Merge remote-tracking branch 'origin/main' into redsun82/just2-cpp

java/documentation/library-coverage/coverage.csv

@@ -24,6 +24,8 @@ com.azure.identity,3,,,,,1,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 com.caucho.burlap.io,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
 com.caucho.hessian.io,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
 com.cedarsoftware.util.io,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
+com.couchbase.client.core.env,15,,1,,,,9,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.couchbase.client.java,10,,,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,
 com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 com.esotericsoftware.yamlbeans,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
@@ -76,7 +78,7 @@ jakarta.activation,2,,2,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,,,2,
 jakarta.faces.context,4,7,,,,,,,,,,,,,,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,7,,
 jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
 jakarta.persistence,2,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,1,
-jakarta.servlet,2,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,19,,
+jakarta.servlet,2,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,26,,
 jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
 jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
 jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
@@ -94,7 +96,7 @@ java.security,21,,583,,,11,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,285,29
 java.sql,15,1,292,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,,,1,,,,274,18
 java.text,,,154,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,72,82
 java.time,,,131,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,27,104
-java.util,48,2,1339,,,,,,,,,1,,,,,,,,,,,34,,,,3,,,,5,2,,1,2,,,,,,,,,,,,,,2,,,558,781
+java.util,48,2,1340,,,,,,,,,1,,,,,,,,,,,34,,,,3,,,,5,2,,1,2,,,,,,,,,,,,,,2,,,558,782
 javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
 javax.accessibility,,,63,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,28,35
 javax.activation,2,,7,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,,,7,
@@ -115,7 +117,7 @@ javax.script,1,,50,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,14,36
 javax.security.auth,7,,147,,,4,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,50,97
 javax.security.cert,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,
 javax.security.sasl,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,42,7
-javax.servlet,10,22,3,,,,,,,,,,,,,,1,,,,,,,,,,2,,,,,,,,,,3,,,2,,2,,,,,,,,,22,3,
+javax.servlet,10,29,3,,,,,,,,,,,,,,1,,,,,,,,,,2,,,,,,,,,,3,,,2,,2,,,,,,,,,29,3,
 javax.smartcardio,,,34,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,24,10
 javax.sound.midi,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,51,9
 javax.sound.sampled,,,90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,53,37
@@ -151,9 +153,10 @@ org.acegisecurity,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,49,
 org.antlr.runtime,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
 org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
 org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
-org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
+org.apache.commons.collections4,,,806,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,789
 org.apache.commons.compress.archivers.tar,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,
 org.apache.commons.exec,10,,,,6,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.fileupload,,11,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,11,4,
 org.apache.commons.httpclient.util,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 org.apache.commons.io,124,,570,,,,,,,,,4,,,,,,,,,,,,,,,105,,,,,,,,,15,,,,,,,,,,,,,,,,556,14
 org.apache.commons.jelly,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,
@@ -258,7 +261,8 @@ org.springframework.web.multipart,,12,12,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 org.springframework.web.portlet,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
 org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,
 org.springframework.web.servlet,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
-org.springframework.web.util,,9,157,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,132,25
+org.springframework.web.socket,,8,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,6,
+org.springframework.web.util,,9,159,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,134,25
 org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,2,
 org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,

java/documentation/library-coverage/coverage.rst

@@ -9,19 +9,37 @@ Java framework & library support
    Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE‑022` :sub:`Path injection`,`CWE‑079` :sub:`Cross-site scripting`,`CWE‑089` :sub:`SQL injection`,`CWE‑090` :sub:`LDAP injection`,`CWE‑094` :sub:`Code injection`,`CWE‑918` :sub:`Request Forgery`
    Android,``android.*``,52,481,181,1,3,67,,,
    Android extensions,``androidx.*``,5,183,60,,,,,,
-   `Apache Commons Collections <https://commons.apache.org/proper/commons-collections/>`_,"``org.apache.commons.collections``, ``org.apache.commons.collections4``",,1600,,,,,,,
+   `Apache Commons Collections <https://commons.apache.org/proper/commons-collections/>`_,"``org.apache.commons.collections``, ``org.apache.commons.collections4``",,1606,,,,,,,
    `Apache Commons IO <https://commons.apache.org/proper/commons-io/>`_,``org.apache.commons.io``,,570,124,105,,,,,15
    `Apache Commons Lang <https://commons.apache.org/proper/commons-lang/>`_,``org.apache.commons.lang3``,,425,7,,,,,,
    `Apache Commons Text <https://commons.apache.org/proper/commons-text/>`_,``org.apache.commons.text``,,272,,,,,,,
    `Apache HttpComponents <https://hc.apache.org/>`_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,183,122,,3,,,,119
    `Apache Log4j 2 <https://logging.apache.org/log4j/2.0/>`_,``org.apache.logging.log4j``,,8,359,,,,,,
+   `Apache Struts <https://struts.apache.org/>`_,"``org.apache.struts2``, ``org.apache.struts.beanvalidation.validation.interceptor``",,3877,14,,,,,,
+   `Apache Velocity <https://velocity.apache.org/>`_,"``org.apache.velocity.app``, ``org.apache.velocity.runtime``",,,8,,,,,,
+   `Couchbase <https://couchbase.com/>`_,``com.couchbase.client.*``,,1,25,,,6,,,
+   `FreeMarker <https://freemarker.apache.org/>`_,"``freemarker.cache``, ``freemarker.template``",,,8,,,,,,
+   `Google Gson <https://github.com/google/gson>`_,``com.google.gson``,,52,,,,,,,
    `Google Guava <https://guava.dev/>`_,``com.google.common.*``,,730,43,9,,,,,
-   JBoss Logging,``org.jboss.logging``,,,324,,,,,,
+   `Groovy <https://groovy-lang.org/>`_,"``groovy.lang``, ``groovy.text``, ``groovy.util``, ``org.codehaus.groovy.control``",,,33,,,,,,
+   `Hibernate <https://hibernate.org/>`_,``org.hibernate``,,,7,,,7,,,
+   `JBoss Logging <https://github.com/jboss-logging/jboss-logging>`_,``org.jboss.logging``,,,324,,,,,,
    `JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,
-   Java Standard Library,``java.*``,10,4628,260,99,,9,,,26
-   Java extensions,"``javax.*``, ``jakarta.*``",87,4185,90,10,4,2,1,1,4
+   `Jackson <https://github.com/FasterXML/jackson>`_,``com.fasterxml.jackson.*``,,9,2,2,,,,,
+   Java Standard Library,``java.*``,10,4629,260,99,,9,,,26
+   Java extensions,"``javax.*``, ``jakarta.*``",101,4185,90,10,4,2,1,1,4
+   `Jetty <https://eclipse.dev/jetty/>`_,``org.eclipse.jetty.client``,,,2,,,,,,2
    Kotlin Standard Library,``kotlin*``,,1849,16,14,,,,,2
-   `Spring <https://spring.io/>`_,``org.springframework.*``,38,486,143,26,,28,14,,35
-   Others,"``actions.osgi``, ``antlr``, ``ch.ethz.ssh2``, ``cn.hutool.core.codec``, ``com.alibaba.com.caucho.hessian.io``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.amazonaws.auth``, ``com.auth0.jwt.algorithms``, ``com.azure.identity``, ``com.caucho.burlap.io``, ``com.caucho.hessian.io``, ``com.cedarsoftware.util.io``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.esotericsoftware.yamlbeans``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.microsoft.sqlserver.jdbc``, ``com.mitchellbosecke.pebble``, ``com.mongodb``, ``com.opensymphony.xwork2``, ``com.rabbitmq.client``, ``com.sshtools.j2ssh.authentication``, ``com.sun.crypto.provider``, ``com.sun.jndi.ldap``, ``com.sun.net.httpserver``, ``com.sun.net.ssl``, ``com.sun.rowset``, ``com.sun.security.auth.module``, ``com.sun.security.ntlm``, ``com.sun.security.sasl.digest``, ``com.thoughtworks.xstream``, ``com.trilead.ssh2``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``io.undertow.server.handlers.resource``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``liquibase.database.jvm``, ``liquibase.statement.core``, ``net.lingala.zip4j``, ``net.schmizz.sshj``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hadoop.hive.ql.exec``, ``org.apache.hadoop.hive.ql.metadata``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.ibatis.mapping``, ``org.apache.log4j``, ``org.apache.shiro.authc``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.shiro.mgt``, ``org.apache.sshd.client.session``, ``org.apache.struts.beanvalidation.validation.interceptor``, ``org.apache.struts2``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.exolab.castor.xml``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.hibernate``, ``org.ho.yaml``, ``org.influxdb``, ``org.jabsorb``, ``org.jboss.vfs``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.jooq``, ``org.keycloak.models.map.storage``, ``org.kohsuke.stapler``, ``org.lastaflute.web``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.pac4j.jwt.config.encryption``, ``org.pac4j.jwt.config.signature``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``, ``software.amazon.awssdk.transfer.s3.model``, ``sun.jvmstat.perfdata.monitor.protocol.local``, ``sun.jvmstat.perfdata.monitor.protocol.rmi``, ``sun.misc``, ``sun.net.ftp``, ``sun.net.www.protocol.http``, ``sun.security.acl``, ``sun.security.jgss.krb5``, ``sun.security.krb5``, ``sun.security.pkcs``, ``sun.security.pkcs11``, ``sun.security.provider``, ``sun.security.ssl``, ``sun.security.x509``, ``sun.tools.jconsole``",133,10525,927,140,6,22,18,,208
-   Totals,,330,26361,2656,404,16,128,33,1,409
+   `MongoDB <https://www.mongodb.com/>`_,``com.mongodb``,,,10,,,,,,
+   `Netty <https://netty.io/>`_,``io.netty.*``,15,490,23,7,,,,,16
+   `OkHttp <https://square.github.io/okhttp/>`_,``okhttp3``,,50,4,,,,,,4
+   `RabbitMQ <https://www.rabbitmq.com/>`_,``com.rabbitmq.client``,21,7,,,,,,,
+   `Retrofit <https://square.github.io/retrofit/>`_,``retrofit2``,,1,1,,,,,,1
+   `SLF4J <https://www.slf4j.org/>`_,``org.slf4j``,,6,55,,,,,,
+   `SnakeYAML <https://github.com/snakeyaml/snakeyaml>`_,``org.yaml.snakeyaml``,,1,,,,,,,
+   `Spring <https://spring.io/>`_,``org.springframework.*``,46,494,143,26,,28,14,,35
+   `Thymeleaf <https://www.thymeleaf.org/>`_,``org.thymeleaf``,,2,2,,,,,,
+   `jOOQ <https://www.jooq.org/>`_,``org.jooq``,,,1,,,1,,,
+   Others,"``actions.osgi``, ``antlr``, ``ch.ethz.ssh2``, ``cn.hutool.core.codec``, ``com.alibaba.com.caucho.hessian.io``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.amazonaws.auth``, ``com.auth0.jwt.algorithms``, ``com.azure.identity``, ``com.caucho.burlap.io``, ``com.caucho.hessian.io``, ``com.cedarsoftware.util.io``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.esotericsoftware.yamlbeans``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.microsoft.sqlserver.jdbc``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2``, ``com.sshtools.j2ssh.authentication``, ``com.sun.crypto.provider``, ``com.sun.jndi.ldap``, ``com.sun.net.httpserver``, ``com.sun.net.ssl``, ``com.sun.rowset``, ``com.sun.security.auth.module``, ``com.sun.security.ntlm``, ``com.sun.security.sasl.digest``, ``com.thoughtworks.xstream``, ``com.trilead.ssh2``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``hudson``, ``io.jsonwebtoken``, ``io.undertow.server.handlers.resource``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``liquibase.database.jvm``, ``liquibase.statement.core``, ``net.lingala.zip4j``, ``net.schmizz.sshj``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.fileupload``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hadoop.hive.ql.exec``, ``org.apache.hadoop.hive.ql.metadata``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.ibatis.mapping``, ``org.apache.log4j``, ``org.apache.shiro.authc``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.shiro.mgt``, ``org.apache.sshd.client.session``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.codehaus.cargo.container.installer``, ``org.dom4j``, ``org.exolab.castor.xml``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.ho.yaml``, ``org.influxdb``, ``org.jabsorb``, ``org.jboss.vfs``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.keycloak.models.map.storage``, ``org.kohsuke.stapler``, ``org.lastaflute.web``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.pac4j.jwt.config.encryption``, ``org.pac4j.jwt.config.signature``, ``org.scijava.log``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``software.amazon.awssdk.transfer.s3.model``, ``sun.jvmstat.perfdata.monitor.protocol.local``, ``sun.jvmstat.perfdata.monitor.protocol.rmi``, ``sun.misc``, ``sun.net.ftp``, ``sun.net.www.protocol.http``, ``sun.security.acl``, ``sun.security.jgss.krb5``, ``sun.security.krb5``, ``sun.security.pkcs``, ``sun.security.pkcs11``, ``sun.security.provider``, ``sun.security.ssl``, ``sun.security.x509``, ``sun.tools.jconsole``",108,6034,757,131,6,14,18,,185
+   Totals,,363,26381,2681,404,16,134,33,1,409
 

java/documentation/library-coverage/frameworks.csv

@@ -10,7 +10,25 @@ Apache Commons Lang,https://commons.apache.org/proper/commons-lang/,org.apache.c
 Apache Commons Text,https://commons.apache.org/proper/commons-text/,org.apache.commons.text
 Apache HttpComponents,https://hc.apache.org/,org.apache.hc.core5.* org.apache.http
 Apache Log4j 2,https://logging.apache.org/log4j/2.0/,org.apache.logging.log4j
+Apache Struts,https://struts.apache.org/,org.apache.struts2 org.apache.struts.beanvalidation.validation.interceptor
+Apache Velocity,https://velocity.apache.org/,org.apache.velocity.app org.apache.velocity.runtime
+Couchbase,https://couchbase.com/,com.couchbase.client.*
+FreeMarker,https://freemarker.apache.org/,freemarker.cache freemarker.template
+Google Gson,https://github.com/google/gson,com.google.gson
 Google Guava,https://guava.dev/,com.google.common.*
-JBoss Logging,,org.jboss.logging
+Groovy,https://groovy-lang.org/,groovy.lang groovy.text groovy.util org.codehaus.groovy.control
+Hibernate,https://hibernate.org/,org.hibernate
+Jackson,https://github.com/FasterXML/jackson,com.fasterxml.jackson.*
+JBoss Logging,https://github.com/jboss-logging/jboss-logging,org.jboss.logging
+Jetty,https://eclipse.dev/jetty/,org.eclipse.jetty.client
+jOOQ,https://www.jooq.org/,org.jooq
 JSON-java,https://github.com/stleary/JSON-java,org.json
+MongoDB,https://www.mongodb.com/,com.mongodb
+Netty,https://netty.io/,io.netty.*
+OkHttp,https://square.github.io/okhttp/,okhttp3
+RabbitMQ,https://www.rabbitmq.com/,com.rabbitmq.client
+Retrofit,https://square.github.io/retrofit/,retrofit2
+SLF4J,https://www.slf4j.org/,org.slf4j
+SnakeYAML,https://github.com/snakeyaml/snakeyaml,org.yaml.snakeyaml
 Spring,https://spring.io/,org.springframework.*
+Thymeleaf,https://www.thymeleaf.org/,org.thymeleaf

java/downgrades/de4ded61c8ae83f829aedaf05be73307ba25ca40/upgrade.properties

@@ -0,0 +1,2 @@
+description: Remove inclusion of @assignment in @binaryexpr
+compatibility: full

java/kotlin-extractor/BUILD.bazel

@@ -124,13 +124,7 @@ kt_javac_options(
             javac_opts = ":javac-options",
             kotlinc_opts = ":kotlinc-options-%s" % v,
             module_name = "codeql-kotlin-extractor",
-            # resource_strip_prefix is very nit-picky: the following makes it work from
-            # `codeql`, `@codeql_kotlin_embeddable` and `semmle-code`
-            resource_strip_prefix = (
-                ("../%s/" % repo_name() if repo_name() else "") +
-                ("%s/" % package_name() if package_name() else "") +
-                v
-            ),
+            resource_strip_prefix = v,
             resources = [
                 ":resources-%s" % v,
             ],

java/kotlin-extractor/dev/wrapper.py

@@ -27,7 +27,7 @@ import shutil
 import io
 import os
 
-DEFAULT_VERSION = "2.2.0"
+DEFAULT_VERSION = "2.3.10"
 
 
 def options():

java/kotlin-extractor/src/main/kotlin/KotlinExtractorComponentRegistrar.kt

@@ -4,6 +4,7 @@
 package com.github.codeql
 
 import com.intellij.mock.MockProject
+import com.intellij.openapi.extensions.LoadingOrder
 import org.jetbrains.kotlin.backend.common.extensions.IrGenerationExtension
 import org.jetbrains.kotlin.config.CompilerConfiguration
 
@@ -16,14 +17,18 @@ class KotlinExtractorComponentRegistrar : Kotlin2ComponentRegistrar() {
         if (invocationTrapFile == null) {
             throw Exception("Required argument for TRAP invocation file not given")
         }
-        IrGenerationExtension.registerExtension(
-            project,
+        // Register with LoadingOrder.LAST to ensure the extractor runs after other
+        // IR generation plugins (like kotlinx.serialization) have generated their code.
+        val extensionPoint = project.extensionArea.getExtensionPoint(IrGenerationExtension.extensionPointName)
+        extensionPoint.registerExtension(
             KotlinExtractorExtension(
                 invocationTrapFile,
                 configuration[KEY_CHECK_TRAP_IDENTICAL] ?: false,
                 configuration[KEY_COMPILATION_STARTTIME],
                 configuration[KEY_EXIT_AFTER_EXTRACTION] ?: false
-            )
+            ),
+            LoadingOrder.LAST,
+            project
         )
     }
 }

java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt

@@ -415,6 +415,7 @@ open class KotlinFileExtractor(
 
     private fun extractClassModifiers(c: IrClass, id: Label<out DbClassorinterface>) {
         with("class modifiers", c) {
+            @Suppress("REDUNDANT_ELSE_IN_WHEN")
             when (c.modality) {
                 Modality.FINAL -> addModifiers(id, "final")
                 Modality.SEALED -> addModifiers(id, "sealed")
@@ -1342,7 +1343,7 @@ open class KotlinFileExtractor(
                 extractTypeAccessRecursive(substitutedType, location, id, -1)
             }
             val syntheticParameterNames =
-                isUnderscoreParameter(vp) ||
+                vp.origin == IrDeclarationOrigin.UNDERSCORE_PARAMETER ||
                     ((vp.parent as? IrFunction)?.let { hasSynthesizedParameterNames(it) } ?: true)
             val javaParameter =
                 when (val callable = (vp.parent as? IrFunction)?.let { getJavaCallable(it) }) {
@@ -1644,7 +1645,7 @@ open class KotlinFileExtractor(
         extractMethodAndParameterTypeAccesses: Boolean,
         typeSubstitution: TypeSubstitution?,
         classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?
-    ) =
+    ) : Label<out DbCallable> =
         forceExtractFunction(
                 f,
                 parentId,
@@ -2801,6 +2802,7 @@ open class KotlinFileExtractor(
 
     private fun extractBody(b: IrBody, callable: Label<out DbCallable>) {
         with("body", b) {
+            @Suppress("REDUNDANT_ELSE_IN_WHEN")
             when (b) {
                 is IrBlockBody -> extractBlockBody(b, callable)
                 is IrSyntheticBody -> extractSyntheticBody(b, callable)
@@ -2834,7 +2836,7 @@ open class KotlinFileExtractor(
             when {
                 kind == IrSyntheticBodyKind.ENUM_VALUES -> tw.writeKtSyntheticBody(callable, 1)
                 kind == IrSyntheticBodyKind.ENUM_VALUEOF -> tw.writeKtSyntheticBody(callable, 2)
-                kind == kind_ENUM_ENTRIES -> tw.writeKtSyntheticBody(callable, 3)
+                kind == IrSyntheticBodyKind.ENUM_ENTRIES -> tw.writeKtSyntheticBody(callable, 3)
                 else -> {
                     logger.errorElement("Unhandled synthetic body kind " + kind, b)
                 }
@@ -2973,13 +2975,22 @@ open class KotlinFileExtractor(
                     val locId = tw.getLocation(s)
                     tw.writeStmts_block(blockId, parent, idx, callable)
                     tw.writeHasLocation(blockId, locId)
-                    extractVariable(s.delegate, callable, blockId, 0)
-
+                    // For Kotlin < 2.3, s.delegate is not-nullable, but for Kotlin >= 2.3
+                    // it is nullable. Cast to nullable to handle both cases uniformly.
+                    // For Kotlin >= 2.3, the cast is redundant, hence the suppress.
+                    @Suppress("USELESS_CAST")
+                    val delegate: IrVariable? = s.delegate as IrVariable?
                     val propId = tw.getFreshIdLabel<DbKt_property>()
-                    tw.writeKtProperties(propId, s.name.asString())
-                    tw.writeHasLocation(propId, locId)
-                    tw.writeKtPropertyDelegates(propId, useVariable(s.delegate))
 
+                    if (delegate == null) {
+                        // This is not expected to happen, as the plugin hooks into the pipeline before IR lowering.
+                        logger.errorElement("Local delegated property is missing delegate", s)
+                    } else {
+                        extractVariable(delegate, callable, blockId, 0)
+                        tw.writeKtProperties(propId, s.name.asString())
+                        tw.writeHasLocation(propId, locId)
+                        tw.writeKtPropertyDelegates(propId, useVariable(delegate))
+                    }
                     // Getter:
                     extractStatement(s.getter, callable, blockId, 1)
                     val getterLabel = getLocallyVisibleFunctionLabels(s.getter).function
@@ -3332,7 +3343,7 @@ open class KotlinFileExtractor(
         // that specified the default values, which will in turn dynamically dispatch back to the
         // relevant override.
         val overriddenCallTarget =
-            (callTarget as? IrSimpleFunction)?.allOverriddenIncludingSelf()?.firstOrNull {
+            (callTarget as? IrSimpleFunction)?.allOverridden(includeSelf = true)?.firstOrNull {
                 it.overriddenSymbols.isEmpty() &&
                     it.valueParameters.any { p -> p.defaultValue != null }
             } ?: callTarget

java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt

@@ -849,9 +849,6 @@ open class KotlinUsesExtractor(
     }
 
     private fun useSimpleType(s: IrSimpleType, context: TypeContext): TypeResults {
-        if (s.abbreviation != null) {
-            // TODO: Extract this information
-        }
         // We use this when we don't actually have an IrClass for a class
         // we want to refer to
         // TODO: Eliminate the need for this if possible
@@ -939,7 +936,7 @@ open class KotlinUsesExtractor(
                 return arrayInfo.componentTypeResults
             }
             owner is IrClass -> {
-                val args = if (s.codeQlIsRawType()) null else s.arguments
+                val args = if (s.isRawType()) null else s.arguments
 
                 return useSimpleTypeClass(owner, args, s.isNullableCodeQL())
             }
@@ -1836,6 +1833,7 @@ open class KotlinUsesExtractor(
 
         // Note this function doesn't return a signature because type arguments are never
         // incorporated into function signatures.
+        @Suppress("REDUNDANT_ELSE_IN_WHEN")
         return when (arg) {
             is IrStarProjection -> {
                 val anyTypeLabel =

java/kotlin-extractor/src/main/kotlin/MetaAnnotationSupport.kt

@@ -1,6 +1,5 @@
 package com.github.codeql
 
-import com.github.codeql.utils.versions.copyParameterToFunction
 import com.github.codeql.utils.versions.createImplicitParameterDeclarationWithWrappedDescriptor
 import java.lang.annotation.ElementType
 import java.util.HashSet
@@ -21,7 +20,9 @@ import org.jetbrains.kotlin.ir.declarations.IrClass
 import org.jetbrains.kotlin.ir.declarations.IrConstructor
 import org.jetbrains.kotlin.ir.declarations.IrDeclarationOrigin
 import org.jetbrains.kotlin.ir.declarations.IrEnumEntry
+import org.jetbrains.kotlin.ir.declarations.IrFunction
 import org.jetbrains.kotlin.ir.declarations.IrProperty
+import org.jetbrains.kotlin.ir.declarations.IrValueParameter
 import org.jetbrains.kotlin.ir.expressions.IrClassReference
 import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
 import org.jetbrains.kotlin.ir.expressions.IrGetEnumValue
@@ -31,6 +32,7 @@ import org.jetbrains.kotlin.ir.symbols.IrClassSymbol
 import org.jetbrains.kotlin.ir.types.typeWith
 import org.jetbrains.kotlin.ir.util.constructedClass
 import org.jetbrains.kotlin.ir.util.constructors
+import org.jetbrains.kotlin.ir.util.copyTo
 import org.jetbrains.kotlin.ir.util.deepCopyWithSymbols
 import org.jetbrains.kotlin.ir.util.defaultType
 import org.jetbrains.kotlin.ir.util.fqNameWhenAvailable
@@ -330,7 +332,7 @@ class MetaAnnotationSupport(
                             )
                             return
                         }
-                val newParam = copyParameterToFunction(thisReceiever, this)
+                val newParam = thisReceiever.copyTo(this)
                 dispatchReceiverParameter = newParam
                 body =
                     factory

java/kotlin-extractor/src/main/kotlin/utils/ClassNames.kt

@@ -12,9 +12,11 @@ import org.jetbrains.kotlin.ir.util.fqNameWhenAvailable
 import org.jetbrains.kotlin.ir.util.parentClassOrNull
 import org.jetbrains.kotlin.load.java.sources.JavaSourceElement
 import org.jetbrains.kotlin.load.java.structure.impl.classFiles.BinaryJavaClass
+import org.jetbrains.kotlin.load.kotlin.FacadeClassSource
 import org.jetbrains.kotlin.load.kotlin.JvmPackagePartSource
 import org.jetbrains.kotlin.load.kotlin.KotlinJvmBinarySourceElement
 import org.jetbrains.kotlin.load.kotlin.VirtualFileKotlinClass
+import org.jetbrains.kotlin.name.FqName
 
 // Adapted from Kotlin's interpreter/Utils.kt function 'internalName'
 // Translates class names into their JLS section 13.1 binary name,
@@ -31,6 +33,40 @@ fun getFileClassName(f: IrFile) =
             .replaceFirst(Regex("""\.kt$"""), "")
             .replaceFirstChar { it.uppercase() }) + "Kt")
 
+fun getFileClassFqName(d: IrDeclaration): FqName? {
+    // d is in a file class.
+    // Get the name in a similar way to the compiler's ExternalPackageParentPatcherLowering
+    // visitMemberAccess/generateOrGetFacadeClass.
+
+    // But first, fields aren't IrMemberWithContainerSource, so we need
+    // to get back to the property (if there is one)
+    if (d is IrField) {
+        val propSym = d.correspondingPropertySymbol
+        if (propSym != null) {
+            return getFileClassFqName(propSym.owner)
+        }
+    }
+
+    // Now the main code
+    if (d is IrMemberWithContainerSource) {
+        val containerSource = d.containerSource
+        if (containerSource is FacadeClassSource) {
+            val facadeClassName = containerSource.facadeClassName
+            if (facadeClassName != null) {
+                // TODO: This is really a multifile-class rather than a file-class,
+                // but for now we treat them the same.
+                return facadeClassName.fqNameForTopLevelClassMaybeWithDollars
+            } else {
+                return containerSource.className.fqNameForTopLevelClassMaybeWithDollars
+            }
+        } else {
+            return null
+        }
+    } else {
+        return null
+    }
+}
+
 fun getIrElementBinaryName(that: IrElement): String {
     if (that is IrFile) {
         val shortName = getFileClassName(that)

java/kotlin-extractor/src/main/kotlin/utils/GetByFqName.kt

@@ -2,19 +2,31 @@ package com.github.codeql.utils
 
 import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
 import org.jetbrains.kotlin.ir.symbols.*
+import org.jetbrains.kotlin.name.CallableId
+import org.jetbrains.kotlin.name.ClassId
 import org.jetbrains.kotlin.name.FqName
 import org.jetbrains.kotlin.name.Name
 
+fun getClassByFqName(pluginContext: IrPluginContext, fqName: FqName): IrClassSymbol? {
+    val id = ClassId.topLevel(fqName)
+    return getClassByClassId(pluginContext, id)
+}
+
 fun getClassByFqName(pluginContext: IrPluginContext, fqName: String): IrClassSymbol? {
     return getClassByFqName(pluginContext, FqName(fqName))
 }
 
+fun getClassByClassId(pluginContext: IrPluginContext, id: ClassId): IrClassSymbol? {
+    return pluginContext.referenceClass(id)
+}
+
 fun getFunctionsByFqName(
     pluginContext: IrPluginContext,
     pkgName: String,
     name: String
 ): Collection<IrSimpleFunctionSymbol> {
-    return getFunctionsByFqName(pluginContext, FqName(pkgName), Name.identifier(name))
+    val id = CallableId(FqName(pkgName), Name.identifier(name))
+    return pluginContext.referenceFunctions(id)
 }
 
 fun getPropertiesByFqName(
@@ -22,5 +34,6 @@ fun getPropertiesByFqName(
     pkgName: String,
     name: String
 ): Collection<IrPropertySymbol> {
-    return getPropertiesByFqName(pluginContext, FqName(pkgName), Name.identifier(name))
+    val id = CallableId(FqName(pkgName), Name.identifier(name))
+    return pluginContext.referenceProperties(id)
 }

java/kotlin-extractor/src/main/kotlin/utils/JvmNames.kt

@@ -1,6 +1,5 @@
 package com.github.codeql.utils
 
-import com.github.codeql.utils.versions.allOverriddenIncludingSelf
 import com.github.codeql.utils.versions.CodeQLIrConst
 import org.jetbrains.kotlin.builtins.StandardNames
 import org.jetbrains.kotlin.ir.declarations.IrAnnotationContainer
@@ -9,6 +8,7 @@ import org.jetbrains.kotlin.ir.declarations.IrFunction
 import org.jetbrains.kotlin.ir.declarations.IrSimpleFunction
 import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
 import org.jetbrains.kotlin.ir.types.IrSimpleType
+import org.jetbrains.kotlin.ir.util.allOverridden
 import org.jetbrains.kotlin.ir.util.fqNameWhenAvailable
 import org.jetbrains.kotlin.ir.util.packageFqName
 import org.jetbrains.kotlin.ir.util.parentClassOrNull
@@ -62,7 +62,7 @@ private val specialFunctionShortNames = specialFunctions.keys.map { it.functionN
 
 private fun getSpecialJvmName(f: IrFunction): String? {
     if (specialFunctionShortNames.contains(f.name) && f is IrSimpleFunction) {
-        f.allOverriddenIncludingSelf().forEach { overriddenFunc ->
+        f.allOverridden(includeSelf = true).forEach { overriddenFunc ->
             overriddenFunc.parentClassOrNull?.fqNameWhenAvailable?.let { parentFqName ->
                 specialFunctions[MethodKey(parentFqName, f.name)]?.let {
                     return it

java/kotlin-extractor/src/main/kotlin/utils/TypeSubstitution.kt

@@ -3,7 +3,6 @@ package com.github.codeql.utils
 import com.github.codeql.KotlinUsesExtractor
 import com.github.codeql.Logger
 import com.github.codeql.getJavaEquivalentClassId
-import com.github.codeql.utils.versions.codeQlWithHasQuestionMark
 import com.github.codeql.utils.versions.createImplicitParameterDeclarationWithWrappedDescriptor
 import com.github.codeql.utils.versions.*
 import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
@@ -21,6 +20,8 @@ import org.jetbrains.kotlin.ir.symbols.IrTypeParameterSymbol
 import org.jetbrains.kotlin.ir.symbols.impl.DescriptorlessExternalPackageFragmentSymbol
 import org.jetbrains.kotlin.ir.types.addAnnotations
 import org.jetbrains.kotlin.ir.types.classifierOrNull
+import org.jetbrains.kotlin.ir.types.makeNotNull
+import org.jetbrains.kotlin.ir.types.makeNullable
 import org.jetbrains.kotlin.ir.types.typeWith
 import org.jetbrains.kotlin.ir.types.IrSimpleType
 import org.jetbrains.kotlin.ir.types.IrStarProjection
@@ -36,6 +37,14 @@ import org.jetbrains.kotlin.name.Name
 import org.jetbrains.kotlin.types.Variance
 import org.jetbrains.kotlin.utils.addToStdlib.firstIsInstanceOrNull
 
+fun IrType.codeQlWithHasQuestionMark(b: Boolean): IrType {
+    if (b) {
+        return this.makeNullable()
+    } else {
+        return this.makeNotNull()
+    }
+}
+
 fun IrType.substituteTypeArguments(params: List<IrTypeParameter>, arguments: List<IrTypeArgument>) =
     when (this) {
         is IrSimpleType -> substituteTypeArguments(params.map { it.symbol }.zip(arguments).toMap())
@@ -111,6 +120,7 @@ private fun subProjectedType(
     } ?: makeTypeProjection(t.substituteTypeArguments(substitutionMap), outerVariance)
 
 private fun IrTypeArgument.upperBound(context: IrPluginContext) =
+    @Suppress("REDUNDANT_ELSE_IN_WHEN")
     when (this) {
         is IrStarProjection -> context.irBuiltIns.anyNType
         is IrTypeProjection ->
@@ -125,6 +135,7 @@ private fun IrTypeArgument.upperBound(context: IrPluginContext) =
     }
 
 private fun IrTypeArgument.lowerBound(context: IrPluginContext) =
+    @Suppress("REDUNDANT_ELSE_IN_WHEN")
     when (this) {
         is IrStarProjection -> context.irBuiltIns.nothingType
         is IrTypeProjection ->
@@ -209,6 +220,7 @@ fun IrClass.toRawType(): IrType {
 }
 
 fun IrTypeArgument.withQuestionMark(b: Boolean): IrTypeArgument =
+    @Suppress("REDUNDANT_ELSE_IN_WHEN")
     when (this) {
         is IrStarProjection -> this
         is IrTypeProjection ->

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/ExperimentalCompilerApi.kt

@@ -1,4 +0,0 @@
-package org.jetbrains.kotlin.compiler.plugin
-
-@RequiresOptIn("This API is experimental. There are no stability guarantees for it")
-annotation class ExperimentalCompilerApi

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/IsUnderscoreParameter.kt

@@ -1,21 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.ObsoleteDescriptorBasedAPI
-import org.jetbrains.kotlin.ir.declarations.IrValueParameter
-import org.jetbrains.kotlin.psi.KtParameter
-import org.jetbrains.kotlin.resolve.DescriptorToSourceUtils
-import org.jetbrains.kotlin.resolve.calls.util.isSingleUnderscore
-import org.jetbrains.kotlin.utils.addToStdlib.safeAs
-
-@OptIn(ObsoleteDescriptorBasedAPI::class)
-fun isUnderscoreParameter(vp: IrValueParameter) =
-    try {
-        DescriptorToSourceUtils.getSourceFromDescriptor(vp.descriptor)
-            ?.safeAs<KtParameter>()
-            ?.isSingleUnderscore == true
-    } catch (e: NotImplementedError) {
-        // Some kinds of descriptor throw in `getSourceFromDescriptor` as that method is not
-        // normally expected to
-        // be applied to synthetic functions.
-        false
-    }

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/ReferenceEntity.kt

@@ -1,33 +0,0 @@
-package com.github.codeql.utils
-
-import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
-import org.jetbrains.kotlin.ir.symbols.*
-import org.jetbrains.kotlin.name.ClassId
-import org.jetbrains.kotlin.name.FqName
-import org.jetbrains.kotlin.name.Name
-
-fun getClassByFqName(pluginContext: IrPluginContext, fqName: FqName): IrClassSymbol? {
-    return pluginContext.referenceClass(fqName)
-}
-
-fun getClassByClassId(pluginContext: IrPluginContext, id: ClassId): IrClassSymbol? {
-    return getClassByFqName(pluginContext, id.asSingleFqName())
-}
-
-fun getFunctionsByFqName(
-    pluginContext: IrPluginContext,
-    pkgName: FqName,
-    name: Name
-): Collection<IrSimpleFunctionSymbol> {
-    val fqName = pkgName.child(name)
-    return pluginContext.referenceFunctions(fqName)
-}
-
-fun getPropertiesByFqName(
-    pluginContext: IrPluginContext,
-    pkgName: FqName,
-    name: Name
-): Collection<IrPropertySymbol> {
-    val fqName = pkgName.child(name)
-    return pluginContext.referenceProperties(fqName)
-}

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/SyntheticBodyKind.kt

@@ -1,5 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.expressions.IrSyntheticBodyKind
-
-val kind_ENUM_ENTRIES: IrSyntheticBodyKind? = null

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/Types.kt

@@ -1,6 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.backend.jvm.codegen.isRawType
-import org.jetbrains.kotlin.ir.types.IrSimpleType
-
-fun IrSimpleType.codeQlIsRawType() = this.isRawType()

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/allOverriddenIncludingSelf.kt

@@ -1,6 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.backend.common.ir.allOverridden
-import org.jetbrains.kotlin.ir.declarations.IrSimpleFunction
-
-fun IrSimpleFunction.allOverriddenIncludingSelf() = this.allOverridden(includeSelf = true)

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/copyTo.kt

@@ -1,7 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.backend.common.ir.copyTo
-import org.jetbrains.kotlin.ir.declarations.IrFunction
-import org.jetbrains.kotlin.ir.declarations.IrValueParameter
-
-fun copyParameterToFunction(p: IrValueParameter, f: IrFunction) = p.copyTo(f)

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/createImplicitParameterDeclarationWithWrappedDescriptor.kt

@@ -1,7 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.backend.common.ir.createImplicitParameterDeclarationWithWrappedDescriptor
-import org.jetbrains.kotlin.ir.declarations.IrClass
-
-fun IrClass.createImplicitParameterDeclarationWithWrappedDescriptor() =
-    this.createImplicitParameterDeclarationWithWrappedDescriptor()

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/getFileClassFqName.kt

@@ -1,8 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.declarations.IrDeclaration
-import org.jetbrains.kotlin.name.FqName
-
-fun getFileClassFqName(@Suppress("UNUSED_PARAMETER") d: IrDeclaration): FqName? {
-    return null
-}

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/getKotlinType.kt

@@ -1,6 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.types.IrSimpleType
-import org.jetbrains.kotlin.ir.types.impl.IrTypeBase
-
-fun getKotlinType(s: IrSimpleType) = (s as? IrTypeBase)?.kotlinType

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_0/withHasQuestionMark.kt

@@ -1,8 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.types.IrType
-import org.jetbrains.kotlin.ir.types.withHasQuestionMark
-
-fun IrType.codeQlWithHasQuestionMark(b: Boolean): IrType {
-    return this.withHasQuestionMark(b)
-}

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_20/IsUnderscoreParameter.kt

@@ -1,7 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.declarations.IrDeclarationOrigin
-import org.jetbrains.kotlin.ir.declarations.IrValueParameter
-
-fun isUnderscoreParameter(vp: IrValueParameter) =
-    vp.origin == IrDeclarationOrigin.UNDERSCORE_PARAMETER

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_6_20/Types.kt

@@ -1,6 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.backend.jvm.ir.isRawType
-import org.jetbrains.kotlin.ir.types.IrSimpleType
-
-fun IrSimpleType.codeQlIsRawType() = this.isRawType()

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_0/getFileClassFqName.kt

@@ -1,41 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.declarations.IrDeclaration
-import org.jetbrains.kotlin.ir.declarations.IrField
-import org.jetbrains.kotlin.ir.declarations.IrMemberWithContainerSource
-import org.jetbrains.kotlin.load.kotlin.FacadeClassSource
-import org.jetbrains.kotlin.name.FqName
-
-fun getFileClassFqName(d: IrDeclaration): FqName? {
-    // d is in a file class.
-    // Get the name in a similar way to the compiler's ExternalPackageParentPatcherLowering
-    // visitMemberAccess/generateOrGetFacadeClass.
-
-    // But first, fields aren't IrMemberWithContainerSource, so we need
-    // to get back to the property (if there is one)
-    if (d is IrField) {
-        val propSym = d.correspondingPropertySymbol
-        if (propSym != null) {
-            return getFileClassFqName(propSym.owner)
-        }
-    }
-
-    // Now the main code
-    if (d is IrMemberWithContainerSource) {
-        val containerSource = d.containerSource
-        if (containerSource is FacadeClassSource) {
-            val facadeClassName = containerSource.facadeClassName
-            if (facadeClassName != null) {
-                // TODO: This is really a multifile-class rather than a file-class,
-                // but for now we treat them the same.
-                return facadeClassName.fqNameForTopLevelClassMaybeWithDollars
-            } else {
-                return containerSource.className.fqNameForTopLevelClassMaybeWithDollars
-            }
-        } else {
-            return null
-        }
-    } else {
-        return null
-    }
-}

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_0/withHasQuestionMark.kt

@@ -1,13 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.types.IrType
-import org.jetbrains.kotlin.ir.types.makeNotNull
-import org.jetbrains.kotlin.ir.types.makeNullable
-
-fun IrType.codeQlWithHasQuestionMark(b: Boolean): IrType {
-    if (b) {
-        return this.makeNullable()
-    } else {
-        return this.makeNotNull()
-    }
-}

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/allOverriddenIncludingSelf.kt

@@ -1,6 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.declarations.IrSimpleFunction
-import org.jetbrains.kotlin.ir.util.allOverridden
-
-fun IrSimpleFunction.allOverriddenIncludingSelf() = this.allOverridden(includeSelf = true)

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_7_20/copyTo.kt

@@ -1,7 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.declarations.IrFunction
-import org.jetbrains.kotlin.ir.declarations.IrValueParameter
-import org.jetbrains.kotlin.ir.util.copyTo
-
-fun copyParameterToFunction(p: IrValueParameter, f: IrFunction) = p.copyTo(f)

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/ExperimentalCompilerApi.kt

@@ -1,4 +0,0 @@
-package com.github.codeql
-
-// The compiler provides the annotation class, so we don't need to do
-// anything

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/ReferenceEntity.kt

@@ -1,35 +0,0 @@
-package com.github.codeql.utils
-
-import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
-import org.jetbrains.kotlin.ir.symbols.*
-import org.jetbrains.kotlin.name.CallableId
-import org.jetbrains.kotlin.name.ClassId
-import org.jetbrains.kotlin.name.FqName
-import org.jetbrains.kotlin.name.Name
-
-fun getClassByFqName(pluginContext: IrPluginContext, fqName: FqName): IrClassSymbol? {
-    val id = ClassId.topLevel(fqName)
-    return getClassByClassId(pluginContext, id)
-}
-
-fun getClassByClassId(pluginContext: IrPluginContext, id: ClassId): IrClassSymbol? {
-    return pluginContext.referenceClass(id)
-}
-
-fun getFunctionsByFqName(
-    pluginContext: IrPluginContext,
-    pkgName: FqName,
-    name: Name
-): Collection<IrSimpleFunctionSymbol> {
-    val id = CallableId(pkgName, name)
-    return pluginContext.referenceFunctions(id)
-}
-
-fun getPropertiesByFqName(
-    pluginContext: IrPluginContext,
-    pkgName: FqName,
-    name: Name
-): Collection<IrPropertySymbol> {
-    val id = CallableId(pkgName, name)
-    return pluginContext.referenceProperties(id)
-}

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/SyntheticBodyKind.kt

@@ -1,5 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.expressions.IrSyntheticBodyKind
-
-val kind_ENUM_ENTRIES: IrSyntheticBodyKind? = IrSyntheticBodyKind.ENUM_ENTRIES

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_9_0-Beta/Kotlin2ComponentRegistrar.kt

@@ -1,5 +1,5 @@
 // For ComponentRegistrar
-@file:Suppress("DEPRECATION")
+@file:Suppress("DEPRECATION", "DEPRECATION_ERROR")
 
 package com.github.codeql
 

java/kotlin-extractor/versions.bzl

@@ -1,9 +1,5 @@
 # when updating this list, `bazel mod tidy` should be run from `codeql` to update `MODULE.bazel`
 VERSIONS = [
-    "1.6.0",
-    "1.6.20",
-    "1.7.0",
-    "1.7.20",
     "1.8.0",
     "1.9.0-Beta",
     "1.9.20-Beta",
@@ -13,6 +9,7 @@ VERSIONS = [
     "2.1.20-Beta1",
     "2.2.0-Beta1",
     "2.2.20-Beta2",
+    "2.3.0",
 ]
 
 def _version_to_tuple(v):

java/ql/consistency-queries/BinaryExpr.ql

@@ -10,5 +10,5 @@ where
     e.isNthChildOf(be, i) and i != 0 and i != 1 and reason = "Unexpected operand " + i.toString()
   )
   or
-  be.getOp() = " ?? " and reason = "No operator name"
+  be.getOp() = "??" and reason = "No operator name"
 select be, reason

java/ql/consistency-queries/CfgConsistency.ql

@@ -0,0 +1,2 @@
+import java
+import ControlFlow::Consistency

java/ql/consistency-queries/UnaryExpr.ql

@@ -2,7 +2,7 @@ import java
 
 from UnaryExpr ue
 where
-  not exists(ue.getExpr())
+  not exists(ue.getOperand())
   or
   exists(Expr e, int i | e.isNthChildOf(ue, i) and i != 0)
 select ue

java/ql/examples/snippets/returnstatement.ql

@@ -10,5 +10,5 @@
 import java
 
 from ReturnStmt r
-where r.getResult() instanceof NullLiteral
+where r.getExpr() instanceof NullLiteral
 select r

java/ql/examples/snippets/ternaryconditional.ql

@@ -11,7 +11,7 @@ import java
 
 from ConditionalExpr e
 where
-  e.getTrueExpr().getType() != e.getFalseExpr().getType() and
-  not e.getTrueExpr().getType() instanceof NullType and
-  not e.getFalseExpr().getType() instanceof NullType
+  e.getThen().getType() != e.getElse().getType() and
+  not e.getThen().getType() instanceof NullType and
+  not e.getElse().getType() instanceof NullType
 select e

java/ql/integration-tests/java/buildless-paths/codescanning-config.yml

@@ -0,0 +1,4 @@
+paths:
+  - include
+paths-ignore:
+  - include/exclude

java/ql/integration-tests/java/buildless-paths/include/ShouldAppear2.java

@@ -0,0 +1 @@
+public class ShouldAppear2 { }

java/ql/integration-tests/java/buildless-paths/include/ShouldAppear2.xml

@@ -0,0 +1 @@
+<tag></tag>

java/ql/integration-tests/java/buildless-paths/include/exclude/ShouldNotAppear3.java

@@ -0,0 +1 @@
+public class ShouldNotAppear3 { }

java/ql/integration-tests/java/buildless-paths/include/exclude/ShouldNotAppear3.xml

@@ -0,0 +1 @@
+<tag></tag>

java/ql/integration-tests/java/buildless-paths/sibling/ShouldNotAppear1.java

@@ -0,0 +1 @@
+public class ShouldNotAppear1 { }

java/ql/integration-tests/java/buildless-paths/sibling/ShouldNotAppear1.xml

@@ -0,0 +1 @@
+<tag></tag>

java/ql/integration-tests/java/buildless-paths/test.expected

@@ -0,0 +1,4 @@
+javaFiles
+| include/ShouldAppear2.java:0:0:0:0 | ShouldAppear2 |
+#select
+| include/ShouldAppear2.xml:0:0:0:0 | include/ShouldAppear2.xml |

java/ql/integration-tests/java/buildless-paths/test.py

@@ -0,0 +1,5 @@
+import os
+import os.path
+
+def test(codeql, java):
+    codeql.database.create(build_mode = "none", codescanning_config = "codescanning-config.yml")

java/ql/integration-tests/java/buildless-paths/test.ql

@@ -0,0 +1,6 @@
+import java
+
+query predicate javaFiles(File f) { f.isJavaSourceFile() }
+
+from XmlFile f
+select f

java/ql/integration-tests/kotlin/all-platforms/compiler_arguments/app/build.gradle

@@ -8,7 +8,7 @@
 
 plugins {
     // Apply the org.jetbrains.kotlin.jvm Plugin to add support for Kotlin.
-    id 'org.jetbrains.kotlin.jvm' version '1.7.0'
+    id 'org.jetbrains.kotlin.jvm' version '1.8.0'
 
     // Apply the application plugin to add support for building a CLI application in Java.
     id 'application'

java/ql/integration-tests/kotlin/all-platforms/diagnostics/kotlin-version-too-new/diagnostics.expected

@@ -1,5 +1,5 @@
 {
-  "markdownMessage": "The Kotlin version installed (`999.999.999`) is too recent for this version of CodeQL. Install a version lower than 2.2.30.",
+  "markdownMessage": "The Kotlin version installed (`999.999.999`) is too recent for this version of CodeQL. Install a version lower than 2.3.20.",
   "severity": "error",
   "source": {
     "extractorName": "java",

java/ql/integration-tests/kotlin/all-platforms/gradle_groovy_app/app/build.gradle

@@ -8,7 +8,7 @@
 
 plugins {
     // Apply the org.jetbrains.kotlin.jvm Plugin to add support for Kotlin.
-    id 'org.jetbrains.kotlin.jvm' version '1.6.0'
+    id 'org.jetbrains.kotlin.jvm' version '1.8.0'
 
     // Apply the application plugin to add support for building a CLI application in Java.
     id 'application'

java/ql/integration-tests/kotlin/all-platforms/gradle_kotlinx_serialization/PrintAst.expected

@@ -248,9 +248,7 @@ app/src/main/kotlin/testProject/App.kt:
 #    0|             2: [ArrayInit] {...}
 #    0|           3: [VarAccess] DeprecationLevel.HIDDEN
 #    0|             -1: [TypeAccess] DeprecationLevel
-#    0|       1: [FieldDeclaration] SerialDescriptor descriptor;
-#    0|         -1: [TypeAccess] SerialDescriptor
-#    0|       2: [Method] childSerializers
+#    0|       1: [Method] childSerializers
 #-----|         1: (Annotations)
 #    0|           1: [Annotation] NotNull
 #    0|         3: [TypeAccess] KSerializer<?>[]
@@ -260,9 +258,11 @@ app/src/main/kotlin/testProject/App.kt:
 #    7|           0: [ReturnStmt] return ...
 #    7|             0: [ArrayCreationExpr] new KSerializer<?>[]
 #    7|               -2: [ArrayInit] {...}
+#    7|                 0: [VarAccess] INSTANCE
+#    7|                 1: [VarAccess] INSTANCE
 #    7|               -1: [TypeAccess] KSerializer<?>
 #    7|               0: [IntegerLiteral] 2
-#    0|       3: [Method] deserialize
+#    0|       2: [Method] deserialize
 #-----|         1: (Annotations)
 #    0|           1: [Annotation] NotNull
 #    0|         3: [TypeAccess] Project
@@ -404,15 +404,15 @@ app/src/main/kotlin/testProject/App.kt:
 #    7|               1: [VarAccess] tmp4_local0
 #    7|               2: [VarAccess] tmp5_local1
 #    7|               3: [NullLiteral] null
-#    0|       4: [Method] getDescriptor
+#    0|       3: [Method] getDescriptor
 #-----|         1: (Annotations)
 #    0|           1: [Annotation] NotNull
 #    0|         3: [TypeAccess] SerialDescriptor
-#    0|         5: [BlockStmt] { ... }
-#    0|           0: [ReturnStmt] return ...
-#    0|             0: [VarAccess] this.descriptor
-#    0|               -1: [ThisAccess] this
-#    0|       5: [Method] serialize
+#    7|         5: [BlockStmt] { ... }
+#    7|           0: [ReturnStmt] return ...
+#    7|             0: [VarAccess] this.descriptor
+#    7|               -1: [ThisAccess] this
+#    0|       4: [Method] serialize
 #    0|         3: [TypeAccess] Unit
 #-----|         4: (Parameters)
 #    0|           0: [Parameter] encoder
@@ -443,7 +443,7 @@ app/src/main/kotlin/testProject/App.kt:
 #    7|             0: [MethodCall] endStructure(...)
 #    7|               -1: [VarAccess] tmp1_output
 #    7|               0: [VarAccess] tmp0_desc
-#    7|       6: [Constructor] $serializer
+#    7|       5: [Constructor] $serializer
 #    7|         5: [BlockStmt] { ... }
 #    7|           0: [SuperConstructorInvocationStmt] super(...)
 #    7|           1: [BlockStmt] { ... }
@@ -471,6 +471,8 @@ app/src/main/kotlin/testProject/App.kt:
 #    7|                   -1: [ThisAccess] $serializer.this
 #    7|                     0: [TypeAccess] $serializer
 #    7|                 1: [VarAccess] tmp0_serialDesc
+#    7|       6: [FieldDeclaration] PluginGeneratedSerialDescriptor descriptor;
+#    7|         -1: [TypeAccess] PluginGeneratedSerialDescriptor
 #    7|       7: [Method] typeParametersSerializers
 #    7|         3: [TypeAccess] KSerializer<?>[]
 #    7|           0: [TypeAccess] KSerializer<?>
@@ -645,9 +647,7 @@ app/src/main/kotlin/testProject/App.kt:
 #    0|             2: [ArrayInit] {...}
 #    0|           3: [VarAccess] DeprecationLevel.HIDDEN
 #    0|             -1: [TypeAccess] DeprecationLevel
-#    0|       1: [FieldDeclaration] SerialDescriptor descriptor;
-#    0|         -1: [TypeAccess] SerialDescriptor
-#    0|       2: [Method] childSerializers
+#    0|       1: [Method] childSerializers
 #-----|         1: (Annotations)
 #    0|           1: [Annotation] NotNull
 #    0|         3: [TypeAccess] KSerializer<?>[]
@@ -657,9 +657,10 @@ app/src/main/kotlin/testProject/App.kt:
 #   14|           0: [ReturnStmt] return ...
 #   14|             0: [ArrayCreationExpr] new KSerializer<?>[]
 #   14|               -2: [ArrayInit] {...}
+#   14|                 0: [VarAccess] INSTANCE
 #   14|               -1: [TypeAccess] KSerializer<?>
 #   14|               0: [IntegerLiteral] 1
-#    0|       3: [Method] deserialize
+#    0|       2: [Method] deserialize
 #-----|         1: (Annotations)
 #    0|           1: [Annotation] NotNull
 #    0|         3: [TypeAccess] X
@@ -765,15 +766,15 @@ app/src/main/kotlin/testProject/App.kt:
 #   14|               0: [VarAccess] tmp3_bitMask0
 #   14|               1: [VarAccess] tmp4_local0
 #   14|               2: [NullLiteral] null
-#    0|       4: [Method] getDescriptor
+#    0|       3: [Method] getDescriptor
 #-----|         1: (Annotations)
 #    0|           1: [Annotation] NotNull
 #    0|         3: [TypeAccess] SerialDescriptor
-#    0|         5: [BlockStmt] { ... }
-#    0|           0: [ReturnStmt] return ...
-#    0|             0: [VarAccess] this.descriptor
-#    0|               -1: [ThisAccess] this
-#    0|       5: [Method] serialize
+#   14|         5: [BlockStmt] { ... }
+#   14|           0: [ReturnStmt] return ...
+#   14|             0: [VarAccess] this.descriptor
+#   14|               -1: [ThisAccess] this
+#    0|       4: [Method] serialize
 #    0|         3: [TypeAccess] Unit
 #-----|         4: (Parameters)
 #    0|           0: [Parameter] encoder
@@ -804,7 +805,7 @@ app/src/main/kotlin/testProject/App.kt:
 #   14|             0: [MethodCall] endStructure(...)
 #   14|               -1: [VarAccess] tmp1_output
 #   14|               0: [VarAccess] tmp0_desc
-#   14|       6: [Constructor] $serializer
+#   14|       5: [Constructor] $serializer
 #   14|         5: [BlockStmt] { ... }
 #   14|           0: [SuperConstructorInvocationStmt] super(...)
 #   14|           1: [BlockStmt] { ... }
@@ -827,6 +828,8 @@ app/src/main/kotlin/testProject/App.kt:
 #   14|                   -1: [ThisAccess] $serializer.this
 #   14|                     0: [TypeAccess] $serializer
 #   14|                 1: [VarAccess] tmp0_serialDesc
+#   14|       6: [FieldDeclaration] PluginGeneratedSerialDescriptor descriptor;
+#   14|         -1: [TypeAccess] PluginGeneratedSerialDescriptor
 #   14|       7: [Method] typeParametersSerializers
 #   14|         3: [TypeAccess] KSerializer<?>[]
 #   14|           0: [TypeAccess] KSerializer<?>

java/ql/integration-tests/kotlin/all-platforms/gradle_kotlinx_serialization/app/build.gradle

@@ -1,6 +1,6 @@
 plugins {
-    id 'org.jetbrains.kotlin.jvm' version '1.6.10'
-    id 'org.jetbrains.kotlin.plugin.serialization' version '1.6.10'
+    id 'org.jetbrains.kotlin.jvm' version '1.8.10'
+    id 'org.jetbrains.kotlin.plugin.serialization' version '1.8.10'
 }
 
 repositories {
@@ -8,6 +8,5 @@ repositories {
 }
 
 dependencies {
-    implementation "org.jetbrains.kotlin:kotlin-serialization:1.6.10"
-    implementation "org.jetbrains.kotlinx:kotlinx-serialization-json:1.3.2"
+    implementation "org.jetbrains.kotlinx:kotlinx-serialization-json:1.5.0"
 }

java/ql/integration-tests/kotlin/all-platforms/gradle_kotlinx_serialization/diag.expected

@@ -1,2 +0,0 @@
-| CodeQL Kotlin extractor | 5 |  | Unbound symbol found, skipping extraction of expression | app/src/main/kotlin/testProject/App.kt:7:1:8:55 | app/src/main/kotlin/testProject/App.kt:7:1:8:55 |
-| CodeQL Kotlin extractor | 5 |  | Unbound symbol found, skipping extraction of expression | app/src/main/kotlin/testProject/App.kt:14:1:17:1 | app/src/main/kotlin/testProject/App.kt:14:1:17:1 |

java/ql/integration-tests/kotlin/all-platforms/java_modifiers/test.expected

@@ -1,2 +1,2 @@
 | extlib.jar/extlib/A.class:0:0:0:0 | m | protected |
-| test.kt:4:3:4:22 | m | override, protected |
+| test.kt:4:12:4:22 | m | override, protected |

java/ql/integration-tests/kotlin/all-platforms/jvmoverloads-external-class/test.expected

@@ -1,8 +1,8 @@
-| test.kt:3:3:3:45 | f | test.kt:3:23:3:32 | x |
-| test.kt:3:3:3:45 | f | test.kt:3:35:3:40 | y |
-| test.kt:3:3:3:45 | f | test.kt:3:35:3:40 | y |
-| test.kt:3:3:3:45 | f$default | test.kt:3:3:3:45 | p0 |
-| test.kt:3:3:3:45 | f$default | test.kt:3:3:3:45 | p1 |
-| test.kt:3:3:3:45 | f$default | test.kt:3:3:3:45 | p2 |
-| test.kt:3:3:3:45 | f$default | test.kt:3:3:3:45 | p3 |
-| test.kt:3:3:3:45 | f$default | test.kt:3:3:3:45 | p4 |
+| test.kt:3:17:3:45 | f | test.kt:3:23:3:32 | x |
+| test.kt:3:17:3:45 | f | test.kt:3:35:3:40 | y |
+| test.kt:3:17:3:45 | f | test.kt:3:35:3:40 | y |
+| test.kt:3:17:3:45 | f$default | test.kt:3:17:3:45 | p0 |
+| test.kt:3:17:3:45 | f$default | test.kt:3:17:3:45 | p1 |
+| test.kt:3:17:3:45 | f$default | test.kt:3:17:3:45 | p2 |
+| test.kt:3:17:3:45 | f$default | test.kt:3:17:3:45 | p3 |
+| test.kt:3:17:3:45 | f$default | test.kt:3:17:3:45 | p4 |

java/ql/integration-tests/kotlin/all-platforms/kotlin_java_static_fields/test.expected

@@ -1,22 +1,22 @@
 edges
-| hasFields.kt:5:5:5:34 | constField : String | ReadsFields.java:5:10:5:29 | HasFields.constField | provenance |  |
-| hasFields.kt:5:28:5:34 | "taint" : String | hasFields.kt:5:5:5:34 | constField : String | provenance |  |
-| hasFields.kt:7:5:7:38 | <set-?> : String | hasFields.kt:7:5:7:38 | <set-?> : String | provenance |  |
-| hasFields.kt:7:5:7:38 | <set-?> : String | hasFields.kt:7:5:7:38 | lateinitField : String | provenance |  |
-| hasFields.kt:7:5:7:38 | lateinitField : String | ReadsFields.java:6:10:6:32 | HasFields.lateinitField | provenance |  |
-| hasFields.kt:9:5:9:50 | jvmFieldAnnotatedField : String | ReadsFields.java:7:10:7:41 | HasFields.jvmFieldAnnotatedField | provenance |  |
-| hasFields.kt:9:44:9:50 | "taint" : String | hasFields.kt:9:5:9:50 | jvmFieldAnnotatedField : String | provenance |  |
-| hasFields.kt:14:21:14:27 | "taint" : String | hasFields.kt:7:5:7:38 | <set-?> : String | provenance |  |
+| hasFields.kt:5:11:5:34 | constField : String | ReadsFields.java:5:10:5:29 | HasFields.constField | provenance |  |
+| hasFields.kt:5:28:5:34 | "taint" : String | hasFields.kt:5:11:5:34 | constField : String | provenance |  |
+| hasFields.kt:7:14:7:38 | <set-?> : String | hasFields.kt:7:14:7:38 | <set-?> : String | provenance |  |
+| hasFields.kt:7:14:7:38 | <set-?> : String | hasFields.kt:7:14:7:38 | lateinitField : String | provenance |  |
+| hasFields.kt:7:14:7:38 | lateinitField : String | ReadsFields.java:6:10:6:32 | HasFields.lateinitField | provenance |  |
+| hasFields.kt:9:15:9:50 | jvmFieldAnnotatedField : String | ReadsFields.java:7:10:7:41 | HasFields.jvmFieldAnnotatedField | provenance |  |
+| hasFields.kt:9:44:9:50 | "taint" : String | hasFields.kt:9:15:9:50 | jvmFieldAnnotatedField : String | provenance |  |
+| hasFields.kt:14:21:14:27 | "taint" : String | hasFields.kt:7:14:7:38 | <set-?> : String | provenance |  |
 nodes
 | ReadsFields.java:5:10:5:29 | HasFields.constField | semmle.label | HasFields.constField |
 | ReadsFields.java:6:10:6:32 | HasFields.lateinitField | semmle.label | HasFields.lateinitField |
 | ReadsFields.java:7:10:7:41 | HasFields.jvmFieldAnnotatedField | semmle.label | HasFields.jvmFieldAnnotatedField |
-| hasFields.kt:5:5:5:34 | constField : String | semmle.label | constField : String |
+| hasFields.kt:5:11:5:34 | constField : String | semmle.label | constField : String |
 | hasFields.kt:5:28:5:34 | "taint" : String | semmle.label | "taint" : String |
-| hasFields.kt:7:5:7:38 | <set-?> : String | semmle.label | <set-?> : String |
-| hasFields.kt:7:5:7:38 | <set-?> : String | semmle.label | <set-?> : String |
-| hasFields.kt:7:5:7:38 | lateinitField : String | semmle.label | lateinitField : String |
-| hasFields.kt:9:5:9:50 | jvmFieldAnnotatedField : String | semmle.label | jvmFieldAnnotatedField : String |
+| hasFields.kt:7:14:7:38 | <set-?> : String | semmle.label | <set-?> : String |
+| hasFields.kt:7:14:7:38 | <set-?> : String | semmle.label | <set-?> : String |
+| hasFields.kt:7:14:7:38 | lateinitField : String | semmle.label | lateinitField : String |
+| hasFields.kt:9:15:9:50 | jvmFieldAnnotatedField : String | semmle.label | jvmFieldAnnotatedField : String |
 | hasFields.kt:9:44:9:50 | "taint" : String | semmle.label | "taint" : String |
 | hasFields.kt:14:21:14:27 | "taint" : String | semmle.label | "taint" : String |
 subpaths

java/ql/integration-tests/kotlin/all-platforms/kotlin_kfunction/app/build.gradle

@@ -8,7 +8,7 @@
 
 plugins {
     // Apply the org.jetbrains.kotlin.jvm Plugin to add support for Kotlin.
-    id 'org.jetbrains.kotlin.jvm' version '1.6.20'
+    id 'org.jetbrains.kotlin.jvm' version '1.8.0'
 
     // Apply the application plugin to add support for building a CLI application in Java.
     id 'application'