https://repo.maven.apache.org/maven2/com/github/MoebiusSolutions/avro-registry-in-source/avro-registry-in-source-tests/1.8/avro-registry-in-source-tests-1.8.jar
+https://repo.maven.apache.org/maven2/com/github/MoebiusSolutions/avro-registry-in-source/example-project/1.5/example-project-1.5.jar
+https://repo.maven.apache.org/maven2/com/intuit/benten/benten-examples/0.1.5/benten-examples-0.1.5.jar
+https://repo.maven.apache.org/maven2/com/jakewharton/twirl/sample-runtime/1.2.0/sample-runtime-1.2.0.jar
+https://repo.maven.apache.org/maven2/com/mattunderscore/code/generation/specky/plugin-example/0.8.0/plugin-example-0.8.0.jar
+https://repo.maven.apache.org/maven2/com/microsoft/tang/tang-test-jarAB/0.9/tang-test-jarAB-0.9.jar
+https://repo.maven.apache.org/maven2/de/knutwalker/rx-redis-example_2.11/0.1.2/rx-redis-example_2.11-0.1.2.jar
+https://repo.maven.apache.org/maven2/de/knutwalker/rx-redis-java-example_2.11/0.1.2/rx-redis-java-example_2.11-0.1.2.jar
+https://repo.maven.apache.org/maven2/io/github/scrollsyou/example-spring-boot-starter/1.0.0/example-spring-boot-starter-1.0.0.jar
+https://repo.maven.apache.org/maven2/io/streamnative/com/example/maven-central-template/server/3.0.0/server-3.0.0.jar
+https://repo.maven.apache.org/maven2/junit/junit/4.11/junit-4.11.jar
+https://repo.maven.apache.org/maven2/no/nav/security/token-validation-ktor-demo/3.1.0/token-validation-ktor-demo-3.1.0.jar
+https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-fileupload/0.5.10/minijax-example-fileupload-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-inject/0.5.10/minijax-example-inject-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-json/0.5.10/minijax-example-json-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-mustache/0.5.10/minijax-example-mustache-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-petclinic/0.5.10/minijax-example-petclinic-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-security/0.5.10/minijax-example-security-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-ssl/0.5.10/minijax-example-ssl-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-todo-backend/0.5.10/minijax-example-todo-backend-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-websocket/0.5.10/minijax-example-websocket-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/scalamock/scalamock-examples_2.10/3.6.0/scalamock-examples_2.10-3.6.0.jar
+https://repo.maven.apache.org/maven2/org/somda/sdc/glue-examples/4.0.0/glue-examples-4.0.0.jar
+https://repo.maven.apache.org/maven2/us/fatehi/schemacrawler-examplecode/16.20.2/schemacrawler-examplecode-16.20.2.jar

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/diagnostics.expected

@@ -0,0 +1,70 @@
+{
+  "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/using-build-tool-advice",
+    "name": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis used the system default JDK.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/jdk-system-default",
+    "name": "Java analysis used the system default JDK"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis with build-mode 'none' completed.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/complete",
+    "name": "Java analysis with build-mode 'none' completed"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/mode-active",
+    "name": "Java was extracted with build-mode set to 'none'"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": true,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Reading the dependency graph from build files provided 2 classpath entries",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/depgraph-provided-by-maven",
+    "name": "Java analysis extracted precise dependency graph information from tool Maven"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/home-dir-with-maven-settings/.m2/settings.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<settings>
+    <profiles>
+        <profile>
+            <id>preexisting-profile</id>
+            <pluginRepositories>
+                <pluginRepository>
+                    <id>preexisting-repository</id>
+                    <name>A pre-existing repository</name>
+                    <url>https://nonesuch.example</url>
+                </pluginRepository>
+            </pluginRepositories>
+        </profile>
+    </profiles>
+    <activeProfiles>
+        <activeProfile>preexisting-profile</activeProfile>
+    </activeProfiles>
+</settings>

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/maven-fetches.expected

@@ -0,0 +1,77 @@
+Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.11/junit-4.11.pom
+Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.pom
+Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-parent/1.3/hamcrest-parent-1.3.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-base/2.14.1/jackson-base-2.14.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.14.1/jackson-bom-2.14.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.14/jackson-parent-2.14.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/48/oss-parent-48.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3/depgraph-maven-plugin-4.0.3.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3/depgraph-maven-plugin-4.0.3.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_parent/2.11.0/error_prone_parent-2.11.0.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava-parent/31.1-jre/guava-parent-31.1-jre.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/31.1-jre/guava-31.1-jre.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/net/java/jvnet-parent/3/jvnet-parent-3.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/19/apache-19.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/25/apache-25.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/27/apache-27.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/47/commons-parent-47.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-model/3.8.6/maven-model-3.8.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-model/3.8.6/maven-model-3.8.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-parent/35/maven-parent-35.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-parent/37/maven-parent-37.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-plugin-api/3.8.6/maven-plugin-api-3.8.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-plugin-api/3.8.6/maven-plugin-api-3.8.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven/3.8.6/maven-3.8.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-shared-components/37/maven-shared-components-37.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.5.2/plexus-classworlds-2.5.2.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-inject/0.3.5/sisu-inject-0.3.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-plexus/0.3.5/sisu-plexus-0.3.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.9.1/junit-bom-5.9.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/forge/forge-parent/10/forge-parent-10.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/oss/oss-parent/7/oss-parent-7.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/oss/oss-parent/9/oss-parent-9.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/spice/spice-parent/17/spice-parent-17.pom

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/pom.xml

@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>com.example</groupId>
+  <artifactId>maven-sample</artifactId>
+  <version>1.0-SNAPSHOT</version>
+
+  <name>maven-sample</name>
+  <!-- FIXME change it to the project's website -->
+  <url>http://www.example.com</url>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <maven.compiler.source>1.7</maven.compiler.source>
+    <maven.compiler.target>1.7</maven.compiler.target>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.11</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <artifactId>exec-maven-plugin</artifactId>
+        <groupId>org.codehaus.mojo</groupId>
+        <version>1.1.1</version>
+        <executions>
+          <execution>
+            <id>check-maven-version</id>
+            <phase>package</phase>
+            <goals>
+              <goal>java</goal>
+            </goals>
+          </execution>
+        </executions>
+        <configuration>
+          <mainClass>com.example.App</mainClass>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>com.diffplug.spotless</groupId>
+        <artifactId>spotless-maven-plugin</artifactId>
+        <version>2.19.1</version>
+        <executions>
+          <execution>
+            <goals>
+              <goal>check</goal>
+            </goals>
+            <phase>compile</phase>
+          </execution>
+        </executions>
+        <configuration>
+          <java>
+            <licenseHeader>
+              <content>/* FAIL ME */</content>
+            </licenseHeader>
+          </java>
+        </configuration>
+      </plugin>
+    </plugins>
+    <pluginManagement>
+      <!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
+      <plugins>
+        <!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle -->
+        <plugin>
+          <artifactId>maven-clean-plugin</artifactId>
+          <version>3.1.0</version>
+        </plugin>
+        <!-- default lifecycle, jar packaging: see https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging -->
+        <plugin>
+          <artifactId>maven-resources-plugin</artifactId>
+          <version>3.0.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-compiler-plugin</artifactId>
+          <version>3.8.0</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-surefire-plugin</artifactId>
+          <version>2.22.1</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-jar-plugin</artifactId>
+          <version>3.0.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-install-plugin</artifactId>
+          <version>2.5.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-deploy-plugin</artifactId>
+          <version>2.8.2</version>
+        </plugin>
+        <!-- site lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#site_Lifecycle -->
+        <plugin>
+          <artifactId>maven-site-plugin</artifactId>
+          <version>3.7.1</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-project-info-reports-plugin</artifactId>
+          <version>3.0.0</version>
+        </plugin>
+      </plugins>
+    </pluginManagement>
+  </build>
+</project>

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/settings-xml.expected

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<settings>
+        
+    <profiles>
+                
+        <profile>
+                        
+            <id>preexisting-profile</id>
+                        
+            <pluginRepositories>
+                                
+                <pluginRepository>
+                                        
+                    <id>preexisting-repository</id>
+                                        
+                    <name>A pre-existing repository</name>
+                                        
+                    <url>https://nonesuch.example</url>
+                                    
+                </pluginRepository>
+                            
+            </pluginRepositories>
+                    
+        </profile>
+            
+        <profile>
+            <id>codeql-depgraph-plugin-repo</id>
+            <pluginRepositories>
+                <pluginRepository>
+                    <id>codeql-depgraph-plugin-repo</id>
+                    <name>CodeQL Dependency Graph Plugin Repository</name>
+                    <url>file://[dist-root]/java/tools/ferstl-depgraph-dependencies/</url>
+                </pluginRepository>
+            </pluginRepositories>
+        </profile>
+    </profiles>
+        
+    <activeProfiles>
+                
+        <activeProfile>preexisting-profile</activeProfile>
+            
+        <activeProfile>codeql-depgraph-plugin-repo</activeProfile>
+    </activeProfiles>
+    
+</settings>

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/source_archive.expected

@@ -0,0 +1,9 @@
+home-dir-with-maven-settings/.m2/settings.xml
+pom.xml
+src/main/java/com/example/App.java
+src/main/resources/my-app.properties
+src/main/resources/page.xml
+src/main/resources/struts.xml
+src/test/java/com/example/AppTest.java
+test-db/log/ext/javac.properties
+test-db/working/settings.xml

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/src/main/java/com/example/App.java

@@ -0,0 +1,30 @@
+package com.example;
+
+import java.util.regex.Pattern;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+    public static void main( String[] args )
+    {
+        System.out.println( "Hello World!" );
+        String expectedVersion = System.getenv("EXPECT_MAVEN");
+        Path mavenHome = Paths.get(System.getProperty("maven.home")).normalize();
+        String observedVersion = mavenHome.getFileName().toString();
+        if (expectedVersion != null && !expectedVersion.equals(observedVersion)) {
+                System.err.println("Wrong maven version, expected '" + expectedVersion + "' but got '" + observedVersion + "'" + mavenHome);
+                System.exit(1);
+        }
+        String commandMatcher = System.getenv("EXPECT_COMMAND_REGEX");
+        String command = System.getProperty("sun.java.command");
+        if (commandMatcher != null && !Pattern.matches(commandMatcher, command)) {
+                System.err.println("Wrong command line, '" + command + "' does not match '" + commandMatcher + "'");
+                System.exit(1);
+        }
+    }
+}

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/src/main/resources/my-app.properties

@@ -0,0 +1 @@
+version=1.0

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/src/main/resources/page.xml

@@ -0,0 +1,8 @@
+<html>
+<head>
+<title>A sample</title>
+</head>
+<body>
+<p>Hello world!</p>
+</body>
+</html>

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/src/main/resources/struts.xml

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<struts>
+This is a sample file
+</struts>

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/src/test/java/com/example/AppTest.java

@@ -0,0 +1,20 @@
+package com.example;
+
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+{
+    /**
+     * Rigorous Test :-)
+     */
+    @Test
+    public void shouldAnswerWithTrue()
+    {
+        assertTrue( true );
+    }
+}

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/test.py

@@ -0,0 +1,9 @@
+import os
+import os.path
+
+def test(codeql, java):
+    codeql.database.create(build_mode = "none",
+        _env={
+            "_JAVA_OPTIONS": "-Duser.home=" + os.path.join(os.getcwd(), "home-dir-with-maven-settings")
+        }
+    )

java/ql/integration-tests/java/buildless-maven-multimodule/source_archive.expected

@@ -12,3 +12,4 @@ submod2/src/main/resources/page.xml
 submod2/src/main/resources/struts.xml
 submod2/src/test/java/com/example/AppTest2.java
 test-db/log/ext/javac.properties
+test-db/working/settings.xml

java/ql/integration-tests/java/buildless-maven-timeout/diagnostics.expected

@@ -83,7 +83,7 @@
   }
 }
 {
-  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.2:graph` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
+  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3:graph` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
   "severity": "note",
   "source": {
     "extractorName": "java",

java/ql/integration-tests/java/buildless-maven-timeout/source_archive.expected

@@ -6,3 +6,4 @@ src/main/resources/page.xml
 src/main/resources/struts.xml
 src/test/java/com/example/AppTest.java
 test-db/log/ext/javac.properties
+test-db/working/settings.xml

java/ql/integration-tests/java/buildless-maven-tolerate-unavailable-dependency/diagnostics.expected

@@ -97,7 +97,7 @@
   }
 }
 {
-  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.2:graph` yielded an artifact transfer exception. This means some dependency information will be unavailable, and so some dependencies will be guessed based on Java package names. Consider investigating why this plugin encountered errors retrieving dependencies.",
+  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3:graph` yielded an artifact transfer exception. This means some dependency information will be unavailable, and so some dependencies will be guessed based on Java package names. Consider investigating why this plugin encountered errors retrieving dependencies.",
   "severity": "note",
   "source": {
     "extractorName": "java",

java/ql/integration-tests/java/buildless-maven/maven-fetches.expected

@@ -0,0 +1,77 @@
+Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.11/junit-4.11.pom
+Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.pom
+Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-parent/1.3/hamcrest-parent-1.3.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-base/2.14.1/jackson-base-2.14.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.14.1/jackson-bom-2.14.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.14/jackson-parent-2.14.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/48/oss-parent-48.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3/depgraph-maven-plugin-4.0.3.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3/depgraph-maven-plugin-4.0.3.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_parent/2.11.0/error_prone_parent-2.11.0.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava-parent/31.1-jre/guava-parent-31.1-jre.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/guava/31.1-jre/guava-31.1-jre.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/net/java/jvnet-parent/3/jvnet-parent-3.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/19/apache-19.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/25/apache-25.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/27/apache-27.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/47/commons-parent-47.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-model/3.8.6/maven-model-3.8.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-model/3.8.6/maven-model-3.8.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-parent/35/maven-parent-35.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-parent/37/maven-parent-37.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-plugin-api/3.8.6/maven-plugin-api-3.8.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-plugin-api/3.8.6/maven-plugin-api-3.8.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven/3.8.6/maven-3.8.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/shared/maven-shared-components/37/maven-shared-components-37.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.5.2/plexus-classworlds-2.5.2.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-classworlds/2.6.0/plexus-classworlds-2.6.0.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-inject/0.3.5/sisu-inject-0.3.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-plexus/0.3.5/sisu-plexus-0.3.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.9.1/junit-bom-5.9.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/forge/forge-parent/10/forge-parent-10.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/oss/oss-parent/7/oss-parent-7.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/oss/oss-parent/9/oss-parent-9.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/spice/spice-parent/17/spice-parent-17.pom

java/ql/integration-tests/java/buildless-maven/settings-xml.expected

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<settings>
+    <profiles>
+        <profile>
+            <id>codeql-depgraph-plugin-repo</id>
+            <pluginRepositories>
+                <pluginRepository>
+                    <id>codeql-depgraph-plugin-repo</id>
+                    <name>CodeQL Dependency Graph Plugin Repository</name>
+                    <url>file://[dist-root]/java/tools/ferstl-depgraph-dependencies/</url>
+                </pluginRepository>
+            </pluginRepositories>
+        </profile>
+    </profiles>
+    <activeProfiles>
+        <activeProfile>codeql-depgraph-plugin-repo</activeProfile>
+    </activeProfiles>
+</settings>

java/ql/integration-tests/java/buildless-maven/source_archive.expected

@@ -5,3 +5,4 @@ src/main/resources/page.xml
 src/main/resources/struts.xml
 src/test/java/com/example/AppTest.java
 test-db/log/ext/javac.properties
+test-db/working/settings.xml

java/ql/integration-tests/java/buildless-maven/test.py

@@ -1,7 +1,9 @@
+import os
+import os.path
+
 def test(codeql, java):
-    codeql.database.create(
+    codeql.database.create(build_mode = "none",
         _env={
-            "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS": "true",
-            "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_CLASSPATH_FROM_BUILD_FILES": "true",
+            "_JAVA_OPTIONS": "-Duser.home=" + os.path.join(os.getcwd(), "empty-home")
         }
     )

java/ql/integration-tests/java/buildless-sibling-projects/source_archive.expected

@@ -27,3 +27,4 @@ maven-project-2/src/main/resources/page.xml
 maven-project-2/src/main/resources/struts.xml
 maven-project-2/src/test/java/com/example/AppTest4.java
 test-db/log/ext/javac.properties
+test-db/working/settings.xml

java/ql/integration-tests/java/java-web-jsp/pom.xml

@@ -54,30 +54,6 @@
             <type>pom</type>
         </dependency>
 
-
-        <!-- Spring Web MVC (Include Tag Lib) -->
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-webmvc</artifactId>
-            <version>${spring.version}</version>
-            <type>jar</type>
-        </dependency>
-
-
-        <!-- OWASP Java Encoder -->
-
-        <dependency>
-            <groupId>org.owasp.encoder</groupId>
-            <artifactId>encoder</artifactId>
-            <version>1.2</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.owasp.encoder</groupId>
-            <artifactId>encoder-jsp</artifactId>
-            <version>1.2</version>
-        </dependency>
-
     </dependencies>
 
     <profiles>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/WEB-INF/secret.jsp

@@ -1 +0,0 @@
-This page should be private.

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/include/jsp_include_2_safe.jsp

@@ -1,6 +0,0 @@
-<i>Psst <a href="?secret_param=../WEB-INF/secret.jsp">click me</a> or <a href="?secret_param=../WEB-INF/web.xml">click me</a>!</i>
-<br/><br/>
-
-
-<%@include file="${param.secret_param}.jsp"%> <!-- Safe will be evaluate as literal -->
-<%-- This line doesn't compile in weblogic --%>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/include/jsp_include_3.jsp

@@ -1,9 +0,0 @@
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-
-<i>Psst <a href="?secret_param=../WEB-INF/secret.jsp">click me</a> or <a href="?secret_param=../WEB-INF/web.xml">click me</a>!</i>
-<br/><br/>
-
-
-<c:if test="${param.secret_param != null}">
-<c:import url="${param.secret_param}" />
-</c:if>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/index.jsp

@@ -1,45 +0,0 @@
-<html>
-<head>
-  <title>Embedded Jetty: JSP Examples</title>
-</head>
-<body>
-  <h1>Vulnerable JSP pages</h1>
-
-  <h2>XSS</h2>
-  <ul>
-  <li><a href="/xss/xss0.jsp">XSS 0</a></li>
-  <li><a href="/xss/xss1.jsp">XSS 1</a></li>
-  <li><a href="/xss/xss2.jsp">XSS 2</a></li>
-  <li><a href="/xss/xss3.jsp">XSS 3</a></li>
-  <li><a href="/xss/xss4.jsp">XSS 4</a></li>
-  <li><a href="/xss/xss5.jsp">XSS 5</a></li>
-  </ul>
-
-  <h2>XML parsing</h2>
-  <ul>
-  <li><a href="/xml/xml1.jsp?xml=<stock><symbol>TKM%3C%2Fsymbol>%3C%2Fstock>">XML 1</a></li>
-  <li><a href="/xml/xml2.jsp">XML 2</a></li>
-  </ul>
-
-  <h2>XSLT</h2>
-  <ul>
-  <li><a href='/xsl/xsl1.jsp?xml=<stock><symbol>TKM%3C%2Fsymbol>%3C%2Fstock>&xslt=%3Cxsl%3Astylesheet%20version%3D"1.0"%0A%20xmlns%3Axsl%3D"http%3A%2F%2Fwww.w3.org%2F1999%2FXSL%2FTransform"%20%20%20%20%20%20%20%20%20%0A%20xmlns%3Art%3D"http%3A%2F%2Fxml.apache.org%2Fxalan%2Fjava%2Fjava.lang.Runtime"%0A%20exclude-result-prefixes%3D"date">%0A%20%20%20%20%20%20%20%20%3Cxsl%3Aoutput%20method%3D"text"%2F>%0A%20%20%20%20%20%20%20%20%3Cxsl%3Atemplate%20match%3D"%2F">%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Cxsl%3Atext>Quote%20requested%20for%3A%20%3C%2Fxsl%3Atext>%3Cblink>%3Cxsl%3Avalue-of%20select%3D"stock%2Fsymbol"%2F>%3C%2Fblink>%0A%20%20%20%20%20%20%20%20%3C%2Fxsl%3Atemplate>%0A%3C%2Fxsl%3Astylesheet>'>XSL 1</a></li>
-  <li><a href='/xsl/xsl2.jsp?xslt=%3Cxsl%3Astylesheet%20version%3D"1.0"%0A%20xmlns%3Axsl%3D"http%3A%2F%2Fwww.w3.org%2F1999%2FXSL%2FTransform"%20%20%20%20%20%20%20%20%20%0A%20xmlns%3Art%3D"http%3A%2F%2Fxml.apache.org%2Fxalan%2Fjava%2Fjava.lang.Runtime"%0A%20exclude-result-prefixes%3D"date">%0A%20%20%20%20%20%20%20%20%3Cxsl%3Aoutput%20method%3D"text"%2F>%0A%20%20%20%20%20%20%20%20%3Cxsl%3Atemplate%20match%3D"%2F">%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%3Cxsl%3Atext>Quote%20requested%20for%3A%20%3C%2Fxsl%3Atext>%3Cblink>%3Cxsl%3Avalue-of%20select%3D"stock%2Fsymbol"%2F>%3C%2Fblink>%0A%20%20%20%20%20%20%20%20%3C%2Fxsl%3Atemplate>%0A%3C%2Fxsl%3Astylesheet>'>XSL 2</a></li>
-  <li><a href='/xsl/xsl3.jsp?xml=<stock><symbol>TKM%3C%2Fsymbol>%3C%2Fstock>'>XSL 3</a></li>
-  <li><a href='/xsl/xsl4.jsp'>XSL 4</a></li>
-  </ul>
-
-  <h2>Various JSP samples </h2>
-  <ul>
-    <li><a href="test/dump.jsp">JSP 1.2 embedded java</a></li>
-    <li><a href="test/bean1.jsp">JSP 1.2 Bean demo</a></li>
-    <li><a href="test/tag.jsp">JSP 1.2 BodyTag demo</a></li>
-    <li><a href="test/tag2.jsp">JSP 2.0 SimpleTag demo</a></li>
-    <li><a href="test/tagfile.jsp">JSP 2.0 Tag File demo</a></li>
-    <li><a href="test/expr.jsp?A=1">JSP 2.0 Tag Expression</a></li>
-    <li><a href="test/jstl.jsp">JSTL Expression</a></li>
-    <li><a href="test/foo/">Mapping to &lt;jsp-file&gt;</a></li>
-    <li><a href="date/">Servlet Forwarding to JSP demo</a></li>
-  </ul>
-</body>
-</html>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/jstl/jstl_escape_2.jsp

@@ -1,3 +0,0 @@
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-
-<c:out value="${param.test_param}" escapeXml="true"/>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/jstl/jstl_escape_3.jsp

@@ -1,3 +0,0 @@
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-
-<c:out value="${param.test_param}" escapeXml="false"/>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_1.jsp

@@ -1,20 +0,0 @@
-<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-
-
-<form method="get" action="">
-<input type="text" name="expression" value="1+1"> <input type="submit" value="test">
-</form>
-
-
-<c:set var="expression" value="${param.expression}" scope="request"  />
-Evaluating ("&#36;{expression}") : <c:out value="${expression}" /><br/>
-<br/>
-
-<c:if test="${expression != null}">
-Output:
-<pre style="background-color:#CCC">
-<spring:eval expression="${expression}" var="results" />
-<c:out value="${results}" />
-</pre>
-</c:if>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_2.jsp

@@ -1,20 +0,0 @@
-<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-
-
-Change the language:
-<form method="get" action="">
-<input type="text" name="lang" value="1+1"> <input type="submit" value="test">
-</form>
-
-Evaluating ("&#36;{param.lang}") : <c:out value="${param.lang}" /><br/>
-<br/>
-
-
-<c:if test="${param.lang != null}">
-Output:
-<pre style="background-color:#CCC">
-<spring:eval expression="${param.lang}" var="results" />
-<c:out value="${results}" />
-</pre>
-</c:if>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_3.jsp

@@ -1,20 +0,0 @@
-<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-
-
-Value is YOLO ?:
-<form method="get" action="">
-<input type="text" name="value" value="1+1"> <input type="submit" value="test">
-</form>
-
-Evaluating ("'&#36;{param.value}'=='YOLO'") : <c:out value="${param.value}" /><br/>
-<br/>
-
-
-<c:if test="${param.value != null}">
-Output:
-<pre style="background-color:#CCC">
-<spring:eval expression="'${param.value}'=='YOLO'" var="results" />
-<c:out value="${results}" />
-</pre>
-</c:if>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/spring/spring_eval_4_safe.jsp

@@ -1,20 +0,0 @@
-<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-
-
-Set some value :
-<form method="get" action="">
-<input type="text" name="value" value="1+1"> <input type="submit" value="test">
-</form>
-
-Evaluating ("param.value") : <c:out value="${param.value}" /><br/>
-<br/>
-
-
-<c:if test="${param.value != null}">
-Output:
-<pre style="background-color:#CCC">
-<spring:eval expression="param.value" var="results" />
-<c:out value="${results}" />
-</pre>
-</c:if>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/bean1.jsp

@@ -1,15 +0,0 @@
-<html>
-<%@ page session="true"%>
-<body>
-<jsp:useBean id='counter' scope='session' class='com.acme.Counter' type="com.acme.Counter" />
-
-<h1>JSP1.2 Beans: 1</h1>
-
-Counter accessed <jsp:getProperty name="counter" property="count"/> times.<br/>
-Counter last accessed by <jsp:getProperty name="counter" property="last"/><br/>
-<jsp:setProperty name="counter" property="last" value="<%= request.getRequestURI()%>"/>
-
-<a href="bean2.jsp">Goto bean2.jsp</a>
-
-</body>
-</html>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/bean2.jsp

@@ -1,15 +0,0 @@
-<html>
-<%@ page session="true"%>
-<body>
-<jsp:useBean id='counter' scope='session' class='com.acme.Counter' type="com.acme.Counter" />
-
-<h1>JSP1.2 Beans: 2</h1>
-
-Counter accessed <jsp:getProperty name="counter" property="count"/> times.<br/>
-Counter last accessed by <jsp:getProperty name="counter" property="last"/><br/>
-<jsp:setProperty name="counter" property="last" value="<%= request.getRequestURI()%>"/>
-
-<a href="bean1.jsp">Goto bean1.jsp</a>
-
-</body>
-</html>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/dump.jsp

@@ -1,23 +0,0 @@
-<html><head>
-<%@ page import="java.util.Enumeration" %>
-</head><body>
-<h1>JSP Dump</h1>
-
-<table border="1">
-<tr><th>Request URI:</th><td><%= request.getRequestURI() %></td></tr>
-<tr><th>ServletPath:</th><td><%= request.getServletPath() %></td></tr>
-<tr><th>PathInfo:</th><td><%= request.getPathInfo() %></td></tr>
-
-<%
-   Enumeration e =request.getParameterNames();
-   while(e.hasMoreElements())
-   {
-       String name = (String)e.nextElement();
-%>
-<tr>
-  <th>getParameter("<%= name %>")</th>
-  <td><%= request.getParameter(name) %></td></tr>
-<% } %>
-
-</table>
-</body></html>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/expr.jsp

@@ -1,23 +0,0 @@
-<html>
-<h1>JSP2.0 Expressions</h1>
-
-<table border="1">
-  <tr><th>Expression</th><th>Result</th></tr>      
-  <tr>
-    <td>\${param["A"]}</td>
-    <td>${param["A"]}&nbsp;</td>
-  </tr><tr>
-    <td>\${header["host"]}</td>
-    <td>${header["host"]}</td>
-  </tr><tr>
-    <td>\${header["user-agent"]}</td>
-    <td>${header["user-agent"]}</td>
-  </tr><tr>
-    <td>\${1+1}</td>
-    <td>${1+1}</td>
-  </tr><tr>
-    <td>\${param["A"] * 2}</td>
-    <td>${param["A"] * 2}&nbsp;</td>
-  </tr>
-</table>
-</html>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/foo/foo.jsp

@@ -1,15 +0,0 @@
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 
-<html>
-  <head>
-  </head>
-  <body>
-    <h1>FOO Example</h1>
-    <hr>
-    <p>A trivial FOO example
-    <hr>
-    <c:forEach var="i" begin="1" end="10" step="1">
-      <c:out value="${i}" />
-      <br />
-    </c:forEach>
-  </body>
-</html>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/jstl.jsp

@@ -1,15 +0,0 @@
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 
-<html>
-  <head>
-  </head>
-  <body>
-    <h1>JSTL Example</h1>
-    <hr>
-    <p>A trivial jstl example
-    <hr>
-    <c:forEach var="i" begin="1" end="10" step="1">
-      <c:out value="${i}" />
-      <br />
-    </c:forEach>
-  </body>
-</html>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tag.jsp

@@ -1,16 +0,0 @@
-<html>
-<body>
-
-<%@ taglib uri="http://www.acme.com/taglib" prefix="acme" %>
-
-<small>&lt;acme:date tz="GMT"&gt;EEE, dd/MMM/yyyy HH:mm:ss ZZZ&lt;/acme:date&gt;
-==&gt;</small>
-<acme:date tz="GMT">EEE, dd/MMM/yyyy HH:mm:ss ZZZ</acme:date>
-<br/>
-<small>&lt;acme:date tz="EST"&gt;EEE, dd-MMM-yyyy HH:mm:ss ZZZ&lt;/acme:date&gt;
-==&gt;</small>
-<acme:date tz="EST">EEE, dd-MMM-yyyy HH:mm:ss ZZZ</acme:date>
-<br/>
-
-</body>
-</html>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tag2.jsp

@@ -1,19 +0,0 @@
-<html>
-<body>
-
-<%@ taglib uri="http://www.acme.com/taglib2" prefix="acme" %>
-
-<acme:date2 format="long">
-  On ${day} of ${month} in the year ${year}
-</acme:date2>
-
-<br/>
-
-<acme:date2 format="short">
-  ${day} - ${month} - ${year}
-</acme:date2>
-
-<br/>
-
-</body>
-</html>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/test/tagfile.jsp

@@ -1,37 +0,0 @@
-<%@ taglib prefix="acme" tagdir="/WEB-INF/tags" %>
-<html>
-  <head>
-  </head>
-  <body>
-    <h1>JSP 2.0 Tag File Example</h1>
-    <hr>
-    <p>Panel tag created from JSP fragment file in WEB-INF/tags
-    <hr>
-    <table border="0">
-      <tr valign="top">
-        <td>
-          <acme:panel color="#ff8080" bgcolor="#ffc0c0" title="Panel 1">
-            First panel.<br/>
-          </acme:panel>
-        </td>
-        <td>
-          <acme:panel color="#80ff80" bgcolor="#c0ffc0" title="Panel 2">
-            Second panel.<br/>
-            Second panel.<br/>
-            Second panel.<br/>
-            Second panel.<br/>
-          </acme:panel>
-        </td>
-        <td>
-          <acme:panel color="#8080ff" bgcolor="#c0c0ff" title="Panel 3">
-            Third panel.<br/>
-            <acme:panel color="#ff80ff" bgcolor="#ffc0ff" title="Inner">
-              A panel in a panel.
-            </acme:panel>
-            Third panel.<br/>
-          </acme:panel>
-        </td>
-      </tr>
-    </table>
-  </body>
-</html>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/various.jsp

@@ -1,21 +0,0 @@
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
-
-JSTL
-
-<c:out value="${param.test_param1}"/>
-
-<c:out value="${param.test_param2}" escapeXml="true"/>
-
-<c:out value="${param.test_param3}" escapeXml="false"/>
-
-JSP include
-
-<%@include file="index.jsp"%>
-
-<c:import url="${param.secret_param}" />
-
-Spring eval
-
-<spring:eval expression="${param.lang}" var="results" />
-<c:out value="${results}" />

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xml/xml1.jsp

@@ -1,3 +0,0 @@
-<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
-<x:parse var="doc" xml="${param.xml}" />
-You requested a quote for: <x:out select="$doc/stock/symbol" />

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xml/xml2.jsp

@@ -1,3 +0,0 @@
-<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
-<x:parse var="doc" xml="<stock><symbol>TKM</symbol></stock>" />
-You requested a quote for: <x:out select="$doc/stock/symbol" />

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl1.jsp

@@ -1,2 +0,0 @@
-<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
-<x:transform xml="${param.xml}" xslt="${param.xslt}" />

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl2.jsp

@@ -1,2 +0,0 @@
-<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
-<x:transform xml="<stock><symbol>TKM</symbol></stock>" xslt="${param.xslt}" />

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl3.jsp

@@ -1,2 +0,0 @@
-<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
-<x:transform xml="${param.xml}" xslt='<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="date"></xsl:stylesheet>' />

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xsl/xsl4.jsp

@@ -1,2 +0,0 @@
-<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %>
-<x:transform xml="<static>SAFE</static>" xslt='<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="date"></xsl:stylesheet>' />

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss0.jsp

@@ -1,6 +0,0 @@
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-
-<p>
-Client message:<br/>
-<c:out value="${param.test}" escapeXml="false"/>
-</p>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss1.jsp

@@ -1,4 +0,0 @@
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-<script>
-    var test = ${param.test};
-</script>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss2.jsp

@@ -1,4 +0,0 @@
-
-Contact form:<br/>
-
-<textarea>${param.message}</textarea>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss3.jsp

@@ -1,3 +0,0 @@
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-
-Hello <c:out value="${param.test}"/>!

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss4.jsp

@@ -1,7 +0,0 @@
-<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
-<script>
-    function hello(param1,param2) {
-        console.info(param1+" "+param2);
-    }
-    var test = hello('<c:out value="${param.test1}"/>','<c:out value="${param.test2}"/>');
-</script>

java/ql/integration-tests/java/java-web-jsp/src/main/webapp/xss/xss5.jsp

@@ -1,11 +0,0 @@
-<%@taglib prefix="e" uri="https://www.owasp.org/index.php/OWASP_Java_Encoder_Project" %>
-
-
-<h1>${e:forHtml(param.test1)}</h1>
-
-<script>
-    function hello(param1,param2) {
-        console.info(param1+" "+param2);
-    }
-    var test = hello('${e:forJavaScript(param.test1)}','${e:forJavaScript(param.test2)}');
-</script>

java/ql/integration-tests/java/java-web-jsp/test.expected

@@ -7,43 +7,10 @@
 | src/main/java/org/eclipse/jetty/demo/LoggingUtil.java:0:0:0:0 | LoggingUtil |
 | src/main/java/org/eclipse/jetty/demo/Main.java:0:0:0:0 | Main |
 | src/main/java/org/eclipse/jetty/demo/SystemOutHandler.java:0:0:0:0 | SystemOutHandler |
-| target/classes/jsp/WEB_002dINF/secret_jsp.java:0:0:0:0 | secret_jsp |
 | target/classes/jsp/include/$_007bparam_secret_005fparam_007d_jsp.java:0:0:0:0 | $_007bparam_secret_005fparam_007d_jsp |
 | target/classes/jsp/include/jsp_005finclude_005f1_jsp.java:0:0:0:0 | jsp_005finclude_005f1_jsp |
-| target/classes/jsp/include/jsp_005finclude_005f2_005fsafe_jsp.java:0:0:0:0 | jsp_005finclude_005f2_005fsafe_jsp |
-| target/classes/jsp/include/jsp_005finclude_005f3_jsp.java:0:0:0:0 | jsp_005finclude_005f3_jsp |
-| target/classes/jsp/index_jsp.java:0:0:0:0 | index_jsp |
 | target/classes/jsp/jstl/jstl_005fescape_005f1_jsp.java:0:0:0:0 | jstl_005fescape_005f1_jsp |
-| target/classes/jsp/jstl/jstl_005fescape_005f2_jsp.java:0:0:0:0 | jstl_005fescape_005f2_jsp |
-| target/classes/jsp/jstl/jstl_005fescape_005f3_jsp.java:0:0:0:0 | jstl_005fescape_005f3_jsp |
 | target/classes/jsp/random_jsp.java:0:0:0:0 | random_jsp |
-| target/classes/jsp/spring/spring_005feval_005f1_jsp.java:0:0:0:0 | spring_005feval_005f1_jsp |
-| target/classes/jsp/spring/spring_005feval_005f2_jsp.java:0:0:0:0 | spring_005feval_005f2_jsp |
-| target/classes/jsp/spring/spring_005feval_005f3_jsp.java:0:0:0:0 | spring_005feval_005f3_jsp |
-| target/classes/jsp/spring/spring_005feval_005f4_005fsafe_jsp.java:0:0:0:0 | spring_005feval_005f4_005fsafe_jsp |
-| target/classes/jsp/test/bean1_jsp.java:0:0:0:0 | bean1_jsp |
-| target/classes/jsp/test/bean2_jsp.java:0:0:0:0 | bean2_jsp |
-| target/classes/jsp/test/dump_jsp.java:0:0:0:0 | dump_jsp |
-| target/classes/jsp/test/expr_jsp.java:0:0:0:0 | expr_jsp |
-| target/classes/jsp/test/foo/foo_jsp.java:0:0:0:0 | foo_jsp |
-| target/classes/jsp/test/jstl_jsp.java:0:0:0:0 | jstl_jsp |
-| target/classes/jsp/test/tag2_jsp.java:0:0:0:0 | tag2_jsp |
-| target/classes/jsp/test/tag_jsp.java:0:0:0:0 | tag_jsp |
-| target/classes/jsp/test/tagfile_jsp.java:0:0:0:0 | tagfile_jsp |
-| target/classes/jsp/various_jsp.java:0:0:0:0 | various_jsp |
-| target/classes/jsp/xml/xml1_jsp.java:0:0:0:0 | xml1_jsp |
-| target/classes/jsp/xml/xml2_jsp.java:0:0:0:0 | xml2_jsp |
-| target/classes/jsp/xsl/xsl1_jsp.java:0:0:0:0 | xsl1_jsp |
-| target/classes/jsp/xsl/xsl2_jsp.java:0:0:0:0 | xsl2_jsp |
-| target/classes/jsp/xsl/xsl3_jsp.java:0:0:0:0 | xsl3_jsp |
-| target/classes/jsp/xsl/xsl4_jsp.java:0:0:0:0 | xsl4_jsp |
-| target/classes/jsp/xss/xss0_jsp.java:0:0:0:0 | xss0_jsp |
-| target/classes/jsp/xss/xss1_jsp.java:0:0:0:0 | xss1_jsp |
-| target/classes/jsp/xss/xss2_jsp.java:0:0:0:0 | xss2_jsp |
-| target/classes/jsp/xss/xss3_jsp.java:0:0:0:0 | xss3_jsp |
-| target/classes/jsp/xss/xss4_jsp.java:0:0:0:0 | xss4_jsp |
-| target/classes/jsp/xss/xss5_jsp.java:0:0:0:0 | xss5_jsp |
-| target/classes/org/apache/jsp/tag/web/panel_tag.java:0:0:0:0 | panel_tag |
 xmlFiles
 | pom.xml:0:0:0:0 | pom.xml |
 | spotbugs-security-exclude.xml:0:0:0:0 | spotbugs-security-exclude.xml |

java/ql/integration-tests/kotlin/all-platforms/diagnostics/kotlin-version-too-new/diagnostics.expected

@@ -1,5 +1,5 @@
 {
-  "markdownMessage": "The Kotlin version installed (`999.999.999`) is too recent for this version of CodeQL. Install a version lower than 2.0.30.",
+  "markdownMessage": "The Kotlin version installed (`999.999.999`) is too recent for this version of CodeQL. Install a version lower than 2.1.10.",
   "severity": "error",
   "source": {
     "extractorName": "java",

java/ql/integration-tests/kotlin/all-platforms/logs/logs.expected

@@ -1,5 +1,6 @@
 Log file 1
 {"origin": "CodeQL Kotlin extractor", "kind": "INFO", "message": "Extraction started"}
+{"origin": "CodeQL Kotlin extractor", "kind": "INFO", "message": "Kotlin extractor verbosity is 3"}
 {"origin": "CodeQL Kotlin extractor", "kind": "INFO", "message": "Extraction for invocation TRAP file <FILENAME>"}
 {"origin": "CodeQL Kotlin extractor", "kind": "INFO", "message": "Kotlin version <VERSION>"}
 {"origin": "CodeQL Kotlin extractor", "kind": "INFO", "message": "Extracting file test.kt"}

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,31 @@
+## 4.2.0
+
+### Major Analysis Improvements
+
+* Java: The generated JDK 17 models have been updated.
+
+### Minor Analysis Improvements
+
+* Java `build-mode=none` extraction now packages the Maven plugin used to examine project dependencies. This means that dependency identification is more likely to succeed, and therefore analysis quality may rise, in scenarios where Maven Central is not reachable.
+
+## 4.1.1
+
+No user-facing changes.
+
+## 4.1.0
+
+### Deprecated APIs
+
+* The `Field.getSourceDeclaration()` predicate has been deprecated. The result was always the original field, so calls to it can simply be removed.
+* The `Field.isSourceDeclaration()` predicate has been deprecated. It always holds.
+* The `RefType.nestedName()` predicate has been deprecated, and `RefType.getNestedName()` added to replace it.
+* The class `ThreatModelFlowSource` has been renamed to `ActiveThreatModelSource` to more clearly reflect it only contains the currently active threat model sources. `ThreatModelFlowSource` has been marked as deprecated.
+
+### New Features
+
+* The Java extractor and QL libraries now support Java 23.
+* Kotlin versions up to 2.1.0\ *x* are now supported.
+
 ## 4.0.0
 
 ### Breaking Changes
@@ -13,7 +41,7 @@
 
 ### Major Analysis Improvements
 
-* When a method exists as source code, we will no longer use a models-as-data (MaD) model of that method. This primarily affects query results when the analysis includes generated models for the source code being analysed.
+* A generated (Models as Data) summary model is no longer used, if there exists a source code alternative. This primarily affects the analysis, when the analysis includes generated models for the source code being analysed.
 
 ## 3.0.2
 

java/ql/lib/change-notes/2024-09-16-nestedName.md

@@ -1,4 +0,0 @@
----
-category: deprecated
----
-* The `RefType.nestedName()` predicate has been deprecated, and `RefType.getNestedName()` added to replace it.

java/ql/lib/change-notes/2024-11-14-unreachable-basic-block-in-constant-switch-statement.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* In a switch statement with a constant switch expression, all non-matching cases were being marked as unreachable, including those that can be reached by falling through from the matching case. This has now been fixed.

java/ql/lib/change-notes/released/4.1.0.md

@@ -0,0 +1,13 @@
+## 4.1.0
+
+### Deprecated APIs
+
+* The `Field.getSourceDeclaration()` predicate has been deprecated. The result was always the original field, so calls to it can simply be removed.
+* The `Field.isSourceDeclaration()` predicate has been deprecated. It always holds.
+* The `RefType.nestedName()` predicate has been deprecated, and `RefType.getNestedName()` added to replace it.
+* The class `ThreatModelFlowSource` has been renamed to `ActiveThreatModelSource` to more clearly reflect it only contains the currently active threat model sources. `ThreatModelFlowSource` has been marked as deprecated.
+
+### New Features
+
+* The Java extractor and QL libraries now support Java 23.
+* Kotlin versions up to 2.1.0\ *x* are now supported.

java/ql/lib/change-notes/released/4.1.1.md

@@ -0,0 +1,3 @@
+## 4.1.1
+
+No user-facing changes.

java/ql/lib/change-notes/released/4.2.0.md

@@ -0,0 +1,9 @@
+## 4.2.0
+
+### Major Analysis Improvements
+
+* Java: The generated JDK 17 models have been updated.
+
+### Minor Analysis Improvements
+
+* Java `build-mode=none` extraction now packages the Maven plugin used to examine project dependencies. This means that dependency identification is more likely to succeed, and therefore analysis quality may rise, in scenarios where Maven Central is not reachable.

java/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.0.0
+lastReleaseVersion: 4.2.0