Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability

.github/workflows/swift-integration-tests.yml

@@ -0,0 +1,34 @@
+name: "Swift: Run Integration Tests"
+
+on:
+  pull_request:
+    paths:
+      - "swift/**"
+      - .github/workflows/swift-integration-tests.yml
+      - codeql-workspace.yml
+    branches:
+      - main
+defaults:
+  run:
+    working-directory: swift
+
+jobs:
+  integration-tests:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-20.04
+#          - macos-latest  TODO
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./.github/actions/fetch-codeql
+      - uses: bazelbuild/setup-bazelisk@v2
+      - uses: actions/setup-python@v3
+      - name: Build Swift extractor
+        run: |
+          bazel run //swift:create-extractor-pack
+      - name: Run integration tests
+        run: |
+          python integration-tests/runner.py

CODEOWNERS

@@ -42,3 +42,4 @@ WORKSPACE.bazel @github/codeql-ci-reviewers
 /.github/workflows/js-ml-tests.yml @github/codeql-ml-powered-queries-reviewers
 /.github/workflows/ql-for-ql-* @github/codeql-ql-for-ql-reviewers
 /.github/workflows/ruby-* @github/codeql-ruby
+/.github/workflows/swift-* @github/codeql-c

config/identical-files.json

@@ -453,11 +453,11 @@
     "python/ql/src/Lexical/CommentedOutCodeReferences.inc.qhelp"
   ],
   "IDE Contextual Queries": [
-    "cpp/ql/src/IDEContextual.qll",
-    "csharp/ql/src/IDEContextual.qll",
-    "java/ql/src/IDEContextual.qll",
-    "javascript/ql/src/IDEContextual.qll",
-    "python/ql/src/analysis/IDEContextual.qll"
+    "cpp/ql/lib/IDEContextual.qll",
+    "csharp/ql/lib/IDEContextual.qll",
+    "java/ql/lib/IDEContextual.qll",
+    "javascript/ql/lib/IDEContextual.qll",
+    "python/ql/lib/analysis/IDEContextual.qll"
   ],
   "SSA C#": [
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImplCommon.qll",

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

cpp/ql/src/Likely Bugs/Conversion/LossyFunctionResultCast.ql

@@ -44,7 +44,7 @@ predicate whiteListWrapped(FunctionCall fc) {
 
 from FunctionCall c, FloatingPointType t1, IntegralType t2
 where
-  t1 = c.getTarget().getType().getUnderlyingType() and
+  pragma[only_bind_into](t1) = c.getTarget().getType().getUnderlyingType() and
   t2 = c.getActualType() and
   c.hasImplicitConversion() and
   not whiteListWrapped(c)

cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql

@@ -18,7 +18,7 @@ import semmle.code.cpp.ir.IR
 import semmle.code.cpp.ir.dataflow.MustFlow
 import PathGraph
 
-/** Holds if `f` has a name that we intrepret as evidence of intentionally returning the value of the stack pointer. */
+/** Holds if `f` has a name that we interpret as evidence of intentionally returning the value of the stack pointer. */
 predicate intentionallyReturnsStackPointer(Function f) {
   f.getName().toLowerCase().matches(["%stack%", "%sp%"])
 }

cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql

@@ -133,7 +133,9 @@ TGlobalAddress globalAddress(Instruction instr) {
   )
   or
   exists(FieldAddressInstruction fai | instr = fai |
-    result = TFieldAddress(globalAddress(fai.getObjectAddress()), fai.getField())
+    result =
+      TFieldAddress(globalAddress(pragma[only_bind_into](fai.getObjectAddress())),
+        pragma[only_bind_out](fai.getField()))
   )
   or
   result = globalAddress(instr.(PointerOffsetInstruction).getLeft())

cpp/ql/src/Likely Bugs/UseInOwnInitializer.ql

@@ -15,6 +15,7 @@ class VariableAccessInInitializer extends VariableAccess {
   Variable var;
   Initializer init;
 
+  pragma[nomagic]
   VariableAccessInInitializer() {
     init.getDeclaration() = var and
     init.getExpr().getAChild*() = this

cpp/ql/src/change-notes/2022-06-29-move-contextual-queries.md

@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+* Contextual queries and the query libraries they depend on have been moved to the `codeql/cpp-all` package.

cpp/ql/test/library-tests/controlflow/nullness/nullness.expected

@@ -0,0 +1,15 @@
+| test.cpp:9:9:9:9 | v | test.cpp:5:13:5:13 | v | is not null | is valid |
+| test.cpp:10:9:10:10 | ! ... | test.cpp:5:13:5:13 | v | is null | is not valid |
+| test.cpp:11:9:11:14 | ... == ... | test.cpp:5:13:5:13 | v | is null | is not valid |
+| test.cpp:12:9:12:17 | ... == ... | test.cpp:5:13:5:13 | v | is not null | is valid |
+| test.cpp:13:9:13:14 | ... != ... | test.cpp:5:13:5:13 | v | is not null | is valid |
+| test.cpp:14:9:14:17 | ... != ... | test.cpp:5:13:5:13 | v | is null | is not valid |
+| test.cpp:15:8:15:23 | call to __builtin_expect | test.cpp:5:13:5:13 | v | is not null | is valid |
+| test.cpp:16:8:16:23 | call to __builtin_expect | test.cpp:5:13:5:13 | v | is null | is not valid |
+| test.cpp:17:9:17:17 | ... && ... | test.cpp:5:13:5:13 | v | is not null | is valid |
+| test.cpp:18:9:18:17 | ... && ... | test.cpp:5:13:5:13 | v | is not null | is not valid |
+| test.cpp:19:9:19:18 | ... && ... | test.cpp:5:13:5:13 | v | is null | is not valid |
+| test.cpp:20:9:20:18 | ... && ... | test.cpp:5:13:5:13 | v | is not null | is not valid |
+| test.cpp:21:9:21:14 | ... = ... | test.cpp:5:13:5:13 | v | is null | is not valid |
+| test.cpp:21:9:21:14 | ... = ... | test.cpp:7:10:7:10 | b | is not null | is valid |
+| test.cpp:22:17:22:17 | b | test.cpp:7:10:7:10 | b | is not null | is valid |

cpp/ql/test/library-tests/controlflow/nullness/nullness.ql

@@ -0,0 +1,9 @@
+import cpp
+
+from AnalysedExpr a, LocalScopeVariable v, string isNullCheck, string isValidCheck
+where
+  a.getParent() instanceof IfStmt and
+  v.getAnAccess().getEnclosingStmt() = a.getParent() and
+  (if a.isNullCheck(v) then isNullCheck = "is null" else isNullCheck = "is not null") and
+  (if a.isValidCheck(v) then isValidCheck = "is valid" else isValidCheck = "is not valid")
+select a, v, isNullCheck, isValidCheck

cpp/ql/test/library-tests/controlflow/nullness/test.cpp

@@ -0,0 +1,23 @@
+// semmle-extractor-options: -std=c++17
+
+long __builtin_expect(long);
+     
+void f(int *v) {
+    int *w;
+    bool b;
+
+    if (v) {}
+    if (!v) {}
+    if (v == 0) {}
+    if ((!v) == 0) {}
+    if (v != 0) {}
+    if ((!v) != 0) {}
+    if(__builtin_expect((long)v)) {}
+    if(__builtin_expect((long)!v)) {}
+    if (true && v) {}
+    if (v && true) {}
+    if (true && !v) {}
+    if (!v && true) {}
+    if (b = !v) {}
+    if (b = !v; b) {}
+}

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

csharp/ql/src/change-notes/2022-06-29-move-contextual-queries.md

@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+* Contextual queries and the query libraries they depend on have been moved to the `codeql/csharp-all` package.

docs/codeql/codeql-cli/analyzing-databases-with-the-codeql-cli.rst

@@ -135,6 +135,47 @@ pack names and use the ``--download`` flag::
 The ``analyze`` command above runs the default suite from ``microsoft/coding-standards v1.0.0`` and the latest version of ``github/security-queries`` on the specified database.
 For further information about default suites, see ":ref:`Publishing and using CodeQL packs <publishing-and-using-codeql-packs>`".
 
+Running a subset of queries in a CodeQL pack
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you are using CodeQL CLI v2.8.1 or later, you can include a path at the end of a pack specification to run a subset of queries inside the pack. This applies to any command that locates or runs queries within a pack.
+
+The complete way to specify a set of queries is in the form ``scope/name@range:path``, where:
+
+- ``scope/name`` is the qualified name of a CodeQL pack.
+- ``range`` is a `semver range <https://docs.npmjs.com/cli/v6/using-npm/semver#ranges>`_.
+- ``path`` is a file system path to a single query, a directory containing queries, or a query suite file.
+
+When you specify a ``scope/name``, the ``range`` and ``path`` are
+optional. If you omit a ``range`` then the latest version of the
+specified pack is used. If you omit a ``path`` then the default query suite
+of the specified pack is used.
+
+The ``path`` can be one of a ``*.ql`` query file, a directory
+containing one or more queries, or a ``.qls`` query suite file. If
+you omit a pack name, then you must provide a ``path``,
+which will be interpreted relative to the working directory
+of the current process.
+
+If you specify a ``scope/name`` and ``path``, then the ``path`` cannot
+be absolute. It is considered relative to the root of the CodeQL
+pack.
+
+To analyze a database using all queries in the `experimental/Security` folder within the `codeql/cpp-queries` CodeQL pack you can use::
+
+    codeql database analyze --format=sarif-latest --output=results <db> \
+        codeql/cpp-queries:experimental/Security
+
+To run the `RedundantNullCheckParam.ql` query in the `codeql/cpp-queries` CodeQL pack use::
+
+    codeql database analyze --format=sarif-latest --output=results <db> \
+        'codeql/cpp-queries:experimental/Likely Bugs/RedundantNullCheckParam.ql'
+
+To analyze your database using the `cpp-security-and-quality.qls` query suite from a version of the `codeql/cpp-queries` CodeQL pack that is >= 0.0.3 and < 0.1.0 (the highest compatible version will be chosen) you can use::
+
+    codeql database analyze --format=sarif-latest --output=results <db> \
+       'codeql/cpp-queries@~0.0.3:codeql-suites/cpp-security-and-quality.qls'
+
 For more information about CodeQL packs, see :doc:`About CodeQL Packs <about-codeql-packs>`.
 
 Running query suites
@@ -223,7 +264,7 @@ you can include the query help for your custom queries in SARIF files generated
 After uploading the SARIF file to GitHub, the query help is shown in the code scanning UI for any
 alerts generated by the custom queries.
 
-From CodeQL CLI 2.7.1 onwards, you can include markdown-rendered query help in SARIF files
+From CodeQL CLI v2.7.1 onwards, you can include markdown-rendered query help in SARIF files
 by providing the ``--sarif-add-query-help`` option when running
 ``codeql database analyze``.
 For more information, see `Configuring CodeQL CLI in your CI system <https://docs.github.com/en/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system#analyzing-a-codeql-database>`__

docs/codeql/reusables/beta-note-package-management.rst

@@ -2,4 +2,4 @@
 
     Note
 
-    The CodeQL package management functionality, including CodeQL packs, is currently available as a beta release and is subject to change. During the beta release, CodeQL packs are available only using GitHub Packages - the GitHub Container registry. To use this beta functionality, install version 2.6.0 or higher of the CodeQL CLI bundle from: https://github.com/github/codeql-action/releases.
+    The CodeQL package management functionality, including CodeQL packs, is currently available as a beta release and is subject to change. During the beta release, CodeQL packs are available only using GitHub Packages - the GitHub Container registry. To use this beta functionality, install the latest version of the CodeQL CLI bundle from: https://github.com/github/codeql-action/releases.

java/documentation/library-coverage/coverage.csv

@@ -1,121 +1,121 @@
-package,sink,source,summary,sink:bean-validation,sink:create-file,sink:groovy,sink:header-splitting,sink:information-leak,sink:intent-start,sink:jdbc-url,sink:jexl,sink:jndi-injection,sink:ldap,sink:logging,sink:mvel,sink:ognl-injection,sink:open-url,sink:pending-intent-sent,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:set-hostname-verifier,sink:sql,sink:url-open-stream,sink:url-redirect,sink:write-file,sink:xpath,sink:xslt,sink:xss,source:android-widget,source:contentprovider,source:remote,summary:taint,summary:value
-android.app,16,,103,,,,,,7,,,,,,,,,9,,,,,,,,,,,,,,,,,,18,85
-android.content,24,27,108,,,,,,16,,,,,,,,,,,,,,,,,8,,,,,,,,27,,31,77
-android.database,59,,30,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,,,30,
-android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15
-android.os,,,122,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,41,81
-android.util,6,16,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,16,,
-android.webkit,3,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,2,,
-android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,1,
-androidx.slice,2,5,88,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,5,,27,61
-cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.fasterxml.jackson.databind,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
-com.google.common.base,4,,85,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,,62,23
-com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17
-com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551
-com.google.common.flogger,29,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,
-com.google.common.io,6,,73,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,72,1
-com.opensymphony.xwork2.ognl,3,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,
-com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7,
-com.unboundid.ldap.sdk,17,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,
-com.zaxxer.hikari,2,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,
-flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
-groovy.lang,26,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-groovy.util,5,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-jakarta.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,7,,
-jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
-jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
-jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
-jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,94,55
-java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-java.io,37,,39,,15,,,,,,,,,,,,,,,,,,,,,,,,22,,,,,,,39,
-java.lang,13,,58,,,,,,,,,,,8,,,,,4,,,1,,,,,,,,,,,,,,46,12
-java.net,10,3,7,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,3,7,
-java.nio,15,,6,,13,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,6,
-java.sql,11,,,,,,,,,4,,,,,,,,,,,,,,,,7,,,,,,,,,,,
-java.util,44,,438,,,,,,,,,,,34,,,,,,5,2,,1,2,,,,,,,,,,,,24,414
-javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,7,,
-javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
-javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
-javax.management.remote,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,
-javax.naming,7,,,,,,,,,,,6,1,,,,,,,,,,,,,,,,,,,,,,,,
-javax.net.ssl,2,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
-javax.script,1,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,
-javax.servlet,4,21,2,,,,3,1,,,,,,,,,,,,,,,,,,,,,,,,,,,21,2,
-javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
-javax.ws.rs.client,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
-javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
-javax.ws.rs.core,3,,149,,,,1,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,94,55
-javax.xml.transform,1,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,6,
-javax.xml.xpath,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,
-jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10
-kotlin.jvm.internal,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
-net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,
-ognl,6,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,
-okhttp3,2,,47,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,22,25
-org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
-org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
-org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
-org.apache.commons.io,104,,561,,89,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,547,14
-org.apache.commons.jexl2,15,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.jexl3,15,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.lang3,,,424,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,293,131
-org.apache.commons.logging,6,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.ognl,6,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52
-org.apache.directory.ldap.client.api,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.apache.hc.core5.http,1,2,39,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,2,39,
-org.apache.hc.core5.net,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,
-org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6
-org.apache.http,27,3,70,,,,,,,,,,,,,,25,,,,,,,,,,,,,,,2,,,3,62,8
-org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,57,
-org.apache.log4j,11,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.logging.log4j,359,,8,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,4,4
-org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.apache.shiro.jndi,1,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
-org.codehaus.groovy.control,1,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,,
-org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,
-org.jboss.logging,324,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,
-org.jdbi.v3.core,6,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
-org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38
-org.mvel2,16,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,
-org.scijava.log,13,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,
-org.slf4j,55,,6,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,2,4
-org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30
-org.springframework.boot.jdbc,1,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
-org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-org.springframework.http,14,,70,,,,,,,,,,,,,,14,,,,,,,,,,,,,,,,,,,60,10
-org.springframework.jdbc.core,10,,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,
-org.springframework.jdbc.datasource,4,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,
-org.springframework.jndi,1,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.ldap,47,,,,,,,,,,,33,14,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,
-org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32
-org.springframework.util,,,139,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,87,52
-org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,
-org.springframework.web.client,13,3,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,3,,
-org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,
-org.springframework.web.multipart,,12,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,13,
-org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,
-org.springframework.web.util,,,163,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,138,25
-org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,
-play.mvc,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,
-ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
-ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
-ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48
-ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
-ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
-ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
-ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
-retrofit2,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
+package,sink,source,summary,sink:bean-validation,sink:create-file,sink:groovy,sink:header-splitting,sink:information-leak,sink:intent-start,sink:jdbc-url,sink:jexl,sink:jndi-injection,sink:ldap,sink:logging,sink:mvel,sink:ognl-injection,sink:open-url,sink:pending-intent-sent,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:set-hostname-verifier,sink:sql,sink:url-open-stream,sink:url-redirect,sink:write-file,sink:xpath,sink:xslt,sink:xss,source:android-external-storage-dir,source:android-widget,source:contentprovider,source:remote,summary:taint,summary:value
+android.app,16,,103,,,,,,7,,,,,,,,,9,,,,,,,,,,,,,,,,,,,18,85
+android.content,24,31,108,,,,,,16,,,,,,,,,,,,,,,,,8,,,,,,,4,,27,,31,77
+android.database,59,,30,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,,,,30,
+android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15
+android.os,,2,122,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,41,81
+android.util,6,16,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,16,,
+android.webkit,3,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,2,,
+android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,1,
+androidx.slice,2,5,88,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,5,,27,61
+cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.fasterxml.jackson.databind,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
+com.google.common.base,4,,85,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,,,62,23
+com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17
+com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551
+com.google.common.flogger,29,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,,
+com.google.common.io,6,,73,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,72,1
+com.opensymphony.xwork2.ognl,3,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,
+com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7,
+com.unboundid.ldap.sdk,17,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,,
+com.zaxxer.hikari,2,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
+groovy.lang,26,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+groovy.util,5,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+jakarta.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,,
+jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
+jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,
+jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
+jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
+java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+java.io,37,,39,,15,,,,,,,,,,,,,,,,,,,,,,,,22,,,,,,,,39,
+java.lang,13,,58,,,,,,,,,,,8,,,,,4,,,1,,,,,,,,,,,,,,,46,12
+java.net,10,3,7,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,3,7,
+java.nio,15,,6,,13,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,6,
+java.sql,11,,,,,,,,,4,,,,,,,,,,,,,,,,7,,,,,,,,,,,,
+java.util,44,,438,,,,,,,,,,,34,,,,,,5,2,,1,2,,,,,,,,,,,,,24,414
+javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,,
+javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
+javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
+javax.management.remote,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,
+javax.naming,7,,,,,,,,,,,6,1,,,,,,,,,,,,,,,,,,,,,,,,,
+javax.net.ssl,2,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,
+javax.script,1,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,
+javax.servlet,4,21,2,,,,3,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,2,
+javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
+javax.ws.rs.client,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,
+javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
+javax.ws.rs.core,3,,149,,,,1,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
+javax.xml.transform,1,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,6,
+javax.xml.xpath,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,
+jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10
+kotlin.jvm.internal,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
+net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,,
+ognl,6,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,
+okhttp3,2,,47,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,22,25
+org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
+org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
+org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
+org.apache.commons.io,104,,561,,89,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,547,14
+org.apache.commons.jexl2,15,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.jexl3,15,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.lang3,,,424,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,293,131
+org.apache.commons.logging,6,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.ognl,6,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52
+org.apache.directory.ldap.client.api,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.apache.hc.core5.http,1,2,39,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,2,39,
+org.apache.hc.core5.net,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,
+org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6
+org.apache.http,27,3,70,,,,,,,,,,,,,,25,,,,,,,,,,,,,,,2,,,,3,62,8
+org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,57,
+org.apache.log4j,11,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.logging.log4j,359,,8,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,,4,4
+org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.apache.shiro.jndi,1,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.codehaus.groovy.control,1,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,,,
+org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,
+org.jboss.logging,324,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,,
+org.jdbi.v3.core,6,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
+org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38
+org.mvel2,16,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,,
+org.scijava.log,13,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,,
+org.slf4j,55,,6,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,,2,4
+org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30
+org.springframework.boot.jdbc,1,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
+org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+org.springframework.http,14,,70,,,,,,,,,,,,,,14,,,,,,,,,,,,,,,,,,,,60,10
+org.springframework.jdbc.core,10,,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,
+org.springframework.jdbc.datasource,4,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,,
+org.springframework.jndi,1,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.ldap,47,,,,,,,,,,,33,14,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,
+org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32
+org.springframework.util,,,139,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,87,52
+org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,
+org.springframework.web.client,13,3,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,3,,
+org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,
+org.springframework.web.multipart,,12,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,13,
+org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,
+org.springframework.web.util,,,163,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,138,25
+org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,
+play.mvc,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,
+ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
+ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
+ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48
+ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
+ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
+ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
+ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
+retrofit2,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,

java/documentation/library-coverage/coverage.rst

@@ -7,7 +7,7 @@ Java framework & library support
    :widths: auto
 
    Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE‑022` :sub:`Path injection`,`CWE‑036` :sub:`Path traversal`,`CWE‑079` :sub:`Cross-site scripting`,`CWE‑089` :sub:`SQL injection`,`CWE‑090` :sub:`LDAP injection`,`CWE‑094` :sub:`Code injection`,`CWE‑319` :sub:`Cleartext transmission`
-   Android,``android.*``,46,424,108,,,3,67,,,
+   Android,``android.*``,52,424,108,,,3,67,,,
    `Apache Commons Collections <https://commons.apache.org/proper/commons-collections/>`_,"``org.apache.commons.collections``, ``org.apache.commons.collections4``",,1600,,,,,,,,
    `Apache Commons IO <https://commons.apache.org/proper/commons-io/>`_,``org.apache.commons.io``,,561,104,89,,,,,,15
    `Apache Commons Lang <https://commons.apache.org/proper/commons-lang/>`_,``org.apache.commons.lang3``,,424,,,,,,,,
@@ -19,5 +19,5 @@ Java framework & library support
    Java extensions,"``javax.*``, ``jakarta.*``",63,609,32,,,4,,1,1,2
    `Spring <https://spring.io/>`_,``org.springframework.*``,29,476,101,,,,19,14,,29
    Others,"``androidx.slice``, ``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``groovy.lang``, ``groovy.util``, ``jodd.json``, ``kotlin.jvm.internal``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.logging.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.hibernate``, ``org.jboss.logging``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.mvel2``, ``org.scijava.log``, ``org.slf4j``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",65,395,932,,,,14,18,,3
-   Totals,,211,6410,1474,117,6,10,107,33,1,84
+   Totals,,217,6410,1474,117,6,10,107,33,1,84
 

java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt

@@ -6,6 +6,7 @@ import com.github.codeql.utils.versions.functionN
 import com.github.codeql.utils.versions.getIrStubFromDescriptor
 import com.semmle.extractor.java.OdasaOutput
 import org.jetbrains.kotlin.backend.common.extensions.IrPluginContext
+import org.jetbrains.kotlin.backend.common.lower.parents
 import org.jetbrains.kotlin.backend.common.pop
 import org.jetbrains.kotlin.builtins.functions.BuiltInFunctionArity
 import org.jetbrains.kotlin.descriptors.*
@@ -80,7 +81,7 @@ open class KotlinFileExtractor(
                 }
             }
 
-            file.declarations.map { extractDeclaration(it, extractPrivateMembers = true, extractFunctionBodies = true) }
+            file.declarations.forEach { extractDeclaration(it, extractPrivateMembers = true, extractFunctionBodies = true) }
             extractStaticInitializer(file, null)
             CommentExtractor(this, file, tw.fileId).extract()
         }
@@ -133,7 +134,7 @@ open class KotlinFileExtractor(
                 is IrProperty -> {
                     val parentId = useDeclarationParent(declaration.parent, false)?.cast<DbReftype>()
                     if (parentId != null) {
-                        extractProperty(declaration, parentId, extractBackingField = true, extractFunctionBodies = extractFunctionBodies, null, listOf())
+                        extractProperty(declaration, parentId, extractBackingField = true, extractFunctionBodies = extractFunctionBodies, extractPrivateMembers = extractPrivateMembers, null, listOf())
                     }
                     Unit
                 }
@@ -314,8 +315,21 @@ open class KotlinFileExtractor(
             val locId = getLocation(c, argsIncludingOuterClasses)
             tw.writeHasLocation(id, locId)
 
-            // Extract the outer <-> inner class relationship, passing on any type arguments in excess to this class' parameters.
-            extractEnclosingClass(c, id, locId, argsIncludingOuterClasses?.drop(c.typeParameters.size) ?: listOf())
+            // Extract the outer <-> inner class relationship, passing on any type arguments in excess to this class' parameters if this is an inner class.
+            // For example, in `class Outer<T> { inner class Inner<S> { } }`, `Inner<Int, String>` nests within `Outer<Int>` and raw `Inner<>` within `Outer<>`,
+            // but for a similar non-`inner` (in Java terms, static nested) class both `Inner<Int>` and `Inner<>` nest within the unbound type `Outer`.
+            val useBoundOuterType = (c.isInner || c.isLocal) && (c.parents.map { // Would use `firstNotNullOfOrNull`, but this doesn't exist in Kotlin 1.4
+                when(it) {
+                    is IrClass -> when {
+                        it.typeParameters.isNotEmpty() -> true // Type parameters visible to this class -- extract an enclosing bound or raw type.
+                        !(it.isInner || it.isLocal) -> false // No type parameters seen yet, and this is a static class -- extract an enclosing unbound type.
+                        else -> null // No type parameters seen here, but may be visible enclosing type parameters; keep searching.
+                    }
+                    else -> null // Look through enclosing non-class entities (this may need to change)
+                }
+            }.firstOrNull { it != null } ?: false)
+
+            extractEnclosingClass(c, id, locId, if (useBoundOuterType) argsIncludingOuterClasses?.drop(c.typeParameters.size) else listOf())
 
             return id
         }
@@ -350,7 +364,7 @@ open class KotlinFileExtractor(
                 if (shouldExtractDecl(it, false)) {
                     when(it) {
                         is IrFunction -> extractFunction(it, id, extractBody = false, extractMethodAndParameterTypeAccesses = false, typeParamSubstitution, argsIncludingOuterClasses)
-                        is IrProperty -> extractProperty(it, id, extractBackingField = false, extractFunctionBodies = false, typeParamSubstitution, argsIncludingOuterClasses)
+                        is IrProperty -> extractProperty(it, id, extractBackingField = false, extractFunctionBodies = false, extractPrivateMembers = false, typeParamSubstitution, argsIncludingOuterClasses)
                         else -> {}
                     }
                 }
@@ -392,6 +406,8 @@ open class KotlinFileExtractor(
         extractDeclInitializers(c.declarations, false) { Pair(blockId, obinitId) }
     }
 
+    val jvmStaticFqName = FqName("kotlin.jvm.JvmStatic")
+
     fun extractClassSource(c: IrClass, extractDeclarations: Boolean, extractStaticInitializer: Boolean, extractPrivateMembers: Boolean, extractFunctionBodies: Boolean): Label<out DbClassorinterface> {
         with("class source", c) {
             DeclarationStackAdjuster(c).use {
@@ -428,9 +444,10 @@ open class KotlinFileExtractor(
 
                 c.typeParameters.mapIndexed { idx, param -> extractTypeParameter(param, idx, javaClass?.typeParameters?.getOrNull(idx)) }
                 if (extractDeclarations) {
-                    c.declarations.map { extractDeclaration(it, extractPrivateMembers = extractPrivateMembers, extractFunctionBodies = extractFunctionBodies) }
+                    c.declarations.forEach { extractDeclaration(it, extractPrivateMembers = extractPrivateMembers, extractFunctionBodies = extractFunctionBodies) }
                     if (extractStaticInitializer)
                         extractStaticInitializer(c, id)
+                    extractJvmStaticProxyMethods(c, id, extractPrivateMembers, extractFunctionBodies)
                 }
                 if (c.isNonCompanionObject) {
                     // For `object MyObject { ... }`, the .class has an
@@ -458,7 +475,78 @@ open class KotlinFileExtractor(
         }
     }
 
-    private fun extractEnclosingClass(innerDeclaration: IrDeclaration, innerId: Label<out DbClassorinterface>, innerLocId: Label<DbLocation>, parentClassTypeArguments: List<IrTypeArgument>) {
+    private fun extractJvmStaticProxyMethods(c: IrClass, classId: Label<out DbClassorinterface>, extractPrivateMembers: Boolean, extractFunctionBodies: Boolean) {
+
+        // Add synthetic forwarders for any JvmStatic methods or properties:
+        val companionObject = c.companionObject() ?: return
+
+        val cType = c.typeWith()
+        val companionType = companionObject.typeWith()
+
+        fun makeProxyFunction(f: IrFunction) {
+            // Emit a function in class `c` that delegates to the same function defined on `c.CompanionInstance`.
+            val proxyFunctionId = tw.getLabelFor<DbMethod>(getFunctionLabel(f, classId, listOf()))
+            // We extract the function prototype with its ID overridden to belong to `c` not the companion object,
+            // but suppress outputting the body, which we will replace with a delegating call below.
+            forceExtractFunction(f, classId, extractBody = false, extractMethodAndParameterTypeAccesses = extractFunctionBodies, typeSubstitution = null, classTypeArgsIncludingOuterClasses = listOf(), idOverride = proxyFunctionId, locOverride = null, extractOrigin = false)
+            addModifiers(proxyFunctionId, "static")
+            tw.writeCompiler_generated(proxyFunctionId, CompilerGeneratedKinds.JVMSTATIC_PROXY_METHOD.kind)
+            if (extractFunctionBodies) {
+                val realFunctionLocId = tw.getLocation(f)
+                extractExpressionBody(proxyFunctionId, realFunctionLocId).also { returnId ->
+                    extractRawMethodAccess(
+                        f,
+                        realFunctionLocId,
+                        f.returnType,
+                        proxyFunctionId,
+                        returnId,
+                        0,
+                        returnId,
+                        f.valueParameters.size,
+                        { argParent, idxOffset ->
+                            f.valueParameters.forEachIndexed { idx, param ->
+                                val syntheticParamId = useValueParameter(param, proxyFunctionId)
+                                extractVariableAccess(syntheticParamId, param.type, realFunctionLocId, argParent, idxOffset + idx, proxyFunctionId, returnId)
+                            }
+                        },
+                        companionType,
+                        { callId ->
+                            val companionField = useCompanionObjectClassInstance(companionObject)?.id
+                            extractVariableAccess(companionField, companionType, realFunctionLocId, callId, -1, proxyFunctionId, returnId).also { varAccessId ->
+                                extractTypeAccessRecursive(cType, realFunctionLocId, varAccessId, -1, proxyFunctionId, returnId)
+                            }
+                        },
+                        null
+                    )
+                }
+            }
+        }
+
+        companionObject.declarations.forEach {
+            if (shouldExtractDecl(it, extractPrivateMembers)) {
+                val wholeDeclAnnotated = it.hasAnnotation(jvmStaticFqName)
+                when(it) {
+                    is IrFunction -> {
+                        if (wholeDeclAnnotated)
+                            makeProxyFunction(it)
+                    }
+                    is IrProperty -> {
+                        it.getter?.let { getter ->
+                            if (wholeDeclAnnotated || getter.hasAnnotation(jvmStaticFqName))
+                                makeProxyFunction(getter)
+                        }
+                        it.setter?.let { setter ->
+                            if (wholeDeclAnnotated || setter.hasAnnotation(jvmStaticFqName))
+                                makeProxyFunction(setter)
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    // If `parentClassTypeArguments` is null, the parent class is a raw type.
+    private fun extractEnclosingClass(innerDeclaration: IrDeclaration, innerId: Label<out DbClassorinterface>, innerLocId: Label<DbLocation>, parentClassTypeArguments: List<IrTypeArgument>?) {
         with("enclosing class", innerDeclaration) {
             var parent: IrDeclarationParent? = innerDeclaration.parent
             while (parent != null) {
@@ -725,7 +813,7 @@ open class KotlinFileExtractor(
         else
             forceExtractFunction(f, parentId, extractBody, extractMethodAndParameterTypeAccesses, typeSubstitution, classTypeArgsIncludingOuterClasses, null, null)
 
-    private fun forceExtractFunction(f: IrFunction, parentId: Label<out DbReftype>, extractBody: Boolean, extractMethodAndParameterTypeAccesses: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?, idOverride: Label<DbMethod>?, locOverride: Label<DbLocation>?): Label<out DbCallable>  {
+    private fun forceExtractFunction(f: IrFunction, parentId: Label<out DbReftype>, extractBody: Boolean, extractMethodAndParameterTypeAccesses: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?, idOverride: Label<DbMethod>?, locOverride: Label<DbLocation>?, extractOrigin: Boolean = true): Label<out DbCallable>  {
         with("function", f) {
             DeclarationStackAdjuster(f).use {
 
@@ -782,6 +870,7 @@ open class KotlinFileExtractor(
                     val methodId = id.cast<DbMethod>()
                     tw.writeMethods(methodId, shortName.nameInDB, "${shortName.nameInDB}$paramsSignature", returnType.javaResult.id, parentId, sourceDeclaration.cast<DbMethod>())
                     tw.writeMethodsKotlinType(methodId, returnType.kotlinResult.id)
+                    if (extractOrigin) {
                         when (f.origin) {
                             IrDeclarationOrigin.GENERATED_DATA_CLASS_MEMBER ->
                                 tw.writeCompiler_generated(methodId, CompilerGeneratedKinds.GENERATED_DATA_CLASS_MEMBER.kind)
@@ -790,6 +879,7 @@ open class KotlinFileExtractor(
                             IrDeclarationOrigin.ENUM_CLASS_SPECIAL_MEMBER ->
                                 tw.writeCompiler_generated(methodId, CompilerGeneratedKinds.ENUM_CLASS_SPECIAL_MEMBER.kind)
                         }
+                    }
 
                     if (extractMethodAndParameterTypeAccesses) {
                         extractTypeAccessRecursive(substReturnType, locId, id, -1)
@@ -809,13 +899,13 @@ open class KotlinFileExtractor(
                 }
 
                 extractVisibility(f, id, f.visibility)
+
                 if (f.isInline) {
                     addModifiers(id, "inline")
                 }
-                if (isStaticFunction(f)) {
+                if (f.shouldExtractAsStatic) {
                     addModifiers(id, "static")
                 }
-
                 if (f is IrSimpleFunction && f.overriddenSymbols.isNotEmpty()) {
                     addModifiers(id, "override")
                 }
@@ -865,7 +955,7 @@ open class KotlinFileExtractor(
         return id
     }
 
-    private fun extractProperty(p: IrProperty, parentId: Label<out DbReftype>, extractBackingField: Boolean, extractFunctionBodies: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?) {
+    private fun extractProperty(p: IrProperty, parentId: Label<out DbReftype>, extractBackingField: Boolean, extractFunctionBodies: Boolean, extractPrivateMembers: Boolean, typeSubstitution: TypeSubstitution?, classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?) {
         with("property", p) {
             if (isFake(p)) return
 
@@ -880,7 +970,11 @@ open class KotlinFileExtractor(
                 val getter = p.getter
                 val setter = p.setter
 
-                if (getter != null) {
+                if (getter == null) {
+                    if (p.modality != Modality.FINAL || !isExternalDeclaration(p)) {
+                        logger.warnElement("IrProperty without a getter", p)
+                    }
+                } else if (shouldExtractDecl(getter, extractPrivateMembers)) {
                     val getterId = extractFunction(getter, parentId, extractBody = extractFunctionBodies, extractMethodAndParameterTypeAccesses = extractFunctionBodies, typeSubstitution, classTypeArgsIncludingOuterClasses)?.cast<DbMethod>()
                     if (getterId != null) {
                         tw.writeKtPropertyGetters(id, getterId)
@@ -888,13 +982,13 @@ open class KotlinFileExtractor(
                             tw.writeCompiler_generated(getterId, CompilerGeneratedKinds.DELEGATED_PROPERTY_GETTER.kind)
                         }
                     }
-                } else {
-                    if (p.modality != Modality.FINAL || !isExternalDeclaration(p)) {
-                        logger.warnElement("IrProperty without a getter", p)
-                    }
                 }
 
-                if (setter != null) {
+                if (setter == null) {
+                    if (p.isVar && !isExternalDeclaration(p)) {
+                        logger.warnElement("isVar property without a setter", p)
+                    }
+                } else if (shouldExtractDecl(setter, extractPrivateMembers)) {
                     if (!p.isVar) {
                         logger.warnElement("!isVar property with a setter", p)
                     }
@@ -905,10 +999,6 @@ open class KotlinFileExtractor(
                             tw.writeCompiler_generated(setterId, CompilerGeneratedKinds.DELEGATED_PROPERTY_SETTER.kind)
                         }
                     }
-                } else {
-                    if (p.isVar && !isExternalDeclaration(p)) {
-                        logger.warnElement("isVar property without a setter", p)
-                    }
                 }
 
                 if (bf != null && extractBackingField) {
@@ -1013,15 +1103,21 @@ open class KotlinFileExtractor(
 
     private fun extractExpressionBody(b: IrExpressionBody, callable: Label<out DbCallable>) {
         with("expression body", b) {
-            val blockId = tw.getFreshIdLabel<DbBlock>()
             val locId = tw.getLocation(b)
+            extractExpressionBody(callable, locId).also { returnId ->
+                extractExpressionExpr(b.expression, callable, returnId, 0, returnId)
+            }
+        }
+    }
+
+    fun extractExpressionBody(callable: Label<out DbCallable>, locId: Label<out DbLocation>): Label<out DbStmt> {
+        val blockId = tw.getFreshIdLabel<DbBlock>()
         tw.writeStmts_block(blockId, callable, 0, callable)
         tw.writeHasLocation(blockId, locId)
 
-            val returnId = tw.getFreshIdLabel<DbReturnstmt>()
+        return tw.getFreshIdLabel<DbReturnstmt>().also { returnId ->
             tw.writeStmts_returnstmt(returnId, blockId, 0, callable)
             tw.writeHasLocation(returnId, locId)
-            extractExpressionExpr(b.expression, callable, returnId, 0, returnId)
         }
     }
 
@@ -1292,10 +1388,48 @@ open class KotlinFileExtractor(
         typeArguments: List<IrType> = listOf(),
         extractClassTypeArguments: Boolean = false) {
 
+        val locId = tw.getLocation(callsite)
+
+        extractRawMethodAccess(
+            syntacticCallTarget,
+            locId,
+            callsite.type,
+            enclosingCallable,
+            callsiteParent,
+            childIdx,
+            enclosingStmt,
+            valueArguments.size,
+            { argParent, idxOffset -> extractCallValueArguments(argParent, valueArguments, enclosingStmt, enclosingCallable, idxOffset) },
+            dispatchReceiver?.type,
+            dispatchReceiver?.let { { callId -> extractExpressionExpr(dispatchReceiver, enclosingCallable, callId, -1, enclosingStmt) } },
+            extensionReceiver?.let { { argParent -> extractExpressionExpr(extensionReceiver, enclosingCallable, argParent, 0, enclosingStmt) } },
+            typeArguments,
+            extractClassTypeArguments
+        )
+
+    }
+
+
+    fun extractRawMethodAccess(
+        syntacticCallTarget: IrFunction,
+        locId: Label<DbLocation>,
+        returnType: IrType,
+        enclosingCallable: Label<out DbCallable>,
+        callsiteParent: Label<out DbExprparent>,
+        childIdx: Int,
+        enclosingStmt: Label<out DbStmt>,
+        nValueArguments: Int,
+        extractValueArguments: (Label<out DbExpr>, Int) -> Unit,
+        drType: IrType?,
+        extractDispatchReceiver: ((Label<out DbExpr>) -> Unit)?,
+        extractExtensionReceiver: ((Label<out DbExpr>) -> Unit)?,
+        typeArguments: List<IrType> = listOf(),
+        extractClassTypeArguments: Boolean = false) {
+
         val callTarget = syntacticCallTarget.target.realOverrideTarget
         val id = tw.getFreshIdLabel<DbMethodaccess>()
-        val type = useType(callsite.type)
-        val locId = tw.getLocation(callsite)
+        val type = useType(returnType)
+
         tw.writeExprs_methodaccess(id, type.javaResult.id, callsiteParent, childIdx)
         tw.writeExprsKotlinType(id, type.kotlinResult.id)
         tw.writeHasLocation(id, locId)
@@ -1305,8 +1439,6 @@ open class KotlinFileExtractor(
         // type arguments at index -2, -3, ...
         extractTypeArguments(typeArguments, locId, id, enclosingCallable, enclosingStmt, -2, true)
 
-        val drType = dispatchReceiver?.type
-
         val isFunctionInvoke = drType != null
                 && drType is IrSimpleType
                 && drType.isFunctionOrKFunction()
@@ -1349,44 +1481,48 @@ open class KotlinFileExtractor(
 
             tw.writeCallableBinding(id, methodId)
 
-            if (dispatchReceiver != null) {
-                extractExpressionExpr(dispatchReceiver, enclosingCallable, id, -1, enclosingStmt)
-            } else if (isStaticFunction(callTarget)) {
+            if (callTarget.shouldExtractAsStatic) {
                 extractStaticTypeAccessQualifier(callTarget, id, locId, enclosingCallable, enclosingStmt)
+            } else if (extractDispatchReceiver != null) {
+                extractDispatchReceiver(id)
             }
         }
 
-        val idxOffset = if (extensionReceiver != null) 1 else 0
+        val idxOffset = if (extractExtensionReceiver != null) 1 else 0
 
         val argParent = if (isBigArityFunctionInvoke) {
-            extractArrayCreationWithInitializer(id, valueArguments.size + idxOffset, locId, enclosingCallable, enclosingStmt)
+            extractArrayCreationWithInitializer(id, nValueArguments + idxOffset, locId, enclosingCallable, enclosingStmt)
         } else {
             id
         }
 
-        if (extensionReceiver != null) {
-            extractExpressionExpr(extensionReceiver, enclosingCallable, argParent, 0, enclosingStmt)
+        if (extractExtensionReceiver != null) {
+            extractExtensionReceiver(argParent)
         }
 
-        extractCallValueArguments(argParent, valueArguments, enclosingStmt, enclosingCallable, idxOffset)
+        extractValueArguments(argParent, idxOffset)
     }
 
     private fun extractStaticTypeAccessQualifier(target: IrDeclaration, parentExpr: Label<out DbExprparent>, locId: Label<DbLocation>, enclosingCallable: Label<out DbCallable>, enclosingStmt: Label<out DbStmt>) {
-        if (target.isStaticOfClass) {
+        if (target.shouldExtractAsStaticMemberOfClass) {
             extractTypeAccessRecursive(target.parentAsClass.toRawType(), locId, parentExpr, -1, enclosingCallable, enclosingStmt)
-        } else if (target.isStaticOfFile) {
+        } else if (target.shouldExtractAsStaticMemberOfFile) {
             extractTypeAccess(useFileClassType(target.parent as IrFile), locId, parentExpr, -1, enclosingCallable, enclosingStmt)
         }
     }
 
-    private val IrDeclaration.isStaticOfClass: Boolean
-        get() = this.isStatic && parent is IrClass
+    private val IrDeclaration.shouldExtractAsStaticMemberOfClass: Boolean
+        get() = this.shouldExtractAsStatic && parent is IrClass
 
-    private val IrDeclaration.isStaticOfFile: Boolean
-        get() = this.isStatic && parent is IrFile
+    private val IrDeclaration.shouldExtractAsStaticMemberOfFile: Boolean
+        get() = this.shouldExtractAsStatic && parent is IrFile
 
-    private val IrDeclaration.isStatic: Boolean
-        get() = this is IrSimpleFunction && dispatchReceiverParameter == null ||
+    private fun isStaticAnnotatedNonCompanionMember(f: IrSimpleFunction) =
+        f.parentClassOrNull?.isNonCompanionObject == true &&
+                (f.hasAnnotation(jvmStaticFqName) || f.correspondingPropertySymbol?.owner?.hasAnnotation(jvmStaticFqName) == true)
+
+    private val IrDeclaration.shouldExtractAsStatic: Boolean
+        get() = this is IrSimpleFunction && (isStaticFunction(this) || isStaticAnnotatedNonCompanionMember(this)) ||
                 this is IrField && this.isStatic ||
                 this is IrEnumEntry
 
@@ -2608,73 +2744,16 @@ open class KotlinFileExtractor(
                     val exprParent = parent.expr(e, callable)
                     val owner = e.symbol.owner
                     if (owner is IrValueParameter && owner.index == -1 && !owner.isExtensionReceiver()) {
-                        val id = tw.getFreshIdLabel<DbThisaccess>()
-                        val type = useType(e.type)
-                        val locId = tw.getLocation(e)
-                        tw.writeExprs_thisaccess(id, type.javaResult.id, exprParent.parent, exprParent.idx)
-                        tw.writeExprsKotlinType(id, type.kotlinResult.id)
-                        tw.writeHasLocation(id, locId)
-                        tw.writeCallableEnclosingExpr(id, callable)
-                        tw.writeStatementEnclosingExpr(id, exprParent.enclosingStmt)
-
-
-                        fun extractTypeAccess(parent: IrClass){
-                            extractTypeAccessRecursive(parent.typeWith(listOf()), locId, id, 0, callable, exprParent.enclosingStmt)
-                        }
-
-                        when(val ownerParent = owner.parent) {
-                            is IrFunction -> {
-                                if (ownerParent.dispatchReceiverParameter == owner &&
-                                    ownerParent.extensionReceiverParameter != null) {
-
-                                    val ownerParent2 = ownerParent.parent
-                                    if (ownerParent2 is IrClass){
-                                        extractTypeAccess(ownerParent2)
+                        extractThisAccess(e, exprParent, callable)
                     } else {
-                                        logger.errorElement("Unhandled qualifier for this", e)
-                                    }
-                                }
-                            }
-                            is IrClass -> {
-                                if (ownerParent.thisReceiver == owner) {
-                                    extractTypeAccess(ownerParent)
-                                }
-                            }
-                            else -> {
-                                logger.errorElement("Unexpected owner parent for this access: " + ownerParent.javaClass, e)
-                            }
-                        }
-                    } else {
-                        val id = tw.getFreshIdLabel<DbVaraccess>()
-                        val type = useType(e.type)
-                        val locId = tw.getLocation(e)
-                        tw.writeExprs_varaccess(id, type.javaResult.id, exprParent.parent, exprParent.idx)
-                        tw.writeExprsKotlinType(id, type.kotlinResult.id)
-                        tw.writeHasLocation(id, locId)
-                        tw.writeCallableEnclosingExpr(id, callable)
-                        tw.writeStatementEnclosingExpr(id, exprParent.enclosingStmt)
-
-                        val vId = useValueDeclaration(owner)
-                        if (vId != null) {
-                            tw.writeVariableBinding(id, vId)
-                        }
+                        extractVariableAccess(useValueDeclaration(owner), e.type, tw.getLocation(e), exprParent.parent, exprParent.idx, callable, exprParent.enclosingStmt)
                     }
                 }
                 is IrGetField -> {
                     val exprParent = parent.expr(e, callable)
-                    val id = tw.getFreshIdLabel<DbVaraccess>()
-                    val type = useType(e.type)
-                    val locId = tw.getLocation(e)
-                    tw.writeExprs_varaccess(id, type.javaResult.id, exprParent.parent, exprParent.idx)
-                    tw.writeExprsKotlinType(id, type.kotlinResult.id)
-                    tw.writeHasLocation(id, locId)
-                    tw.writeCallableEnclosingExpr(id, callable)
-                    tw.writeStatementEnclosingExpr(id, exprParent.enclosingStmt)
                     val owner = tryReplaceAndroidSyntheticField(e.symbol.owner)
-                    val vId = useField(owner)
-                    tw.writeVariableBinding(id, vId)
-                    tw.writeStatementEnclosingExpr(id, exprParent.enclosingStmt)
-
+                    val locId = tw.getLocation(e)
+                    extractVariableAccess(useField(owner), e.type, locId, exprParent.parent, exprParent.idx, callable, exprParent.enclosingStmt).also { id ->
                         val receiver = e.receiver
                         if (receiver != null) {
                             extractExpressionExpr(receiver, callable, id, -1, exprParent.enclosingStmt)
@@ -2682,6 +2761,7 @@ open class KotlinFileExtractor(
                             extractStaticTypeAccessQualifier(owner, id, locId, callable, exprParent.enclosingStmt)
                         }
                     }
+                }
                 is IrGetEnumValue -> {
                     val exprParent = parent.expr(e, callable)
                     val id = tw.getFreshIdLabel<DbVaraccess>()
@@ -2980,6 +3060,71 @@ open class KotlinFileExtractor(
         }
     }
 
+    private fun extractThisAccess(e: IrGetValue, exprParent: ExprParent, callable: Label<out DbCallable>) {
+        val containingDeclaration = declarationStack.peek()
+        val locId = tw.getLocation(e)
+        val type = useType(e.type)
+
+        if (containingDeclaration.shouldExtractAsStatic && containingDeclaration.parentClassOrNull?.isNonCompanionObject == true) {
+            // Use of `this` in a non-companion object member that will be lowered to a static function -- replace with a reference
+            // to the corresponding static object instance.
+            val instanceField = useObjectClassInstance(containingDeclaration.parentAsClass)
+            extractVariableAccess(instanceField.id, e.type, locId, exprParent.parent, exprParent.idx, callable, exprParent.enclosingStmt).also { varAccessId ->
+                extractStaticTypeAccessQualifier(containingDeclaration, varAccessId, locId, callable, exprParent.enclosingStmt)
+            }
+        } else {
+            val id = tw.getFreshIdLabel<DbThisaccess>()
+
+            tw.writeExprs_thisaccess(id, type.javaResult.id, exprParent.parent, exprParent.idx)
+            tw.writeExprsKotlinType(id, type.kotlinResult.id)
+            tw.writeHasLocation(id, locId)
+            tw.writeCallableEnclosingExpr(id, callable)
+            tw.writeStatementEnclosingExpr(id, exprParent.enclosingStmt)
+
+            fun extractTypeAccess(parent: IrClass) {
+                extractTypeAccessRecursive(parent.typeWith(listOf()), locId, id, 0, callable, exprParent.enclosingStmt)
+            }
+
+            val owner = e.symbol.owner
+            when(val ownerParent = owner.parent) {
+                is IrFunction -> {
+                    if (ownerParent.dispatchReceiverParameter == owner &&
+                        ownerParent.extensionReceiverParameter != null) {
+
+                        val ownerParent2 = ownerParent.parent
+                        if (ownerParent2 is IrClass){
+                            extractTypeAccess(ownerParent2)
+                        } else {
+                            logger.errorElement("Unhandled qualifier for this", e)
+                        }
+                    }
+                }
+                is IrClass -> {
+                    if (ownerParent.thisReceiver == owner) {
+                        extractTypeAccess(ownerParent)
+                    }
+                }
+                else -> {
+                    logger.errorElement("Unexpected owner parent for this access: " + ownerParent.javaClass, e)
+                }
+            }
+        }
+    }
+
+    private fun extractVariableAccess(variable: Label<out DbVariable>?, irType: IrType, locId: Label<out DbLocation>, parent: Label<out DbExprparent>, idx: Int, callable: Label<out DbCallable>, enclosingStmt: Label<out DbStmt>) =
+        tw.getFreshIdLabel<DbVaraccess>().also {
+            val type = useType(irType)
+            tw.writeExprs_varaccess(it, type.javaResult.id, parent, idx)
+            tw.writeExprsKotlinType(it, type.kotlinResult.id)
+            tw.writeHasLocation(it, locId)
+            tw.writeCallableEnclosingExpr(it, callable)
+            tw.writeStatementEnclosingExpr(it, enclosingStmt)
+
+            if (variable != null) {
+                tw.writeVariableBinding(it, variable)
+            }
+        }
+
     private fun extractLoop(
         loop: IrLoop,
         stmtExprParent: StmtExprParent,
@@ -4395,5 +4540,6 @@ open class KotlinFileExtractor(
         ENUM_CLASS_SPECIAL_MEMBER(5),
         DELEGATED_PROPERTY_GETTER(6),
         DELEGATED_PROPERTY_SETTER(7),
+        JVMSTATIC_PROXY_METHOD(8),
     }
 }

java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt

@@ -11,6 +11,7 @@ import org.jetbrains.kotlin.backend.common.lower.parents
 import org.jetbrains.kotlin.backend.common.lower.parentsWithSelf
 import org.jetbrains.kotlin.backend.jvm.ir.propertyIfAccessor
 import org.jetbrains.kotlin.builtins.StandardNames
+import org.jetbrains.kotlin.codegen.JvmCodegenUtil
 import org.jetbrains.kotlin.descriptors.*
 import org.jetbrains.kotlin.ir.ObsoleteDescriptorBasedAPI
 import org.jetbrains.kotlin.ir.declarations.*
@@ -23,8 +24,10 @@ import org.jetbrains.kotlin.load.java.BuiltinMethodsWithSpecialGenericSignature
 import org.jetbrains.kotlin.load.java.JvmAbi
 import org.jetbrains.kotlin.load.java.sources.JavaSourceElement
 import org.jetbrains.kotlin.load.java.structure.*
+import org.jetbrains.kotlin.load.kotlin.getJvmModuleNameForDeserializedDescriptor
 import org.jetbrains.kotlin.name.FqName
 import org.jetbrains.kotlin.name.Name
+import org.jetbrains.kotlin.name.NameUtils
 import org.jetbrains.kotlin.name.SpecialNames
 import org.jetbrains.kotlin.types.Variance
 import org.jetbrains.kotlin.util.OperatorNameConventions
@@ -754,11 +757,25 @@ open class KotlinUsesExtractor(
 
     data class FunctionNames(val nameInDB: String, val kotlinName: String)
 
+    @OptIn(ObsoleteDescriptorBasedAPI::class)
+    private fun getJvmModuleName(f: IrFunction) =
+        NameUtils.sanitizeAsJavaIdentifier(
+            getJvmModuleNameForDeserializedDescriptor(f.descriptor) ?: JvmCodegenUtil.getModuleName(pluginContext.moduleDescriptor)
+        )
+
     fun getFunctionShortName(f: IrFunction) : FunctionNames {
         if (f.origin == IrDeclarationOrigin.LOCAL_FUNCTION_FOR_LAMBDA || f.isAnonymousFunction)
             return FunctionNames(
                 OperatorNameConventions.INVOKE.asString(),
                 OperatorNameConventions.INVOKE.asString())
+
+        fun getSuffixIfInternal() =
+            if (f.visibility == DescriptorVisibilities.INTERNAL) {
+                "\$" + getJvmModuleName(f)
+            } else {
+                ""
+            }
+
         (f as? IrSimpleFunction)?.correspondingPropertySymbol?.let {
             val propName = it.owner.name.asString()
             val getter = it.owner.getter
@@ -774,35 +791,26 @@ open class KotlinUsesExtractor(
                 }
             }
 
-            when (f) {
-                getter -> {
-                    val defaultFunctionName = JvmAbi.getterName(propName)
-                    val defaultDbName = if (getter.visibility == DescriptorVisibilities.PRIVATE && getter.origin == IrDeclarationOrigin.DEFAULT_PROPERTY_ACCESSOR) {
-                        // In JVM these functions don't exist, instead the backing field is accessed directly
-                        defaultFunctionName + "\$private"
-                    } else {
-                        defaultFunctionName
-                    }
-                    return FunctionNames(getJvmName(getter) ?: defaultDbName, defaultFunctionName)
-                }
-                setter -> {
-                    val defaultFunctionName = JvmAbi.setterName(propName)
-                    val defaultDbName = if (setter.visibility == DescriptorVisibilities.PRIVATE && setter.origin == IrDeclarationOrigin.DEFAULT_PROPERTY_ACCESSOR) {
-                        // In JVM these functions don't exist, instead the backing field is accessed directly
-                        defaultFunctionName + "\$private"
-                    } else {
-                        defaultFunctionName
-                    }
-                    return FunctionNames(getJvmName(setter) ?: defaultDbName, defaultFunctionName)
-                }
+            val maybeFunctionName = when (f) {
+                getter -> JvmAbi.getterName(propName)
+                setter -> JvmAbi.setterName(propName)
                 else -> {
                     logger.error(
                         "Function has a corresponding property, but is neither the getter nor the setter"
                     )
+                    null
                 }
             }
+            maybeFunctionName?.let { defaultFunctionName ->
+                val suffix = if (f.visibility == DescriptorVisibilities.PRIVATE && f.origin == IrDeclarationOrigin.DEFAULT_PROPERTY_ACCESSOR) {
+                    "\$private"
+                } else {
+                    getSuffixIfInternal()
                 }
-        return FunctionNames(getJvmName(f) ?: f.name.asString(), f.name.asString())
+                return FunctionNames(getJvmName(f) ?: "$defaultFunctionName$suffix", defaultFunctionName)
+            }
+        }
+        return FunctionNames(getJvmName(f) ?: "${f.name.asString()}${getSuffixIfInternal()}", f.name.asString())
     }
 
     // This excludes class type parameters that show up in (at least) constructors' typeParameters list.
@@ -970,7 +978,7 @@ open class KotlinUsesExtractor(
      * allow it to be passed in.
     */
     @OptIn(ObsoleteDescriptorBasedAPI::class)
-    private fun getFunctionLabel(f: IrFunction, maybeParentId: Label<out DbElement>?, classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?) =
+    fun getFunctionLabel(f: IrFunction, maybeParentId: Label<out DbElement>?, classTypeArgsIncludingOuterClasses: List<IrTypeArgument>?) =
         getFunctionLabel(
             f.parent,
             maybeParentId,
@@ -1514,7 +1522,7 @@ open class KotlinUsesExtractor(
         // otherwise two extension properties declared in the same enclosing context will get
         // clashing trap labels. These are always private, so we can just make up a label without
         // worrying about their names as seen from Java.
-        val extensionPropertyDiscriminator = getExtensionReceiverType(f)?.let { "extension;${useType(it)}" } ?: ""
+        val extensionPropertyDiscriminator = getExtensionReceiverType(f)?.let { "extension;${useType(it).javaResult.id}" } ?: ""
         return "@\"field;{$parentId};${extensionPropertyDiscriminator}${f.name.asString()}\""
     }
 

java/kotlin-extractor/src/main/kotlin/utils/JvmNames.kt

@@ -55,7 +55,7 @@ private val specialFunctions = mapOf(
 
 private val specialFunctionShortNames = specialFunctions.keys.map { it.functionName }.toSet()
 
-fun getSpecialJvmName(f: IrFunction): String? {
+private fun getSpecialJvmName(f: IrFunction): String? {
     if (specialFunctionShortNames.contains(f.name) && f is IrSimpleFunction) {
         f.allOverridden(true).forEach { overriddenFunc ->
             overriddenFunc.parentClassOrNull?.fqNameWhenAvailable?.let { parentFqName ->

java/kotlin-extractor/src/main/kotlin/utils/TypeSubstitution.kt

@@ -37,7 +37,7 @@ fun IrType.substituteTypeArguments(params: List<IrTypeParameter>, arguments: Lis
         else -> this
     }
 
-fun IrSimpleType.substituteTypeArguments(substitutionMap: Map<IrTypeParameterSymbol, IrTypeArgument>): IrSimpleType {
+private fun IrSimpleType.substituteTypeArguments(substitutionMap: Map<IrTypeParameterSymbol, IrTypeArgument>): IrSimpleType {
     if (substitutionMap.isEmpty()) return this
 
     val newArguments = arguments.map {
@@ -100,7 +100,7 @@ private fun subProjectedType(substitutionMap: Map<IrTypeParameterSymbol, IrTypeA
         }
     } ?: makeTypeProjection(t.substituteTypeArguments(substitutionMap), outerVariance)
 
-fun IrTypeArgument.upperBound(context: IrPluginContext) =
+private fun IrTypeArgument.upperBound(context: IrPluginContext) =
     when(this) {
         is IrStarProjection -> context.irBuiltIns.anyNType
         is IrTypeProjection -> when(this.variance) {
@@ -111,7 +111,7 @@ fun IrTypeArgument.upperBound(context: IrPluginContext) =
         else -> context.irBuiltIns.anyNType
     }
 
-fun IrTypeArgument.lowerBound(context: IrPluginContext) =
+private fun IrTypeArgument.lowerBound(context: IrPluginContext) =
     when(this) {
         is IrStarProjection -> context.irBuiltIns.nothingType
         is IrTypeProjection -> when(this.variance) {
@@ -200,7 +200,7 @@ fun IrTypeArgument.withQuestionMark(b: Boolean): IrTypeArgument =
 
 typealias TypeSubstitution = (IrType, KotlinUsesExtractor.TypeContext, IrPluginContext) -> IrType
 
-fun matchingTypeParameters(l: IrTypeParameter?, r: IrTypeParameter): Boolean {
+private fun matchingTypeParameters(l: IrTypeParameter?, r: IrTypeParameter): Boolean {
     if (l === r)
         return true
     if (l == null)

java/ql/consistency-queries/visibility.ql

@@ -18,5 +18,6 @@ where
   m.getFile().isKotlinSourceFile() and
   // TODO: This ought to have visibility information
   not m.getName() = "<clinit>" and
-  count(visibility(m)) != 1
+  count(visibility(m)) != 1 and
+  not (count(visibility(m)) = 2 and visibility(m) = "public" and visibility(m) = "internal") // This is a reasonable result, since the JVM symbol is declared public, but Kotlin metadata flags it as internal
 select m, concat(visibility(m), ", ")

java/ql/integration-tests/linux-only/kotlin/custom_plugin/PrintAst.expected

@@ -48,7 +48,7 @@ c.kt:
 d.kt:
 #    0| [CompilationUnit] d
 #    1|   1: [Class] D
-#    0|     1: [FieldDeclaration] String bar;
+#    0|     2: [FieldDeclaration] String bar;
 #    0|       -1: [TypeAccess] String
 #    0|       0: [StringLiteral] Foobar
 #    1|     3: [Constructor] D
@@ -67,7 +67,7 @@ e.kt:
 #    0|               -3: [TypeAccess] ArrayList<Object>
 #    0|               0: [IntegerLiteral] 1
 #    0|             0: [NullLiteral] null
-#    0|     1: [Method] <fn_LinkedHashMap>
+#    0|     2: [Method] <fn_LinkedHashMap>
 #    0|       3: [TypeAccess] Object
 #    0|       5: [BlockStmt] { ... }
 #    0|         0: [ReturnStmt] return ...

java/ql/integration-tests/posix-only/kotlin/gradle_kotlinx_serialization/PrintAst.expected

@@ -40,43 +40,19 @@ app/src/main/kotlin/testProject/App.kt:
 #    7|               -1: [ThisAccess] Project.this
 #    7|                 0: [TypeAccess] Project
 #    7|             1: [VarAccess] language
-#    0|     1: [Method] write$Self
-#    0|       3: [TypeAccess] Unit
-#-----|       4: (Parameters)
-#    0|         0: [Parameter] self
-#    0|           0: [TypeAccess] Project
-#    0|         1: [Parameter] output
-#    0|           0: [TypeAccess] CompositeEncoder
-#    0|         2: [Parameter] serialDesc
-#    0|           0: [TypeAccess] SerialDescriptor
-#    7|       5: [BlockStmt] { ... }
-#    7|         0: [ExprStmt] <Expr>;
-#    7|           0: [MethodAccess] encodeStringElement(...)
-#    7|             -1: [VarAccess] output
-#    7|             0: [VarAccess] serialDesc
-#    7|             1: [IntegerLiteral] 0
-#    7|             2: [MethodAccess] getName(...)
-#    7|               -1: [VarAccess] self
-#    7|         1: [ExprStmt] <Expr>;
-#    7|           0: [MethodAccess] encodeIntElement(...)
-#    7|             -1: [VarAccess] output
-#    7|             0: [VarAccess] serialDesc
-#    7|             1: [IntegerLiteral] 1
-#    7|             2: [MethodAccess] getLanguage(...)
-#    7|               -1: [VarAccess] self
-#    0|     1: [Method] component1
+#    0|     2: [Method] component1
 #    0|       3: [TypeAccess] String
 #    0|       5: [BlockStmt] { ... }
 #    0|         0: [ReturnStmt] return ...
 #    0|           0: [VarAccess] this.name
 #    0|             -1: [ThisAccess] this
-#    0|     1: [Method] component2
+#    0|     3: [Method] component2
 #    0|       3: [TypeAccess] int
 #    0|       5: [BlockStmt] { ... }
 #    0|         0: [ReturnStmt] return ...
 #    0|           0: [VarAccess] this.language
 #    0|             -1: [ThisAccess] this
-#    0|     1: [Method] copy
+#    0|     4: [Method] copy
 #    0|       3: [TypeAccess] Project
 #-----|       4: (Parameters)
 #    8|         0: [Parameter] name
@@ -89,41 +65,7 @@ app/src/main/kotlin/testProject/App.kt:
 #    0|             -3: [TypeAccess] Project
 #    0|             0: [VarAccess] name
 #    0|             1: [VarAccess] language
-#    0|     1: [Method] toString
-#    0|       3: [TypeAccess] String
-#    0|       5: [BlockStmt] { ... }
-#    0|         0: [ReturnStmt] return ...
-#    0|           0: [StringTemplateExpr] "..."
-#    0|             0: [StringLiteral] Project(
-#    0|             1: [StringLiteral] name=
-#    0|             2: [VarAccess] this.name
-#    0|               -1: [ThisAccess] this
-#    0|             3: [StringLiteral] , 
-#    0|             4: [StringLiteral] language=
-#    0|             5: [VarAccess] this.language
-#    0|               -1: [ThisAccess] this
-#    0|             6: [StringLiteral] )
-#    0|     1: [Method] hashCode
-#    0|       3: [TypeAccess] int
-#    0|       5: [BlockStmt] { ... }
-#    0|         0: [LocalVariableDeclStmt] var ...;
-#    0|           1: [LocalVariableDeclExpr] result
-#    0|             0: [MethodAccess] hashCode(...)
-#    0|               -1: [VarAccess] this.name
-#    0|                 -1: [ThisAccess] this
-#    0|         1: [ExprStmt] <Expr>;
-#    0|           0: [AssignExpr] ...=...
-#    0|             0: [VarAccess] result
-#    0|             1: [MethodAccess] plus(...)
-#    0|               -1: [MethodAccess] times(...)
-#    0|                 -1: [VarAccess] result
-#    0|                 0: [IntegerLiteral] 31
-#    0|               0: [MethodAccess] hashCode(...)
-#    0|                 -1: [VarAccess] this.language
-#    0|                   -1: [ThisAccess] this
-#    0|         2: [ReturnStmt] return ...
-#    0|           0: [VarAccess] result
-#    0|     1: [Method] equals
+#    0|     5: [Method] equals
 #    0|       3: [TypeAccess] boolean
 #-----|       4: (Parameters)
 #    0|         0: [Parameter] other
@@ -172,27 +114,68 @@ app/src/main/kotlin/testProject/App.kt:
 #    0|                 0: [BooleanLiteral] false
 #    0|         5: [ReturnStmt] return ...
 #    0|           0: [BooleanLiteral] true
-#    7|     9: [Class] Companion
-#    0|       1: [Method] serializer
-#    0|         3: [TypeAccess] KSerializer<Project>
-#    0|           0: [TypeAccess] Project
-#    7|         5: [BlockStmt] { ... }
-#    7|           0: [ReturnStmt] return ...
-#    7|             0: [VarAccess] INSTANCE
-#    7|       2: [Constructor] Companion
-#    7|         5: [BlockStmt] { ... }
-#    7|           0: [SuperConstructorInvocationStmt] super(...)
-#    7|           1: [BlockStmt] { ... }
-#    7|     9: [Class] $serializer
-#    0|       1: [Method] getDescriptor
-#    0|         3: [TypeAccess] SerialDescriptor
+#    0|     6: [Method] hashCode
+#    0|       3: [TypeAccess] int
+#    0|       5: [BlockStmt] { ... }
+#    0|         0: [LocalVariableDeclStmt] var ...;
+#    0|           1: [LocalVariableDeclExpr] result
+#    0|             0: [MethodAccess] hashCode(...)
+#    0|               -1: [VarAccess] this.name
+#    0|                 -1: [ThisAccess] this
+#    0|         1: [ExprStmt] <Expr>;
+#    0|           0: [AssignExpr] ...=...
+#    0|             0: [VarAccess] result
+#    0|             1: [MethodAccess] plus(...)
+#    0|               -1: [MethodAccess] times(...)
+#    0|                 -1: [VarAccess] result
+#    0|                 0: [IntegerLiteral] 31
+#    0|               0: [MethodAccess] hashCode(...)
+#    0|                 -1: [VarAccess] this.language
+#    0|                   -1: [ThisAccess] this
+#    0|         2: [ReturnStmt] return ...
+#    0|           0: [VarAccess] result
+#    0|     7: [Method] toString
+#    0|       3: [TypeAccess] String
 #    0|       5: [BlockStmt] { ... }
 #    0|         0: [ReturnStmt] return ...
-#    0|             0: [VarAccess] this.descriptor
+#    0|           0: [StringTemplateExpr] "..."
+#    0|             0: [StringLiteral] Project(
+#    0|             1: [StringLiteral] name=
+#    0|             2: [VarAccess] this.name
 #    0|               -1: [ThisAccess] this
+#    0|             3: [StringLiteral] , 
+#    0|             4: [StringLiteral] language=
+#    0|             5: [VarAccess] this.language
+#    0|               -1: [ThisAccess] this
+#    0|             6: [StringLiteral] )
+#    0|     8: [Method] write$Self
+#    0|       3: [TypeAccess] Unit
+#-----|       4: (Parameters)
+#    0|         0: [Parameter] self
+#    0|           0: [TypeAccess] Project
+#    0|         1: [Parameter] output
+#    0|           0: [TypeAccess] CompositeEncoder
+#    0|         2: [Parameter] serialDesc
+#    0|           0: [TypeAccess] SerialDescriptor
+#    7|       5: [BlockStmt] { ... }
+#    7|         0: [ExprStmt] <Expr>;
+#    7|           0: [MethodAccess] encodeStringElement(...)
+#    7|             -1: [VarAccess] output
+#    7|             0: [VarAccess] serialDesc
+#    7|             1: [IntegerLiteral] 0
+#    7|             2: [MethodAccess] getName(...)
+#    7|               -1: [VarAccess] self
+#    7|         1: [ExprStmt] <Expr>;
+#    7|           0: [MethodAccess] encodeIntElement(...)
+#    7|             -1: [VarAccess] output
+#    7|             0: [VarAccess] serialDesc
+#    7|             1: [IntegerLiteral] 1
+#    7|             2: [MethodAccess] getLanguage(...)
+#    7|               -1: [VarAccess] self
+#    7|     9: [Class] $serializer
 #    0|       1: [FieldDeclaration] SerialDescriptor descriptor;
 #    0|         -1: [TypeAccess] SerialDescriptor
-#    0|       1: [Method] childSerializers
+#    0|       2: [Method] childSerializers
 #    0|         3: [TypeAccess] KSerializer<?>[]
 #    0|           0: [TypeAccess] KSerializer<?>
 #    0|             0: [WildcardTypeAccess] ? ...
@@ -204,7 +187,7 @@ app/src/main/kotlin/testProject/App.kt:
 #    7|                 1: [VarAccess] INSTANCE
 #    7|               -1: [TypeAccess] KSerializer<?>
 #    7|               0: [IntegerLiteral] 2
-#    0|       1: [Method] deserialize
+#    0|       3: [Method] deserialize
 #    0|         3: [TypeAccess] Project
 #-----|         4: (Parameters)
 #    0|           0: [Parameter] decoder
@@ -342,7 +325,13 @@ app/src/main/kotlin/testProject/App.kt:
 #    7|               1: [VarAccess] tmp4_local0
 #    7|               2: [VarAccess] tmp5_local1
 #    7|               3: [NullLiteral] null
-#    0|       1: [Method] serialize
+#    0|       4: [Method] getDescriptor
+#    0|         3: [TypeAccess] SerialDescriptor
+#    0|         5: [BlockStmt] { ... }
+#    0|           0: [ReturnStmt] return ...
+#    0|             0: [VarAccess] this.descriptor
+#    0|               -1: [ThisAccess] this
+#    0|       5: [Method] serialize
 #    0|         3: [TypeAccess] Unit
 #-----|         4: (Parameters)
 #    0|           0: [Parameter] encoder
@@ -397,6 +386,17 @@ app/src/main/kotlin/testProject/App.kt:
 #    7|                   -1: [ThisAccess] $serializer.this
 #    7|                     0: [TypeAccess] $serializer
 #    7|                 1: [VarAccess] tmp0_serialDesc
+#    7|     10: [Class] Companion
+#    0|       1: [Method] serializer
+#    0|         3: [TypeAccess] KSerializer<Project>
+#    0|           0: [TypeAccess] Project
+#    7|         5: [BlockStmt] { ... }
+#    7|           0: [ReturnStmt] return ...
+#    7|             0: [VarAccess] INSTANCE
+#    7|       2: [Constructor] Companion
+#    7|         5: [BlockStmt] { ... }
+#    7|           0: [SuperConstructorInvocationStmt] super(...)
+#    7|           1: [BlockStmt] { ... }
 #    8|     11: [Constructor] Project
 #-----|       4: (Parameters)
 #    8|         0: [Parameter] name
@@ -412,21 +412,21 @@ app/src/main/kotlin/testProject/App.kt:
 #    8|           1: [ExprStmt] <Expr>;
 #    8|             0: [KtInitializerAssignExpr] ...=...
 #    8|               0: [VarAccess] language
-#    8|     12: [Method] getName
+#    8|     12: [FieldDeclaration] String name;
+#    8|       -1: [TypeAccess] String
+#    8|       0: [VarAccess] name
+#    8|     13: [Method] getName
 #    8|       3: [TypeAccess] String
 #    8|       5: [BlockStmt] { ... }
 #    8|         0: [ReturnStmt] return ...
 #    8|           0: [VarAccess] this.name
 #    8|             -1: [ThisAccess] this
-#    8|     12: [FieldDeclaration] String name;
-#    8|       -1: [TypeAccess] String
-#    8|       0: [VarAccess] name
 #    8|     14: [Method] getLanguage
 #    8|       3: [TypeAccess] int
 #    8|       5: [BlockStmt] { ... }
 #    8|         0: [ReturnStmt] return ...
 #    8|           0: [VarAccess] this.language
 #    8|             -1: [ThisAccess] this
-#    8|     14: [FieldDeclaration] int language;
+#    8|     15: [FieldDeclaration] int language;
 #    8|       -1: [TypeAccess] int
 #    8|       0: [VarAccess] language

java/ql/integration-tests/posix-only/kotlin/module_mangled_names/User.java

@@ -0,0 +1,9 @@
+public class User {
+
+  public static int test(Test1 test1, Test2 test2, Test3 test3) {
+
+    return test1.f$main() + test2.f$mymodule() + test3.f$reservedchars___();
+
+  }
+
+}

java/ql/integration-tests/posix-only/kotlin/module_mangled_names/test.expected

@@ -0,0 +1,4 @@
+| User.java:3:21:3:24 | test |
+| test1.kt:3:12:3:22 | f$main |
+| test2.kt:3:12:3:22 | f$mymodule |
+| test3.kt:3:12:3:22 | f$reservedchars___ |

java/ql/integration-tests/posix-only/kotlin/module_mangled_names/test.py

@@ -0,0 +1,3 @@
+from create_database_utils import *
+
+run_codeql_database_create(["kotlinc test1.kt", "kotlinc test2.kt -module-name mymodule", "kotlinc test3.kt -module-name reservedchars\\\"${}/", "javac User.java -cp ." ], lang="java")

java/ql/integration-tests/posix-only/kotlin/module_mangled_names/test.ql

@@ -0,0 +1,5 @@
+import java
+
+from Method m
+where m.fromSource()
+select m

java/ql/integration-tests/posix-only/kotlin/module_mangled_names/test1.kt

@@ -0,0 +1,5 @@
+public class Test1 {
+
+  internal fun f() = 1
+
+}

java/ql/integration-tests/posix-only/kotlin/module_mangled_names/test2.kt

@@ -0,0 +1,5 @@
+public class Test2 {
+
+  internal fun f() = 2
+
+}

java/ql/integration-tests/posix-only/kotlin/module_mangled_names/test3.kt

@@ -0,0 +1,5 @@
+public class Test3 {
+
+  internal fun f() = 3
+
+}

java/ql/integration-tests/posix-only/kotlin/nested_generic_types/JavaUser.java

@@ -21,6 +21,15 @@ public class JavaUser {
     String result4 = d.identity("goodbye");
     Short result5 = e.returnSixth(1, "hello", 1.0f, 1.0, 1L, (short)1);
 
+    OuterGeneric<String>.InnerNotGeneric innerGetterTest = (new OuterGeneric<String>()).getInnerNotGeneric();
+    OuterNotGeneric.InnerGeneric<String> innerGetterTest2 = (new OuterNotGeneric()).getInnerGeneric();
+
+    TypeParamVisibility<String> tpv = new TypeParamVisibility<String>();
+    TypeParamVisibility<String>.VisibleBecauseInner<String> visibleBecauseInner = tpv.getVisibleBecauseInner();
+    TypeParamVisibility<String>.VisibleBecauseInnerIndirectContainer.VisibleBecauseInnerIndirect<String> visibleBecauseInnerIndirect = tpv.getVisibleBecauseInnerIndirect();
+    TypeParamVisibility.NotVisibleBecauseStatic<String> notVisibleBecauseStatic = tpv.getNotVisibleBecauseStatic();
+    TypeParamVisibility.NotVisibleBecauseStaticIndirectContainer.NotVisibleBecauseStaticIndirect<String> notVisibleBecauseStaticIndirect = tpv.getNotVisibleBecauseStaticIndirect();
+
   }
 
 }

java/ql/integration-tests/posix-only/kotlin/nested_generic_types/KotlinUser.kt

@@ -22,6 +22,15 @@ class User {
     val result4 = d.identity("goodbye")
     val result5 = e.returnSixth(1, "hello", 1.0f, 1.0, 1L, 1.toShort())
 
+    val innerGetterTest = OuterGeneric<String>().getInnerNotGeneric()
+    val innerGetterTest2 = OuterNotGeneric().getInnerGeneric()
+
+    val tpv = TypeParamVisibility<String>()
+    val visibleBecauseInner = tpv.getVisibleBecauseInner();
+    val visibleBecauseInnerIndirect = tpv.getVisibleBecauseInnerIndirect()
+    val notVisibleBecauseStatic = tpv.getNotVisibleBecauseStatic()
+    val notVisibleBecauseStaticIndirect = tpv.getNotVisibleBecauseStaticIndirect()
+
   }
 
 }

java/ql/integration-tests/posix-only/kotlin/nested_generic_types/libsrc/extlib/OuterGeneric.java

@@ -8,6 +8,8 @@ public class OuterGeneric<T> {
 
   }
 
+  public InnerNotGeneric getInnerNotGeneric() { return null; }
+
   public class InnerGeneric<S> {
 
     public <R> InnerGeneric(R r) { }

java/ql/integration-tests/posix-only/kotlin/nested_generic_types/libsrc/extlib/OuterNotGeneric.java

@@ -8,4 +8,10 @@ public class OuterNotGeneric {
 
   }
 
+  public InnerGeneric<String> getInnerGeneric() {
+
+    return new InnerGeneric<String>();
+
+  }
+
 }

java/ql/integration-tests/posix-only/kotlin/nested_generic_types/libsrc/extlib/TypeParamVisibility.java

@@ -0,0 +1,29 @@
+package extlib;
+
+public class TypeParamVisibility<T> {
+
+  public class VisibleBecauseInner<S> { }
+
+  public class VisibleBecauseInnerIndirectContainer {
+
+    public class VisibleBecauseInnerIndirect<S> { }
+
+  }
+
+  public static class NotVisibleBecauseStatic<S> { }
+
+  public static class NotVisibleBecauseStaticIndirectContainer {
+
+    public class NotVisibleBecauseStaticIndirect<S> { }
+
+  }
+
+  public VisibleBecauseInner<String> getVisibleBecauseInner() { return new VisibleBecauseInner<String>(); }
+
+  public VisibleBecauseInnerIndirectContainer.VisibleBecauseInnerIndirect<String> getVisibleBecauseInnerIndirect() { return (new VisibleBecauseInnerIndirectContainer()).new VisibleBecauseInnerIndirect<String>(); }
+
+  public NotVisibleBecauseStatic<String> getNotVisibleBecauseStatic() { return new NotVisibleBecauseStatic(); }
+
+  public NotVisibleBecauseStaticIndirectContainer.NotVisibleBecauseStaticIndirect<String> getNotVisibleBecauseStaticIndirect() { return (new NotVisibleBecauseStaticIndirectContainer()).new NotVisibleBecauseStaticIndirect<String>(); }
+
+}

java/ql/integration-tests/posix-only/kotlin/nested_generic_types/test.expected

@@ -59,6 +59,15 @@ callArgs
 | JavaUser.java:22:21:22:70 | returnSixth(...) | JavaUser.java:22:53:22:55 | 1.0 | 3 |
 | JavaUser.java:22:21:22:70 | returnSixth(...) | JavaUser.java:22:58:22:59 | 1L | 4 |
 | JavaUser.java:22:21:22:70 | returnSixth(...) | JavaUser.java:22:62:22:69 | (...)... | 5 |
+| JavaUser.java:24:60:24:108 | getInnerNotGeneric(...) | JavaUser.java:24:61:24:86 | new OuterGeneric<String>(...) | -1 |
+| JavaUser.java:24:61:24:86 | new OuterGeneric<String>(...) | JavaUser.java:24:65:24:84 | OuterGeneric<String> | -3 |
+| JavaUser.java:25:61:25:101 | getInnerGeneric(...) | JavaUser.java:25:62:25:82 | new OuterNotGeneric(...) | -1 |
+| JavaUser.java:25:62:25:82 | new OuterNotGeneric(...) | JavaUser.java:25:66:25:80 | OuterNotGeneric | -3 |
+| JavaUser.java:27:39:27:71 | new TypeParamVisibility<String>(...) | JavaUser.java:27:43:27:69 | TypeParamVisibility<String> | -3 |
+| JavaUser.java:28:83:28:110 | getVisibleBecauseInner(...) | JavaUser.java:28:83:28:85 | tpv | -1 |
+| JavaUser.java:29:136:29:171 | getVisibleBecauseInnerIndirect(...) | JavaUser.java:29:136:29:138 | tpv | -1 |
+| JavaUser.java:30:83:30:114 | getNotVisibleBecauseStatic(...) | JavaUser.java:30:83:30:85 | tpv | -1 |
+| JavaUser.java:31:140:31:179 | getNotVisibleBecauseStaticIndirect(...) | JavaUser.java:31:140:31:142 | tpv | -1 |
 | KotlinUser.kt:9:13:9:31 | new OuterGeneric<Integer>(...) | KotlinUser.kt:9:13:9:31 | OuterGeneric<Integer> | -3 |
 | KotlinUser.kt:9:33:9:63 | new InnerGeneric<String>(...) | KotlinUser.kt:9:13:9:31 | new OuterGeneric<Integer>(...) | -2 |
 | KotlinUser.kt:9:33:9:63 | new InnerGeneric<String>(...) | KotlinUser.kt:9:33:9:63 | InnerGeneric<String> | -3 |
@@ -116,6 +125,15 @@ callArgs
 | KotlinUser.kt:23:21:23:71 | returnSixth(...) | KotlinUser.kt:23:56:23:57 | 1 | 4 |
 | KotlinUser.kt:23:21:23:71 | returnSixth(...) | KotlinUser.kt:23:62:23:70 | shortValue(...) | 5 |
 | KotlinUser.kt:23:62:23:70 | shortValue(...) | KotlinUser.kt:23:60:23:60 | 1 | -1 |
+| KotlinUser.kt:25:27:25:48 | new OuterGeneric<String>(...) | KotlinUser.kt:25:27:25:48 | OuterGeneric<String> | -3 |
+| KotlinUser.kt:25:50:25:69 | getInnerNotGeneric(...) | KotlinUser.kt:25:27:25:48 | new OuterGeneric<String>(...) | -1 |
+| KotlinUser.kt:26:28:26:44 | new OuterNotGeneric(...) | KotlinUser.kt:26:28:26:44 | OuterNotGeneric | -3 |
+| KotlinUser.kt:26:46:26:62 | getInnerGeneric(...) | KotlinUser.kt:26:28:26:44 | new OuterNotGeneric(...) | -1 |
+| KotlinUser.kt:28:15:28:43 | new TypeParamVisibility<String>(...) | KotlinUser.kt:28:15:28:43 | TypeParamVisibility<String> | -3 |
+| KotlinUser.kt:29:35:29:58 | getVisibleBecauseInner(...) | KotlinUser.kt:29:31:29:33 | tpv | -1 |
+| KotlinUser.kt:30:43:30:74 | getVisibleBecauseInnerIndirect(...) | KotlinUser.kt:30:39:30:41 | tpv | -1 |
+| KotlinUser.kt:31:39:31:66 | getNotVisibleBecauseStatic(...) | KotlinUser.kt:31:35:31:37 | tpv | -1 |
+| KotlinUser.kt:32:47:32:82 | getNotVisibleBecauseStaticIndirect(...) | KotlinUser.kt:32:43:32:45 | tpv | -1 |
 genericTypes
 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | S |
 | extlib.jar/extlib/OuterGeneric$InnerStaticGeneric.class:0:0:0:0 | InnerStaticGeneric | extlib.jar/extlib/OuterGeneric$InnerStaticGeneric.class:0:0:0:0 | S |
@@ -127,6 +145,11 @@ genericTypes
 | extlib.jar/extlib/OuterManyParams.class:0:0:0:0 | OuterManyParams | extlib.jar/extlib/OuterManyParams.class:0:0:0:0 | A |
 | extlib.jar/extlib/OuterManyParams.class:0:0:0:0 | OuterManyParams | extlib.jar/extlib/OuterManyParams.class:0:0:0:0 | B |
 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | S |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStatic.class:0:0:0:0 | NotVisibleBecauseStatic | extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStatic.class:0:0:0:0 | S |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer$NotVisibleBecauseStaticIndirect.class:0:0:0:0 | NotVisibleBecauseStaticIndirect | extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer$NotVisibleBecauseStaticIndirect.class:0:0:0:0 | S |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInner.class:0:0:0:0 | VisibleBecauseInner | extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInner.class:0:0:0:0 | S |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer$VisibleBecauseInnerIndirect.class:0:0:0:0 | VisibleBecauseInnerIndirect | extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer$VisibleBecauseInnerIndirect.class:0:0:0:0 | S |
+| extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | T |
 paramTypes
 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric | S |
 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> | String |
@@ -149,6 +172,18 @@ paramTypes
 | extlib.jar/extlib/OuterManyParams.class:0:0:0:0 | OuterManyParams<Integer,String> | String |
 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric | S |
 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> | String |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStatic.class:0:0:0:0 | NotVisibleBecauseStatic | S |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStatic.class:0:0:0:0 | NotVisibleBecauseStatic<String> | String |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer$NotVisibleBecauseStaticIndirect.class:0:0:0:0 | NotVisibleBecauseStaticIndirect | S |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer$NotVisibleBecauseStaticIndirect.class:0:0:0:0 | NotVisibleBecauseStaticIndirect<String> | String |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInner.class:0:0:0:0 | VisibleBecauseInner | S |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInner.class:0:0:0:0 | VisibleBecauseInner<String> | String |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInner.class:0:0:0:0 | VisibleBecauseInner<String> | String |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer$VisibleBecauseInnerIndirect.class:0:0:0:0 | VisibleBecauseInnerIndirect | S |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer$VisibleBecauseInnerIndirect.class:0:0:0:0 | VisibleBecauseInnerIndirect<String> | String |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer$VisibleBecauseInnerIndirect.class:0:0:0:0 | VisibleBecauseInnerIndirect<String> | String |
+| extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility | T |
+| extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> | String |
 constructors
 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric | InnerGeneric(java.lang.Object) |
 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric | InnerGeneric(java.lang.Object,java.lang.Object) |
@@ -171,6 +206,14 @@ constructors
 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric | InnerGeneric() |
 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> | InnerGeneric<String>() |
 | extlib.jar/extlib/OuterNotGeneric.class:0:0:0:0 | OuterNotGeneric | OuterNotGeneric() |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStatic.class:0:0:0:0 | NotVisibleBecauseStatic | NotVisibleBecauseStatic() |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer$NotVisibleBecauseStaticIndirect.class:0:0:0:0 | NotVisibleBecauseStaticIndirect | NotVisibleBecauseStaticIndirect() |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer.class:0:0:0:0 | NotVisibleBecauseStaticIndirectContainer | NotVisibleBecauseStaticIndirectContainer() |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInner.class:0:0:0:0 | VisibleBecauseInner | VisibleBecauseInner() |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer$VisibleBecauseInnerIndirect.class:0:0:0:0 | VisibleBecauseInnerIndirect | VisibleBecauseInnerIndirect() |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer.class:0:0:0:0 | VisibleBecauseInnerIndirectContainer | VisibleBecauseInnerIndirectContainer() |
+| extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility | TypeParamVisibility() |
+| extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> | TypeParamVisibility<String>() |
 methods
 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | returnsecond | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric | returnsecond(java.lang.Object,java.lang.Object) |
 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | returnsecond | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric | returnsecond(java.lang.Object,java.lang.Object,java.lang.Object) |
@@ -181,14 +224,27 @@ methods
 | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | identity | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> | identity(java.lang.String) |
 | extlib.jar/extlib/OuterGeneric$InnerStaticGeneric.class:0:0:0:0 | identity | extlib.jar/extlib/OuterGeneric$InnerStaticGeneric.class:0:0:0:0 | InnerStaticGeneric | identity(java.lang.Object) |
 | extlib.jar/extlib/OuterGeneric$InnerStaticGeneric.class:0:0:0:0 | identity | extlib.jar/extlib/OuterGeneric$InnerStaticGeneric.class:0:0:0:0 | InnerStaticGeneric<String> | identity(java.lang.String) |
+| extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | getInnerNotGeneric | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric | getInnerNotGeneric() |
+| extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | getInnerNotGeneric | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<Integer> | getInnerNotGeneric() |
+| extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | getInnerNotGeneric | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<String> | getInnerNotGeneric() |
 | extlib.jar/extlib/OuterManyParams$MiddleManyParams$InnerManyParams.class:0:0:0:0 | returnSixth | extlib.jar/extlib/OuterManyParams$MiddleManyParams$InnerManyParams.class:0:0:0:0 | InnerManyParams | returnSixth(java.lang.Object,java.lang.Object,java.lang.Object,java.lang.Object,java.lang.Object,java.lang.Object) |
 | extlib.jar/extlib/OuterManyParams$MiddleManyParams$InnerManyParams.class:0:0:0:0 | returnSixth | extlib.jar/extlib/OuterManyParams$MiddleManyParams$InnerManyParams.class:0:0:0:0 | InnerManyParams<Long,Short> | returnSixth(java.lang.Integer,java.lang.String,java.lang.Float,java.lang.Double,java.lang.Long,java.lang.Short) |
 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | identity | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric | identity(java.lang.Object) |
 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | identity | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> | identity(java.lang.String) |
+| extlib.jar/extlib/OuterNotGeneric.class:0:0:0:0 | getInnerGeneric | extlib.jar/extlib/OuterNotGeneric.class:0:0:0:0 | OuterNotGeneric | getInnerGeneric() |
+| extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | getNotVisibleBecauseStatic | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility | getNotVisibleBecauseStatic() |
+| extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | getNotVisibleBecauseStatic | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> | getNotVisibleBecauseStatic() |
+| extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | getNotVisibleBecauseStaticIndirect | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility | getNotVisibleBecauseStaticIndirect() |
+| extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | getNotVisibleBecauseStaticIndirect | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> | getNotVisibleBecauseStaticIndirect() |
+| extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | getVisibleBecauseInner | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility | getVisibleBecauseInner() |
+| extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | getVisibleBecauseInner | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> | getVisibleBecauseInner() |
+| extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | getVisibleBecauseInnerIndirect | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility | getVisibleBecauseInnerIndirect() |
+| extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | getVisibleBecauseInnerIndirect | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> | getVisibleBecauseInnerIndirect() |
 nestedTypes
 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric |
 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<Integer> |
 | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric |
+| extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<> |
 | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<Integer> |
 | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<String> |
 | extlib.jar/extlib/OuterGeneric$InnerStaticGeneric.class:0:0:0:0 | InnerStaticGeneric | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric |
@@ -198,7 +254,26 @@ nestedTypes
 | extlib.jar/extlib/OuterManyParams$MiddleManyParams.class:0:0:0:0 | MiddleManyParams | extlib.jar/extlib/OuterManyParams.class:0:0:0:0 | OuterManyParams |
 | extlib.jar/extlib/OuterManyParams$MiddleManyParams.class:0:0:0:0 | MiddleManyParams<Float,Double> | extlib.jar/extlib/OuterManyParams.class:0:0:0:0 | OuterManyParams<Integer,String> |
 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric | extlib.jar/extlib/OuterNotGeneric.class:0:0:0:0 | OuterNotGeneric |
+| extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<> | extlib.jar/extlib/OuterNotGeneric.class:0:0:0:0 | OuterNotGeneric |
 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> | extlib.jar/extlib/OuterNotGeneric.class:0:0:0:0 | OuterNotGeneric |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStatic.class:0:0:0:0 | NotVisibleBecauseStatic | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStatic.class:0:0:0:0 | NotVisibleBecauseStatic<> | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStatic.class:0:0:0:0 | NotVisibleBecauseStatic<String> | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer$NotVisibleBecauseStaticIndirect.class:0:0:0:0 | NotVisibleBecauseStaticIndirect | extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer.class:0:0:0:0 | NotVisibleBecauseStaticIndirectContainer |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer$NotVisibleBecauseStaticIndirect.class:0:0:0:0 | NotVisibleBecauseStaticIndirect<> | extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer.class:0:0:0:0 | NotVisibleBecauseStaticIndirectContainer |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer$NotVisibleBecauseStaticIndirect.class:0:0:0:0 | NotVisibleBecauseStaticIndirect<String> | extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer.class:0:0:0:0 | NotVisibleBecauseStaticIndirectContainer |
+| extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer.class:0:0:0:0 | NotVisibleBecauseStaticIndirectContainer | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInner.class:0:0:0:0 | VisibleBecauseInner | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInner.class:0:0:0:0 | VisibleBecauseInner<> | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<> |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInner.class:0:0:0:0 | VisibleBecauseInner<String> | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInner.class:0:0:0:0 | VisibleBecauseInner<String> | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer$VisibleBecauseInnerIndirect.class:0:0:0:0 | VisibleBecauseInnerIndirect | extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer.class:0:0:0:0 | VisibleBecauseInnerIndirectContainer |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer$VisibleBecauseInnerIndirect.class:0:0:0:0 | VisibleBecauseInnerIndirect<> | extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer.class:0:0:0:0 | VisibleBecauseInnerIndirectContainer<> |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer$VisibleBecauseInnerIndirect.class:0:0:0:0 | VisibleBecauseInnerIndirect<String> | extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer.class:0:0:0:0 | VisibleBecauseInnerIndirectContainer |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer$VisibleBecauseInnerIndirect.class:0:0:0:0 | VisibleBecauseInnerIndirect<String> | extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer.class:0:0:0:0 | VisibleBecauseInnerIndirectContainer<> |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer.class:0:0:0:0 | VisibleBecauseInnerIndirectContainer | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer.class:0:0:0:0 | VisibleBecauseInnerIndirectContainer<> | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<> |
+| extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer.class:0:0:0:0 | VisibleBecauseInnerIndirectContainer<> | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> |
 javaKotlinCalleeAgreement
 | JavaUser.java:16:22:16:47 | returnsecond(...) | KotlinUser.kt:17:21:17:44 | returnsecond(...) | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | returnsecond |
 | JavaUser.java:17:23:17:53 | returnsecond(...) | KotlinUser.kt:18:22:18:50 | returnsecond(...) | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | returnsecond |
@@ -207,6 +282,12 @@ javaKotlinCalleeAgreement
 | JavaUser.java:20:22:20:40 | identity(...) | KotlinUser.kt:21:21:21:37 | identity(...) | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | identity |
 | JavaUser.java:21:22:21:42 | identity(...) | KotlinUser.kt:22:21:22:39 | identity(...) | extlib.jar/extlib/OuterGeneric$InnerStaticGeneric.class:0:0:0:0 | identity |
 | JavaUser.java:22:21:22:70 | returnSixth(...) | KotlinUser.kt:23:21:23:71 | returnSixth(...) | extlib.jar/extlib/OuterManyParams$MiddleManyParams$InnerManyParams.class:0:0:0:0 | returnSixth |
+| JavaUser.java:24:60:24:108 | getInnerNotGeneric(...) | KotlinUser.kt:25:50:25:69 | getInnerNotGeneric(...) | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | getInnerNotGeneric |
+| JavaUser.java:25:61:25:101 | getInnerGeneric(...) | KotlinUser.kt:26:46:26:62 | getInnerGeneric(...) | extlib.jar/extlib/OuterNotGeneric.class:0:0:0:0 | getInnerGeneric |
+| JavaUser.java:28:83:28:110 | getVisibleBecauseInner(...) | KotlinUser.kt:29:35:29:58 | getVisibleBecauseInner(...) | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | getVisibleBecauseInner |
+| JavaUser.java:29:136:29:171 | getVisibleBecauseInnerIndirect(...) | KotlinUser.kt:30:43:30:74 | getVisibleBecauseInnerIndirect(...) | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | getVisibleBecauseInnerIndirect |
+| JavaUser.java:30:83:30:114 | getNotVisibleBecauseStatic(...) | KotlinUser.kt:31:39:31:66 | getNotVisibleBecauseStatic(...) | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | getNotVisibleBecauseStatic |
+| JavaUser.java:31:140:31:179 | getNotVisibleBecauseStaticIndirect(...) | KotlinUser.kt:32:47:32:82 | getNotVisibleBecauseStaticIndirect(...) | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | getNotVisibleBecauseStaticIndirect |
 javaKotlinConstructorAgreement
 | JavaUser.java:7:52:7:110 | new InnerGeneric<String>(...) | KotlinUser.kt:9:33:9:63 | new InnerGeneric<String>(...) | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
 | JavaUser.java:7:53:7:79 | new OuterGeneric<Integer>(...) | KotlinUser.kt:9:13:9:31 | new OuterGeneric<Integer>(...) | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<Integer> |
@@ -224,12 +305,19 @@ javaKotlinConstructorAgreement
 | JavaUser.java:10:48:10:74 | new OuterGeneric<Integer>(...) | KotlinUser.kt:10:14:10:32 | new OuterGeneric<Integer>(...) | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<Integer> |
 | JavaUser.java:10:48:10:74 | new OuterGeneric<Integer>(...) | KotlinUser.kt:11:13:11:31 | new OuterGeneric<Integer>(...) | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<Integer> |
 | JavaUser.java:11:48:11:73 | new OuterGeneric<String>(...) | KotlinUser.kt:12:14:12:35 | new OuterGeneric<String>(...) | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<String> |
+| JavaUser.java:11:48:11:73 | new OuterGeneric<String>(...) | KotlinUser.kt:25:27:25:48 | new OuterGeneric<String>(...) | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<String> |
 | JavaUser.java:12:46:12:95 | new InnerGeneric<String>(...) | KotlinUser.kt:13:31:13:52 | new InnerGeneric<String>(...) | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
 | JavaUser.java:12:47:12:67 | new OuterNotGeneric(...) | KotlinUser.kt:13:13:13:29 | new OuterNotGeneric(...) | extlib.jar/extlib/OuterNotGeneric.class:0:0:0:0 | OuterNotGeneric |
+| JavaUser.java:12:47:12:67 | new OuterNotGeneric(...) | KotlinUser.kt:26:28:26:44 | new OuterNotGeneric(...) | extlib.jar/extlib/OuterNotGeneric.class:0:0:0:0 | OuterNotGeneric |
 | JavaUser.java:13:49:13:111 | new InnerStaticGeneric<String>(...) | KotlinUser.kt:14:26:14:63 | new InnerStaticGeneric<String>(...) | extlib.jar/extlib/OuterGeneric$InnerStaticGeneric.class:0:0:0:0 | InnerStaticGeneric<String> |
 | JavaUser.java:14:103:14:248 | new InnerManyParams<Long,Short>(...) | KotlinUser.kt:15:69:15:100 | new InnerManyParams<Long,Short>(...) | extlib.jar/extlib/OuterManyParams$MiddleManyParams$InnerManyParams.class:0:0:0:0 | InnerManyParams<Long,Short> |
 | JavaUser.java:14:104:14:200 | new MiddleManyParams<Float,Double>(...) | KotlinUser.kt:15:41:15:67 | new MiddleManyParams<Float,Double>(...) | extlib.jar/extlib/OuterManyParams$MiddleManyParams.class:0:0:0:0 | MiddleManyParams<Float,Double> |
 | JavaUser.java:14:105:14:152 | new OuterManyParams<Integer,String>(...) | KotlinUser.kt:15:13:15:39 | new OuterManyParams<Integer,String>(...) | extlib.jar/extlib/OuterManyParams.class:0:0:0:0 | OuterManyParams<Integer,String> |
+| JavaUser.java:24:61:24:86 | new OuterGeneric<String>(...) | KotlinUser.kt:12:14:12:35 | new OuterGeneric<String>(...) | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<String> |
+| JavaUser.java:24:61:24:86 | new OuterGeneric<String>(...) | KotlinUser.kt:25:27:25:48 | new OuterGeneric<String>(...) | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<String> |
+| JavaUser.java:25:62:25:82 | new OuterNotGeneric(...) | KotlinUser.kt:13:13:13:29 | new OuterNotGeneric(...) | extlib.jar/extlib/OuterNotGeneric.class:0:0:0:0 | OuterNotGeneric |
+| JavaUser.java:25:62:25:82 | new OuterNotGeneric(...) | KotlinUser.kt:26:28:26:44 | new OuterNotGeneric(...) | extlib.jar/extlib/OuterNotGeneric.class:0:0:0:0 | OuterNotGeneric |
+| JavaUser.java:27:39:27:71 | new TypeParamVisibility<String>(...) | KotlinUser.kt:28:15:28:43 | new TypeParamVisibility<String>(...) | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> |
 javaKotlinLocalTypeAgreement
 | JavaUser.java:7:5:7:111 | InnerGeneric<String> a | KotlinUser.kt:9:5:9:63 | InnerGeneric<String> a | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
 | JavaUser.java:7:5:7:111 | InnerGeneric<String> a | KotlinUser.kt:10:5:10:65 | InnerGeneric<String> a2 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
@@ -239,9 +327,20 @@ javaKotlinLocalTypeAgreement
 | JavaUser.java:9:5:9:139 | InnerGeneric<String> a3 | KotlinUser.kt:10:5:10:65 | InnerGeneric<String> a2 | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
 | JavaUser.java:10:5:10:98 | InnerNotGeneric<> b | KotlinUser.kt:11:5:11:49 | InnerNotGeneric<> b | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
 | JavaUser.java:11:5:11:97 | InnerNotGeneric<> b2 | KotlinUser.kt:12:5:12:53 | InnerNotGeneric<> b2 | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
+| JavaUser.java:11:5:11:97 | InnerNotGeneric<> b2 | KotlinUser.kt:25:5:25:69 | InnerNotGeneric<> innerGetterTest | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
 | JavaUser.java:12:5:12:96 | InnerGeneric<String> c | KotlinUser.kt:13:5:13:52 | InnerGeneric<String> c | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
+| JavaUser.java:12:5:12:96 | InnerGeneric<String> c | KotlinUser.kt:26:5:26:62 | InnerGeneric<String> innerGetterTest2 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
 | JavaUser.java:13:5:13:112 | InnerStaticGeneric<String> d | KotlinUser.kt:14:5:14:63 | InnerStaticGeneric<String> d | extlib.jar/extlib/OuterGeneric$InnerStaticGeneric.class:0:0:0:0 | InnerStaticGeneric<String> |
 | JavaUser.java:14:5:14:249 | InnerManyParams<Long,Short> e | KotlinUser.kt:15:5:15:100 | InnerManyParams<Long,Short> e | extlib.jar/extlib/OuterManyParams$MiddleManyParams$InnerManyParams.class:0:0:0:0 | InnerManyParams<Long,Short> |
+| JavaUser.java:24:5:24:109 | InnerNotGeneric<> innerGetterTest | KotlinUser.kt:12:5:12:53 | InnerNotGeneric<> b2 | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
+| JavaUser.java:24:5:24:109 | InnerNotGeneric<> innerGetterTest | KotlinUser.kt:25:5:25:69 | InnerNotGeneric<> innerGetterTest | extlib.jar/extlib/OuterGeneric$InnerNotGeneric.class:0:0:0:0 | InnerNotGeneric<> |
+| JavaUser.java:25:5:25:102 | InnerGeneric<String> innerGetterTest2 | KotlinUser.kt:13:5:13:52 | InnerGeneric<String> c | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
+| JavaUser.java:25:5:25:102 | InnerGeneric<String> innerGetterTest2 | KotlinUser.kt:26:5:26:62 | InnerGeneric<String> innerGetterTest2 | extlib.jar/extlib/OuterNotGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> |
+| JavaUser.java:27:5:27:72 | TypeParamVisibility<String> tpv | KotlinUser.kt:28:5:28:43 | TypeParamVisibility<String> tpv | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> |
+| JavaUser.java:28:5:28:111 | VisibleBecauseInner<String> visibleBecauseInner | KotlinUser.kt:29:5:29:58 | VisibleBecauseInner<String> visibleBecauseInner | extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInner.class:0:0:0:0 | VisibleBecauseInner<String> |
+| JavaUser.java:29:5:29:172 | VisibleBecauseInnerIndirect<String> visibleBecauseInnerIndirect | KotlinUser.kt:30:5:30:74 | VisibleBecauseInnerIndirect<String> visibleBecauseInnerIndirect | extlib.jar/extlib/TypeParamVisibility$VisibleBecauseInnerIndirectContainer$VisibleBecauseInnerIndirect.class:0:0:0:0 | VisibleBecauseInnerIndirect<String> |
+| JavaUser.java:30:5:30:115 | NotVisibleBecauseStatic<String> notVisibleBecauseStatic | KotlinUser.kt:31:5:31:66 | NotVisibleBecauseStatic<String> notVisibleBecauseStatic | extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStatic.class:0:0:0:0 | NotVisibleBecauseStatic<String> |
+| JavaUser.java:31:5:31:180 | NotVisibleBecauseStaticIndirect<String> notVisibleBecauseStaticIndirect | KotlinUser.kt:32:5:32:82 | NotVisibleBecauseStaticIndirect<String> notVisibleBecauseStaticIndirect | extlib.jar/extlib/TypeParamVisibility$NotVisibleBecauseStaticIndirectContainer$NotVisibleBecauseStaticIndirect.class:0:0:0:0 | NotVisibleBecauseStaticIndirect<String> |
 #select
 | JavaUser.java:7:52:7:110 | new InnerGeneric<String>(...) | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> | JavaUser.java:7:99:7:104 | String |
 | JavaUser.java:7:53:7:79 | new OuterGeneric<Integer>(...) | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<Integer> | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<Integer> | JavaUser.java:7:70:7:76 | Integer |
@@ -259,6 +358,8 @@ javaKotlinLocalTypeAgreement
 | JavaUser.java:14:104:14:200 | new MiddleManyParams<Float,Double>(...) | extlib.jar/extlib/OuterManyParams$MiddleManyParams.class:0:0:0:0 | MiddleManyParams<Float,Double> | extlib.jar/extlib/OuterManyParams$MiddleManyParams.class:0:0:0:0 | MiddleManyParams<Float,Double> | JavaUser.java:14:183:14:188 | Double |
 | JavaUser.java:14:105:14:152 | new OuterManyParams<Integer,String>(...) | extlib.jar/extlib/OuterManyParams.class:0:0:0:0 | OuterManyParams<Integer,String> | extlib.jar/extlib/OuterManyParams.class:0:0:0:0 | OuterManyParams<Integer,String> | JavaUser.java:14:125:14:131 | Integer |
 | JavaUser.java:14:105:14:152 | new OuterManyParams<Integer,String>(...) | extlib.jar/extlib/OuterManyParams.class:0:0:0:0 | OuterManyParams<Integer,String> | extlib.jar/extlib/OuterManyParams.class:0:0:0:0 | OuterManyParams<Integer,String> | JavaUser.java:14:134:14:139 | String |
+| JavaUser.java:24:61:24:86 | new OuterGeneric<String>(...) | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<String> | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<String> | JavaUser.java:24:78:24:83 | String |
+| JavaUser.java:27:39:27:71 | new TypeParamVisibility<String>(...) | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> | JavaUser.java:27:63:27:68 | String |
 | KotlinUser.kt:9:13:9:31 | new OuterGeneric<Integer>(...) | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<Integer> | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<Integer> | KotlinUser.kt:9:13:9:31 | Integer |
 | KotlinUser.kt:9:33:9:63 | new InnerGeneric<String>(...) | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> | extlib.jar/extlib/OuterGeneric$InnerGeneric.class:0:0:0:0 | InnerGeneric<String> | KotlinUser.kt:9:33:9:63 | String |
 | KotlinUser.kt:10:14:10:32 | new OuterGeneric<Integer>(...) | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<Integer> | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<Integer> | KotlinUser.kt:10:14:10:32 | Integer |
@@ -273,3 +374,5 @@ javaKotlinLocalTypeAgreement
 | KotlinUser.kt:15:41:15:67 | new MiddleManyParams<Float,Double>(...) | extlib.jar/extlib/OuterManyParams$MiddleManyParams.class:0:0:0:0 | MiddleManyParams<Float,Double> | extlib.jar/extlib/OuterManyParams$MiddleManyParams.class:0:0:0:0 | MiddleManyParams<Float,Double> | KotlinUser.kt:15:41:15:67 | Float |
 | KotlinUser.kt:15:69:15:100 | new InnerManyParams<Long,Short>(...) | extlib.jar/extlib/OuterManyParams$MiddleManyParams$InnerManyParams.class:0:0:0:0 | InnerManyParams<Long,Short> | extlib.jar/extlib/OuterManyParams$MiddleManyParams$InnerManyParams.class:0:0:0:0 | InnerManyParams<Long,Short> | KotlinUser.kt:15:69:15:100 | Long |
 | KotlinUser.kt:15:69:15:100 | new InnerManyParams<Long,Short>(...) | extlib.jar/extlib/OuterManyParams$MiddleManyParams$InnerManyParams.class:0:0:0:0 | InnerManyParams<Long,Short> | extlib.jar/extlib/OuterManyParams$MiddleManyParams$InnerManyParams.class:0:0:0:0 | InnerManyParams<Long,Short> | KotlinUser.kt:15:69:15:100 | Short |
+| KotlinUser.kt:25:27:25:48 | new OuterGeneric<String>(...) | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<String> | extlib.jar/extlib/OuterGeneric.class:0:0:0:0 | OuterGeneric<String> | KotlinUser.kt:25:27:25:48 | String |
+| KotlinUser.kt:28:15:28:43 | new TypeParamVisibility<String>(...) | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> | extlib.jar/extlib/TypeParamVisibility.class:0:0:0:0 | TypeParamVisibility<String> | KotlinUser.kt:28:15:28:43 | String |

java/ql/integration-tests/posix-only/kotlin/private_property_accessors/hasprops.kt

@@ -0,0 +1,9 @@
+class HasProps {
+
+  var accessorsPublic = 1
+
+  var setterPrivate = 3
+    private set
+
+}
+

java/ql/integration-tests/posix-only/kotlin/private_property_accessors/test.expected

@@ -0,0 +1,7 @@
+| hasprops.kt:3:3:3:25 | getAccessorsPublic |
+| hasprops.kt:3:3:3:25 | setAccessorsPublic |
+| hasprops.kt:5:3:6:15 | getSetterPrivate |
+| hasprops.kt:6:13:6:15 | setSetterPrivate$private |
+| usesprops.kt:1:1:9:1 | user |
+| usesprops.kt:3:3:3:58 | useGetters |
+| usesprops.kt:5:3:7:3 | useSetter |

java/ql/integration-tests/posix-only/kotlin/private_property_accessors/test.py

@@ -0,0 +1,3 @@
+from create_database_utils import *
+
+run_codeql_database_create(["kotlinc hasprops.kt", "kotlinc usesprops.kt -cp ."], lang="java")

java/ql/integration-tests/posix-only/kotlin/private_property_accessors/test.ql

@@ -0,0 +1,5 @@
+import java
+
+from Method m
+where m.fromSource()
+select m

java/ql/integration-tests/posix-only/kotlin/private_property_accessors/usesprops.kt

@@ -0,0 +1,9 @@
+fun user(hp: HasProps) {
+
+  fun useGetters() = hp.accessorsPublic + hp.setterPrivate
+
+  fun useSetter(x: Int) {
+    hp.accessorsPublic = x
+  }
+
+}

java/ql/lib/change-notes/2022-05-18-android-external-storage.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+Added additional flow sources for uses of external storage on Android. 

java/ql/lib/semmle/code/java/Element.qll

@@ -57,6 +57,12 @@ class Element extends @element, Top {
       i = 4 and result = "Class initialisation method <clinit>"
       or
       i = 5 and result = "Enum class special member"
+      or
+      i = 6 and result = "Getter for a Kotlin delegated property"
+      or
+      i = 7 and result = "Setter for a Kotlin delegated property"
+      or
+      i = 8 and result = "Proxy static method for a @JvmStatic-annotated function or property"
     )
   }
 }

java/ql/lib/semmle/code/java/PrintAst.qll

@@ -534,10 +534,12 @@ final class ClassInterfaceNode extends ElementNode {
     or
     childIndex >= 0 and
     result.(ElementNode).getElement() =
-      rank[childIndex](Element e, string file, int line, int column |
-        e = this.getADeclaration() and locationSortKeys(e, file, line, column)
+      rank[childIndex](Element e, string file, int line, int column, string childStr |
+        e = this.getADeclaration() and
+        locationSortKeys(e, file, line, column) and
+        childStr = e.toString()
       |
-        e order by file, line, column
+        e order by file, line, column, childStr
       )
   }
 }

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

@@ -84,6 +84,7 @@ private module Frameworks {
   private import internal.ContainerFlow
   private import semmle.code.java.frameworks.android.Android
   private import semmle.code.java.frameworks.android.ContentProviders
+  private import semmle.code.java.frameworks.android.ExternalStorage
   private import semmle.code.java.frameworks.android.Intent
   private import semmle.code.java.frameworks.android.Notifications
   private import semmle.code.java.frameworks.android.SharedPreferences
@@ -646,7 +647,7 @@ module CsvValidation {
     or
     exists(string row, string kind | sourceModel(row) |
       kind = row.splitAt(";", 7) and
-      not kind = ["remote", "contentprovider", "android-widget"] and
+      not kind = ["remote", "contentprovider", "android-widget", "android-external-storage-dir"] and
       not kind.matches("qltest%") and
       msg = "Invalid kind \"" + kind + "\" in source model."
     )

java/ql/lib/semmle/code/java/dataflow/FlowSources.qll

@@ -17,6 +17,7 @@ import semmle.code.java.frameworks.android.WebView
 import semmle.code.java.frameworks.JaxWS
 import semmle.code.java.frameworks.javase.WebSocket
 import semmle.code.java.frameworks.android.Android
+import semmle.code.java.frameworks.android.ExternalStorage
 import semmle.code.java.frameworks.android.OnActivityResultSource
 import semmle.code.java.frameworks.android.Intent
 import semmle.code.java.frameworks.play.Play
@@ -152,6 +153,12 @@ private class ThriftIfaceParameterSource extends RemoteFlowSource {
   override string getSourceType() { result = "Thrift Iface parameter" }
 }
 
+private class AndroidExternalStorageSource extends RemoteFlowSource {
+  AndroidExternalStorageSource() { androidExternalStorageSource(this) }
+
+  override string getSourceType() { result = "Android external storage" }
+}
+
 /** Class for `tainted` user input. */
 abstract class UserInput extends DataFlow::Node { }
 

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll

@@ -428,7 +428,7 @@ private predicate localFlowStep(NodeEx node1, NodeEx node2, Configuration config
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    simpleLocalFlowStepExt(n1, n2) and
+    simpleLocalFlowStepExt(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config)
   )
   or
@@ -447,7 +447,7 @@ private predicate additionalLocalFlowStep(NodeEx node1, NodeEx node2, Configurat
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config)
   )
@@ -466,7 +466,7 @@ private predicate additionalLocalStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) = getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -481,7 +481,7 @@ private predicate jumpStep(NodeEx node1, NodeEx node2, Configuration config) {
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    jumpStepCached(n1, n2) and
+    jumpStepCached(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
   )
@@ -494,7 +494,7 @@ private predicate additionalJumpStep(NodeEx node1, NodeEx node2, Configuration c
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, n2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), pragma[only_bind_into](n2)) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not config.getAFeature() instanceof FeatureEqualSourceSinkCallContext
@@ -507,7 +507,7 @@ private predicate additionalJumpStateStep(
   exists(Node n1, Node n2 |
     node1.asNode() = n1 and
     node2.asNode() = n2 and
-    config.isAdditionalFlowStep(n1, s1, n2, s2) and
+    config.isAdditionalFlowStep(pragma[only_bind_into](n1), s1, pragma[only_bind_into](n2), s2) and
     getNodeEnclosingCallable(n1) != getNodeEnclosingCallable(n2) and
     stepFilter(node1, node2, config) and
     not stateBarrier(node1, s1, config) and
@@ -518,7 +518,7 @@ private predicate additionalJumpStateStep(
 
 pragma[nomagic]
 private predicate readSet(NodeEx node1, ContentSet c, NodeEx node2, Configuration config) {
-  readSet(node1.asNode(), c, node2.asNode()) and
+  readSet(pragma[only_bind_into](node1.asNode()), c, pragma[only_bind_into](node2.asNode())) and
   stepFilter(node1, node2, config)
   or
   exists(Node n |
@@ -562,7 +562,8 @@ pragma[nomagic]
 private predicate store(
   NodeEx node1, TypedContent tc, NodeEx node2, DataFlowType contentType, Configuration config
 ) {
-  store(node1.asNode(), tc, node2.asNode(), contentType) and
+  store(pragma[only_bind_into](node1.asNode()), tc, pragma[only_bind_into](node2.asNode()),
+    contentType) and
   read(_, tc.getContent(), _, config) and
   stepFilter(node1, node2, config)
 }

java/ql/lib/semmle/code/java/frameworks/android/ExternalStorage.qll

@@ -0,0 +1,50 @@
+/** Provides definitions for working with uses of Android external storage */
+
+import java
+private import semmle.code.java.security.FileReadWrite
+private import semmle.code.java.dataflow.DataFlow
+private import semmle.code.java.dataflow.ExternalFlow
+
+private class ExternalStorageDirSourceModel extends SourceModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        //"package;type;overrides;name;signature;ext;spec;kind"
+        "android.content;Context;true;getExternalFilesDir;(String);;ReturnValue;android-external-storage-dir;manual",
+        "android.content;Context;true;getExternalFilesDirs;(String);;ReturnValue;android-external-storage-dir;manual",
+        "android.content;Context;true;getExternalCacheDir;();;ReturnValue;android-external-storage-dir;manual",
+        "android.content;Context;true;getExternalCacheDirs;();;ReturnValue;android-external-storage-dir;manual",
+        "android.os;Environment;false;getExternalStorageDirectory;();;ReturnValue;android-external-storage-dir;manual",
+        "android.os;Environment;false;getExternalStoragePublicDirectory;(String);;ReturnValue;android-external-storage-dir;manual",
+      ]
+  }
+}
+
+private predicate externalStorageFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+  DataFlow::localFlowStep(node1, node2)
+  or
+  exists(ConstructorCall c | c.getConstructedType() instanceof TypeFile |
+    node1.asExpr() = c.getArgument(0) and
+    node2.asExpr() = c
+  )
+  or
+  node2.asExpr().(ArrayAccess).getArray() = node1.asExpr()
+  or
+  node2.asExpr().(FieldRead).getField().getInitializer() = node1.asExpr()
+}
+
+private predicate externalStorageFlow(DataFlow::Node node1, DataFlow::Node node2) {
+  externalStorageFlowStep*(node1, node2)
+}
+
+/**
+ * Holds if `n` is a node that reads the contents of an external file in Android.
+ * This is controllable by third-party applications, so is treated as a remote flow source.
+ */
+predicate androidExternalStorageSource(DataFlow::Node n) {
+  exists(DataFlow::Node externalDir, DirectFileReadExpr read |
+    sourceNode(externalDir, "android-external-storage-dir") and
+    n.asExpr() = read and
+    externalStorageFlow(externalDir, DataFlow::exprNode(read.getFileExpr()))
+  )
+}

java/ql/lib/semmle/code/java/security/FileReadWrite.qll

@@ -1,9 +1,9 @@
 import java
 
 /**
- * Holds if `fileAccess` is used in the `fileReadingExpr` to read the represented file.
+ * Holds if `fileAccess` is directly used in the `fileReadingExpr` to read the represented file.
  */
-private predicate fileRead(VarAccess fileAccess, Expr fileReadingExpr) {
+private predicate directFileRead(Expr fileAccess, Expr fileReadingExpr) {
   // `fileAccess` used to construct a class that reads a file.
   exists(ClassInstanceExpr cie |
     cie = fileReadingExpr and
@@ -28,6 +28,13 @@ private predicate fileRead(VarAccess fileAccess, Expr fileReadingExpr) {
             ])
     )
   )
+}
+
+/**
+ * Holds if `fileAccess` is used in the `fileReadingExpr` to read the represented file.
+ */
+private predicate fileRead(VarAccess fileAccess, Expr fileReadingExpr) {
+  directFileRead(fileAccess, fileReadingExpr)
   or
   // The `fileAccess` is used in a call which directly or indirectly accesses the file.
   exists(Call call, int parameterPos, VarAccess nestedFileAccess, Expr nestedFileReadingExpr |
@@ -49,3 +56,15 @@ class FileReadExpr extends Expr {
    */
   VarAccess getFileVarAccess() { fileRead(result, this) }
 }
+
+/**
+ * An expression that directly reads from a file and returns its contents.
+ */
+class DirectFileReadExpr extends Expr {
+  DirectFileReadExpr() { directFileRead(_, this) }
+
+  /**
+   * Gets the `Expr` representing the file that is read.
+   */
+  Expr getFileExpr() { directFileRead(result, this) }
+}

java/ql/lib/semmle/code/java/security/ImproperIntentVerificationQuery.qll

@@ -0,0 +1,79 @@
+/** Definitions for the improper intent verification query. */
+
+import java
+import semmle.code.java.dataflow.DataFlow
+import semmle.code.xml.AndroidManifest
+import semmle.code.java.frameworks.android.Intent
+
+/** An `onReceive` method of a `BroadcastReceiver` */
+private class OnReceiveMethod extends Method {
+  OnReceiveMethod() { this.getASourceOverriddenMethod*() instanceof AndroidReceiveIntentMethod }
+
+  /** Gets the parameter of this method that holds the received `Intent`. */
+  Parameter getIntentParameter() { result = this.getParameter(1) }
+}
+
+/** A configuration to detect whether the `action` of an `Intent` is checked. */
+private class VerifiedIntentConfig extends DataFlow::Configuration {
+  VerifiedIntentConfig() { this = "VerifiedIntentConfig" }
+
+  override predicate isSource(DataFlow::Node src) {
+    src.asParameter() = any(OnReceiveMethod orm).getIntentParameter()
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists(MethodAccess ma |
+      ma.getMethod().hasQualifiedName("android.content", "Intent", "getAction") and
+      sink.asExpr() = ma.getQualifier()
+    )
+  }
+}
+
+/** An `onReceive` method that doesn't verify the action of the intent it receives. */
+private class UnverifiedOnReceiveMethod extends OnReceiveMethod {
+  UnverifiedOnReceiveMethod() {
+    not any(VerifiedIntentConfig c).hasFlow(DataFlow::parameterNode(this.getIntentParameter()), _)
+  }
+}
+
+/** Gets the name of an intent action that can only be sent by the system. */
+string getASystemActionName() {
+  result =
+    [
+      "AIRPLANE_MODE", "AIRPLANE_MODE_CHANGED", "APPLICATION_LOCALE_CHANGED",
+      "APPLICATION_RESTRICTIONS_CHANGED", "BATTERY_CHANGED", "BATTERY_LOW", "BATTERY_OKAY",
+      "BOOT_COMPLETED", "CONFIGURATION_CHANGED", "DEVICE_STORAGE_LOW", "DEVICE_STORAGE_OK",
+      "DREAMING_STARTED", "DREAMING_STOPPED", "EXTERNAL_APPLICATIONS_AVAILABLE",
+      "EXTERNAL_APPLICATIONS_UNAVAILABLE", "LOCALE_CHANGED", "LOCKED_BOOT_COMPLETED",
+      "MY_PACKAGE_REPLACED", "MY_PACKAGE_SUSPENDED", "MY_PACKAGE_UNSUSPENDED", "NEW_OUTGOING_CALL",
+      "PACKAGES_SUSPENDED", "PACKAGES_UNSUSPENDED", "PACKAGE_ADDED", "PACKAGE_CHANGED",
+      "PACKAGE_DATA_CLEARED", "PACKAGE_FIRST_LAUNCH", "PACKAGE_FULLY_REMOVED", "PACKAGE_INSTALL",
+      "PACKAGE_NEEDS_VERIFICATION", "PACKAGE_REMOVED", "PACKAGE_REPLACED", "PACKAGE_RESTARTED",
+      "PACKAGE_VERIFIED", "POWER_CONNECTED", "POWER_DISCONNECTED", "REBOOT", "SCREEN_OFF",
+      "SCREEN_ON", "SHUTDOWN", "TIMEZONE_CHANGED", "TIME_TICK", "UID_REMOVED", "USER_PRESENT"
+    ]
+}
+
+/** An expression or XML attribute that contains the name of a system intent action. */
+class SystemActionName extends AndroidActionXmlElement {
+  string name;
+
+  SystemActionName() {
+    name = getASystemActionName() and
+    this.getActionName() = "android.intent.action." + name
+  }
+
+  /** Gets the name of the system intent that this expression or attribute represents. */
+  string getSystemActionName() { result = name }
+}
+
+/** Holds if the XML element `rec` declares a receiver `orm` to receive the system action named `sa` that doesn't verify intents it receives. */
+predicate unverifiedSystemReceiver(
+  AndroidReceiverXmlElement rec, UnverifiedOnReceiveMethod orm, SystemActionName sa
+) {
+  exists(Class ormty |
+    ormty = orm.getDeclaringType() and
+    rec.getComponentName() = ["." + ormty.getName(), ormty.getQualifiedName()] and
+    rec.getAnIntentFilterElement().getAnActionElement() = sa
+  )
+}

java/ql/src/Security/CWE/CWE-925/AndroidManifest.xml

@@ -0,0 +1,9 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="test">
+    <application>
+        <receiver android:name=".BootReceiverXml">
+            <intent-filter>
+                <action android:name="android.intent.action.BOOT_COMPLETED" />
+            </intent-filter>
+        </receiver>
+    </application>
+</manifest>

java/ql/src/Security/CWE/CWE-925/Bad.java

@@ -0,0 +1,7 @@
+public class ShutdownReceiver extends BroadcastReceiver {
+    @Override
+    public void onReceive(final Context context, final Intent intent) {
+        mainActivity.saveLocalData();
+        mainActivity.stopActivity();
+    }
+}

java/ql/src/Security/CWE/CWE-925/Good.java

@@ -0,0 +1,10 @@
+public class ShutdownReceiver extends BroadcastReceiver {
+    @Override
+    public void onReceive(final Context context, final Intent intent) {
+        if (!intent.getAction().equals(Intent.ACTION_SHUTDOWN)) {
+            return;
+        }
+        mainActivity.saveLocalData();
+        mainActivity.stopActivity();
+    }
+}

java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.qhelp

@@ -0,0 +1,40 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+
+<qhelp>
+
+<overview>
+<p>
+When an Android application uses a <code>BroadcastReceiver</code> to receive intents, 
+it is also able to receive explicit intents that are sent directly to it, regardless of its filter.
+
+Certain intent actions are only able to be sent by the operating system, not third-party applications. 
+However, a <code>BroadcastReceiver</code> that is registered to receive system intents is still able to receive 
+intents from a third-party application, so it should check that the intent received has the expected action.
+Otherwise, a third-party application could impersonate the system this way to cause unintended behavior, such as a denial of service.
+</p>
+</overview>
+
+<example>
+  <p>In the following code, the <code>ShutdownReceiver</code> initiates a shutdown procedure upon receiving an intent, 
+  without checking that the received action is indeed <code>ACTION_SHUTDOWN</code>. This allows third-party applications to 
+  send explicit intents to this receiver to cause a denial of service.</p>
+<sample src="Bad.java" />
+<sample src="AndroidManifest.xml" />
+</example>
+
+<recommendation>
+<p>
+In the <code>onReceive</code> method of a <code>BroadcastReciever</code>, the action of the received Intent should be checked. The following code demonstrates this.
+</p>
+<sample src="Good.java" />
+</recommendation>
+
+
+
+<references>
+
+</references>
+
+</qhelp>

java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql

@@ -0,0 +1,19 @@
+/**
+ * @name Improper verification of intent by broadcast receiver
+ * @description A broadcast receiver that does not verify intents it receives may be susceptible to unintended behavior by third party applications sending it explicit intents.
+ * @kind problem
+ * @problem.severity warning
+ * @security-severity 8.2
+ * @precision high
+ * @id java/improper-intent-verification
+ * @tags security
+ *       external/cwe/cwe-925
+ */
+
+import java
+import semmle.code.java.security.ImproperIntentVerificationQuery
+
+from AndroidReceiverXmlElement reg, Method orm, SystemActionName sa
+where unverifiedSystemReceiver(reg, orm, sa)
+select orm, "This reciever doesn't verify intents it receives, and is registered $@ to receive $@.",
+  reg, "here", sa, "the system action " + sa.getName()

java/ql/src/change-notes/2022-04-27-intent-verification.md

@@ -0,0 +1,6 @@
+---
+category: newQuery
+---
+* A new query "Improper verification of intent by broadcast receiver" (`java/improper-intent-verification`) has been added. 
+This query finds instances of Android `BroadcastReceiver`s that don't verify the action string of received intents when registered
+to receive system intents.

java/ql/src/change-notes/2022-06-29-move-contextual-queries.md

@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+* Contextual queries and the query libraries they depend on have been moved to the `codeql/java-all` package.

java/ql/test/kotlin/library-tests/classes/PrintAst.expected

@@ -32,7 +32,7 @@ classes.kt:
 #    4|         0: [ReturnStmt] return ...
 #    4|           0: [VarAccess] this.arg
 #    4|             -1: [ThisAccess] this
-#    4|     2: [FieldDeclaration] int arg;
+#    4|     3: [FieldDeclaration] int arg;
 #    4|       -1: [TypeAccess] int
 #    4|       0: [VarAccess] arg
 #    5|     4: [Method] getX
@@ -41,7 +41,7 @@ classes.kt:
 #    5|         0: [ReturnStmt] return ...
 #    5|           0: [VarAccess] this.x
 #    5|             -1: [ThisAccess] this
-#    5|     4: [FieldDeclaration] int x;
+#    5|     5: [FieldDeclaration] int x;
 #    5|       -1: [TypeAccess] int
 #    5|       0: [IntegerLiteral] 3
 #    8|   4: [Class] ClassThree
@@ -118,18 +118,18 @@ classes.kt:
 #   42|         0: [ReturnStmt] return ...
 #   42|           0: [VarAccess] this.x
 #   42|             -1: [ThisAccess] this
-#   42|     2: [FieldDeclaration] int x;
+#   42|     3: [FieldDeclaration] int x;
 #   42|       -1: [TypeAccess] int
 #   42|       0: [IntegerLiteral] 3
 #   49|   11: [Class] Direction
-#    0|     1: [Method] values
-#    0|       3: [TypeAccess] Direction[]
-#    0|         0: [TypeAccess] Direction
-#    0|     1: [Method] valueOf
+#    0|     2: [Method] valueOf
 #    0|       3: [TypeAccess] Direction
 #-----|       4: (Parameters)
 #    0|         0: [Parameter] value
 #    0|           0: [TypeAccess] String
+#    0|     3: [Method] values
+#    0|       3: [TypeAccess] Direction[]
+#    0|         0: [TypeAccess] Direction
 #   49|     4: [Constructor] Direction
 #   49|       5: [BlockStmt] { ... }
 #   49|         0: [ExprStmt] <Expr>;
@@ -154,14 +154,14 @@ classes.kt:
 #   50|       0: [ClassInstanceExpr] new Direction(...)
 #   50|         -3: [TypeAccess] Direction
 #   53|   12: [Class] Color
-#    0|     1: [Method] values
-#    0|       3: [TypeAccess] Color[]
-#    0|         0: [TypeAccess] Color
-#    0|     1: [Method] valueOf
+#    0|     2: [Method] valueOf
 #    0|       3: [TypeAccess] Color
 #-----|       4: (Parameters)
 #    0|         0: [Parameter] value
 #    0|           0: [TypeAccess] String
+#    0|     3: [Method] values
+#    0|       3: [TypeAccess] Color[]
+#    0|         0: [TypeAccess] Color
 #   53|     4: [Constructor] Color
 #-----|       4: (Parameters)
 #   53|         0: [Parameter] rgb
@@ -181,7 +181,7 @@ classes.kt:
 #   53|         0: [ReturnStmt] return ...
 #   53|           0: [VarAccess] this.rgb
 #   53|             -1: [ThisAccess] this
-#   53|     5: [FieldDeclaration] int rgb;
+#   53|     6: [FieldDeclaration] int rgb;
 #   53|       -1: [TypeAccess] int
 #   53|       0: [VarAccess] rgb
 #   54|     7: [FieldDeclaration] Color RED;
@@ -266,7 +266,7 @@ classes.kt:
 #   73|                       0: [ReturnStmt] return ...
 #   73|                         0: [VarAccess] this.x
 #   73|                           -1: [ThisAccess] this
-#   73|                   2: [FieldDeclaration] int x;
+#   73|                   3: [FieldDeclaration] int x;
 #   73|                     -1: [TypeAccess] int
 #   73|                     0: [IntegerLiteral] 1
 #   74|                   4: [Method] foo
@@ -434,7 +434,7 @@ classes.kt:
 #  118|             1: [Constructor] 
 #  118|               5: [BlockStmt] { ... }
 #  118|                 0: [SuperConstructorInvocationStmt] super(...)
-#  118|             1: [Method] localFn
+#  118|             2: [Method] localFn
 #  118|               3: [TypeAccess] Unit
 #  118|               5: [BlockStmt] { ... }
 #  119|                 0: [LocalTypeDeclStmt] class ...
@@ -541,15 +541,15 @@ generic_anonymous.kt:
 #    3|           1: [ExprStmt] <Expr>;
 #    3|             0: [KtInitializerAssignExpr] ...=...
 #    3|               0: [VarAccess] x
-#    1|     2: [Method] getT
+#    1|     2: [FieldDeclaration] T t;
+#    1|       -1: [TypeAccess] T
+#    1|       0: [VarAccess] t
+#    1|     3: [Method] getT
 #    1|       3: [TypeAccess] T
 #    1|       5: [BlockStmt] { ... }
 #    1|         0: [ReturnStmt] return ...
 #    1|           0: [VarAccess] this.t
 #    1|             -1: [ThisAccess] this
-#    1|     2: [FieldDeclaration] T t;
-#    1|       -1: [TypeAccess] T
-#    1|       0: [VarAccess] t
 #    3|     4: [FieldDeclaration] new Object(...) { ... } x;
 #    3|       -1: [TypeAccess] new Object(...) { ... }
 #    3|         0: [TypeAccess] T
@@ -564,17 +564,17 @@ generic_anonymous.kt:
 #    4|                     0: [ExprStmt] <Expr>;
 #    4|                       0: [KtInitializerAssignExpr] ...=...
 #    4|                         0: [VarAccess] member
-#    4|               2: [Method] getMember
-#    4|                 3: [TypeAccess] T
-#    4|                 5: [BlockStmt] { ... }
-#    4|                   0: [ReturnStmt] return ...
-#    4|                     0: [VarAccess] this.member
-#    4|                       -1: [ThisAccess] this
 #    4|               2: [FieldDeclaration] T member;
 #    4|                 -1: [TypeAccess] T
 #    4|                 0: [MethodAccess] getT(...)
 #    4|                   -1: [ThisAccess] Generic.this
 #    4|                     0: [TypeAccess] Generic
+#    4|               3: [Method] getMember
+#    4|                 3: [TypeAccess] T
+#    4|                 5: [BlockStmt] { ... }
+#    4|                   0: [ReturnStmt] return ...
+#    4|                     0: [VarAccess] this.member
+#    4|                       -1: [ThisAccess] this
 #    3|           1: [ExprStmt] <Expr>;
 #    3|             0: [ClassInstanceExpr] new (...)
 #    3|               -3: [TypeAccess] Object
@@ -605,12 +605,6 @@ localClassField.kt:
 #    7|           1: [ExprStmt] <Expr>;
 #    7|             0: [KtInitializerAssignExpr] ...=...
 #    7|               0: [VarAccess] y
-#    2|     2: [Method] getX
-#    2|       3: [TypeAccess] Object
-#    2|       5: [BlockStmt] { ... }
-#    2|         0: [ReturnStmt] return ...
-#    2|           0: [VarAccess] this.x
-#    2|             -1: [ThisAccess] this
 #    2|     2: [FieldDeclaration] Object x;
 #    2|       -1: [TypeAccess] Object
 #    2|       0: [WhenExpr] when ...
@@ -629,12 +623,12 @@ localClassField.kt:
 #    2|         1: [WhenBranch] ... -> ...
 #    2|           0: [BooleanLiteral] true
 #    5|           1: [BlockStmt] { ... }
-#    7|     4: [Method] getY
-#    7|       3: [TypeAccess] Object
-#    7|       5: [BlockStmt] { ... }
-#    7|         0: [ReturnStmt] return ...
-#    7|           0: [VarAccess] this.y
-#    7|             -1: [ThisAccess] this
+#    2|     3: [Method] getX
+#    2|       3: [TypeAccess] Object
+#    2|       5: [BlockStmt] { ... }
+#    2|         0: [ReturnStmt] return ...
+#    2|           0: [VarAccess] this.x
+#    2|             -1: [ThisAccess] this
 #    7|     4: [FieldDeclaration] Object y;
 #    7|       -1: [TypeAccess] Object
 #    7|       0: [WhenExpr] when ...
@@ -653,6 +647,12 @@ localClassField.kt:
 #    7|         1: [WhenBranch] ... -> ...
 #    7|           0: [BooleanLiteral] true
 #   10|           1: [BlockStmt] { ... }
+#    7|     5: [Method] getY
+#    7|       3: [TypeAccess] Object
+#    7|       5: [BlockStmt] { ... }
+#    7|         0: [ReturnStmt] return ...
+#    7|           0: [VarAccess] this.y
+#    7|             -1: [ThisAccess] this
 local_anonymous.kt:
 #    0| [CompilationUnit] local_anonymous
 #    3|   1: [Class] Class1
@@ -686,7 +686,7 @@ local_anonymous.kt:
 #   11|             1: [Constructor] 
 #   11|               5: [BlockStmt] { ... }
 #   11|                 0: [SuperConstructorInvocationStmt] super(...)
-#   11|             1: [Method] fnLocal
+#   11|             2: [Method] fnLocal
 #   11|               3: [TypeAccess] Unit
 #   11|               5: [BlockStmt] { ... }
 #   12|         1: [ExprStmt] <Expr>;
@@ -703,7 +703,7 @@ local_anonymous.kt:
 #   16|                 1: [Constructor] 
 #   16|                   5: [BlockStmt] { ... }
 #   16|                     0: [SuperConstructorInvocationStmt] super(...)
-#   16|                 1: [Method] invoke
+#   16|                 2: [Method] invoke
 #   16|                   3: [TypeAccess] int
 #-----|                   4: (Parameters)
 #   16|                     0: [Parameter] a
@@ -726,7 +726,7 @@ local_anonymous.kt:
 #   17|                 1: [Constructor] 
 #   17|                   5: [BlockStmt] { ... }
 #   17|                     0: [SuperConstructorInvocationStmt] super(...)
-#   17|                 1: [Method] invoke
+#   17|                 2: [Method] invoke
 #   17|                   3: [TypeAccess] int
 #-----|                   4: (Parameters)
 #   17|                     0: [Parameter] a
@@ -752,7 +752,7 @@ local_anonymous.kt:
 #   21|                 1: [Constructor] 
 #   21|                   5: [BlockStmt] { ... }
 #   21|                     0: [SuperConstructorInvocationStmt] super(...)
-#   21|                 1: [Method] invoke
+#   21|                 2: [Method] invoke
 #-----|                   4: (Parameters)
 #   21|                     0: [Parameter] a0
 #   21|                   5: [BlockStmt] { ... }
@@ -797,7 +797,10 @@ local_anonymous.kt:
 #   30|                       0: [ReturnStmt] return ...
 #   30|                         0: [VarAccess] this.x
 #   30|                           -1: [ThisAccess] this
-#   30|                   2: [Method] setX
+#   30|                   3: [FieldDeclaration] int x;
+#   30|                     -1: [TypeAccess] int
+#   30|                     0: [IntegerLiteral] 1
+#   30|                   4: [Method] setX
 #   30|                     3: [TypeAccess] Unit
 #-----|                     4: (Parameters)
 #   30|                       0: [Parameter] <set-?>
@@ -808,9 +811,6 @@ local_anonymous.kt:
 #   30|                           0: [VarAccess] this.x
 #   30|                             -1: [ThisAccess] this
 #   30|                           1: [VarAccess] <set-?>
-#   30|                   2: [FieldDeclaration] int x;
-#   30|                     -1: [TypeAccess] int
-#   30|                     0: [IntegerLiteral] 1
 #   32|                   5: [Method] member
 #   32|                     3: [TypeAccess] Unit
 #   32|                     5: [BlockStmt] { ... }
@@ -840,23 +840,6 @@ local_anonymous.kt:
 #   40|           0: [ExprStmt] <Expr>;
 #   40|             0: [KtInitializerAssignExpr] ...=...
 #   40|               0: [VarAccess] i
-#   40|     2: [Method] getI
-#   40|       3: [TypeAccess] Interface2
-#   40|       5: [BlockStmt] { ... }
-#   40|         0: [ReturnStmt] return ...
-#   40|           0: [VarAccess] this.i
-#   40|             -1: [ThisAccess] this
-#   40|     2: [Method] setI
-#   40|       3: [TypeAccess] Unit
-#-----|       4: (Parameters)
-#   40|         0: [Parameter] <set-?>
-#   40|           0: [TypeAccess] Interface2
-#   40|       5: [BlockStmt] { ... }
-#   40|         0: [ExprStmt] <Expr>;
-#   40|           0: [AssignExpr] ...=...
-#   40|             0: [VarAccess] this.i
-#   40|               -1: [ThisAccess] this
-#   40|             1: [VarAccess] <set-?>
 #   40|     2: [FieldDeclaration] Interface2 i;
 #   40|       -1: [TypeAccess] Interface2
 #   40|       0: [StmtExpr] <Stmt>
@@ -873,6 +856,23 @@ local_anonymous.kt:
 #   40|           1: [ExprStmt] <Expr>;
 #   40|             0: [ClassInstanceExpr] new (...)
 #   40|               -3: [TypeAccess] Interface2
+#   40|     3: [Method] getI
+#   40|       3: [TypeAccess] Interface2
+#   40|       5: [BlockStmt] { ... }
+#   40|         0: [ReturnStmt] return ...
+#   40|           0: [VarAccess] this.i
+#   40|             -1: [ThisAccess] this
+#   40|     4: [Method] setI
+#   40|       3: [TypeAccess] Unit
+#-----|       4: (Parameters)
+#   40|         0: [Parameter] <set-?>
+#   40|           0: [TypeAccess] Interface2
+#   40|       5: [BlockStmt] { ... }
+#   40|         0: [ExprStmt] <Expr>;
+#   40|           0: [AssignExpr] ...=...
+#   40|             0: [VarAccess] this.i
+#   40|               -1: [ThisAccess] this
+#   40|             1: [VarAccess] <set-?>
 superChain.kt:
 #    0| [CompilationUnit] superChain
 #    1|   1: [Class,GenericType,ParameterizedType] SuperChain1

java/ql/test/kotlin/library-tests/data-classes/PrintAst.expected

@@ -7,14 +7,14 @@ dc.kt:
 #    0|         0: [ReturnStmt] return ...
 #    0|           0: [VarAccess] this.bytes
 #    0|             -1: [ThisAccess] this
-#    0|     1: [Method] component2
+#    0|     2: [Method] component2
 #    0|       3: [TypeAccess] String[]
 #    0|         0: [TypeAccess] String
 #    0|       5: [BlockStmt] { ... }
 #    0|         0: [ReturnStmt] return ...
 #    0|           0: [VarAccess] this.strs
 #    0|             -1: [ThisAccess] this
-#    0|     1: [Method] copy
+#    0|     3: [Method] copy
 #    0|       3: [TypeAccess] ProtoMapValue
 #-----|       4: (Parameters)
 #    1|         0: [Parameter] bytes
@@ -28,47 +28,7 @@ dc.kt:
 #    0|             -3: [TypeAccess] ProtoMapValue
 #    0|             0: [VarAccess] bytes
 #    0|             1: [VarAccess] strs
-#    0|     1: [Method] toString
-#    0|       3: [TypeAccess] String
-#    0|       5: [BlockStmt] { ... }
-#    0|         0: [ReturnStmt] return ...
-#    0|           0: [StringTemplateExpr] "..."
-#    0|             0: [StringLiteral] ProtoMapValue(
-#    0|             1: [StringLiteral] bytes=
-#    0|             2: [MethodAccess] toString(...)
-#    0|               -1: [TypeAccess] Arrays
-#    0|               0: [VarAccess] this.bytes
-#    0|                 -1: [ThisAccess] this
-#    0|             3: [StringLiteral] , 
-#    0|             4: [StringLiteral] strs=
-#    0|             5: [MethodAccess] toString(...)
-#    0|               -1: [TypeAccess] Arrays
-#    0|               0: [VarAccess] this.strs
-#    0|                 -1: [ThisAccess] this
-#    0|             6: [StringLiteral] )
-#    0|     1: [Method] hashCode
-#    0|       3: [TypeAccess] int
-#    0|       5: [BlockStmt] { ... }
-#    0|         0: [LocalVariableDeclStmt] var ...;
-#    0|           1: [LocalVariableDeclExpr] result
-#    0|             0: [MethodAccess] hashCode(...)
-#    0|               -1: [TypeAccess] Arrays
-#    0|               0: [VarAccess] this.bytes
-#    0|                 -1: [ThisAccess] this
-#    0|         1: [ExprStmt] <Expr>;
-#    0|           0: [AssignExpr] ...=...
-#    0|             0: [VarAccess] result
-#    0|             1: [MethodAccess] plus(...)
-#    0|               -1: [MethodAccess] times(...)
-#    0|                 -1: [VarAccess] result
-#    0|                 0: [IntegerLiteral] 31
-#    0|               0: [MethodAccess] hashCode(...)
-#    0|                 -1: [TypeAccess] Arrays
-#    0|                 0: [VarAccess] this.strs
-#    0|                   -1: [ThisAccess] this
-#    0|         2: [ReturnStmt] return ...
-#    0|           0: [VarAccess] result
-#    0|     1: [Method] equals
+#    0|     4: [Method] equals
 #    0|       3: [TypeAccess] boolean
 #-----|       4: (Parameters)
 #    0|         0: [Parameter] other
@@ -117,6 +77,46 @@ dc.kt:
 #    0|                 0: [BooleanLiteral] false
 #    0|         5: [ReturnStmt] return ...
 #    0|           0: [BooleanLiteral] true
+#    0|     5: [Method] hashCode
+#    0|       3: [TypeAccess] int
+#    0|       5: [BlockStmt] { ... }
+#    0|         0: [LocalVariableDeclStmt] var ...;
+#    0|           1: [LocalVariableDeclExpr] result
+#    0|             0: [MethodAccess] hashCode(...)
+#    0|               -1: [TypeAccess] Arrays
+#    0|               0: [VarAccess] this.bytes
+#    0|                 -1: [ThisAccess] this
+#    0|         1: [ExprStmt] <Expr>;
+#    0|           0: [AssignExpr] ...=...
+#    0|             0: [VarAccess] result
+#    0|             1: [MethodAccess] plus(...)
+#    0|               -1: [MethodAccess] times(...)
+#    0|                 -1: [VarAccess] result
+#    0|                 0: [IntegerLiteral] 31
+#    0|               0: [MethodAccess] hashCode(...)
+#    0|                 -1: [TypeAccess] Arrays
+#    0|                 0: [VarAccess] this.strs
+#    0|                   -1: [ThisAccess] this
+#    0|         2: [ReturnStmt] return ...
+#    0|           0: [VarAccess] result
+#    0|     6: [Method] toString
+#    0|       3: [TypeAccess] String
+#    0|       5: [BlockStmt] { ... }
+#    0|         0: [ReturnStmt] return ...
+#    0|           0: [StringTemplateExpr] "..."
+#    0|             0: [StringLiteral] ProtoMapValue(
+#    0|             1: [StringLiteral] bytes=
+#    0|             2: [MethodAccess] toString(...)
+#    0|               -1: [TypeAccess] Arrays
+#    0|               0: [VarAccess] this.bytes
+#    0|                 -1: [ThisAccess] this
+#    0|             3: [StringLiteral] , 
+#    0|             4: [StringLiteral] strs=
+#    0|             5: [MethodAccess] toString(...)
+#    0|               -1: [TypeAccess] Arrays
+#    0|               0: [VarAccess] this.strs
+#    0|                 -1: [ThisAccess] this
+#    0|             6: [StringLiteral] )
 #    1|     7: [Constructor] ProtoMapValue
 #-----|       4: (Parameters)
 #    1|         0: [Parameter] bytes
@@ -133,23 +133,23 @@ dc.kt:
 #    1|           1: [ExprStmt] <Expr>;
 #    1|             0: [KtInitializerAssignExpr] ...=...
 #    1|               0: [VarAccess] strs
-#    1|     8: [Method] getBytes
+#    1|     8: [FieldDeclaration] byte[] bytes;
+#    1|       -1: [TypeAccess] byte[]
+#    1|       0: [VarAccess] bytes
+#    1|     9: [Method] getBytes
 #    1|       3: [TypeAccess] byte[]
 #    1|       5: [BlockStmt] { ... }
 #    1|         0: [ReturnStmt] return ...
 #    1|           0: [VarAccess] this.bytes
 #    1|             -1: [ThisAccess] this
-#    1|     8: [FieldDeclaration] byte[] bytes;
-#    1|       -1: [TypeAccess] byte[]
-#    1|       0: [VarAccess] bytes
-#    1|     10: [Method] getStrs
+#    1|     10: [FieldDeclaration] String[] strs;
+#    1|       -1: [TypeAccess] String[]
+#    1|         0: [TypeAccess] String
+#    1|       0: [VarAccess] strs
+#    1|     11: [Method] getStrs
 #    1|       3: [TypeAccess] String[]
 #    1|         0: [TypeAccess] String
 #    1|       5: [BlockStmt] { ... }
 #    1|         0: [ReturnStmt] return ...
 #    1|           0: [VarAccess] this.strs
 #    1|             -1: [ThisAccess] this
-#    1|     10: [FieldDeclaration] String[] strs;
-#    1|       -1: [TypeAccess] String[]
-#    1|         0: [TypeAccess] String
-#    1|       0: [VarAccess] strs

java/ql/test/kotlin/library-tests/exprs_typeaccess/PrintAst.expected

@@ -34,7 +34,7 @@ A.kt:
 #   13|         0: [ReturnStmt] return ...
 #   13|           0: [VarAccess] this.prop
 #   13|             -1: [ThisAccess] this
-#   13|     6: [FieldDeclaration] int prop;
+#   13|     7: [FieldDeclaration] int prop;
 #   13|       -1: [TypeAccess] int
 #   13|       0: [MethodAccess] fn(...)
 #   13|         -1: [ThisAccess] A.this
@@ -74,14 +74,14 @@ A.kt:
 #   20|           0: [VarAccess] B.x
 #   20|             -1: [TypeAccess] B
 #   23|     11: [Class] Enu
-#    0|       1: [Method] values
-#    0|         3: [TypeAccess] Enu[]
-#    0|           0: [TypeAccess] Enu
-#    0|       1: [Method] valueOf
+#    0|       2: [Method] valueOf
 #    0|         3: [TypeAccess] Enu
 #-----|         4: (Parameters)
 #    0|           0: [Parameter] value
 #    0|             0: [TypeAccess] String
+#    0|       3: [Method] values
+#    0|         3: [TypeAccess] Enu[]
+#    0|           0: [TypeAccess] Enu
 #   23|       4: [Constructor] Enu
 #   23|         5: [BlockStmt] { ... }
 #   23|           0: [ExprStmt] <Expr>;