Merge branch 'main' into am0o0-java-PathInjection

2026-04-24 16:25:15 +02:00 · 2024-08-05 11:41:25 +01:00
parent 4169cfac9f fe00dbc96c
commit 95e504a5ff
2798 changed files with 193764 additions and 62937 deletions
--- a/java/ql/automodel/src/CHANGELOG.md
+++ b/java/ql/automodel/src/CHANGELOG.md
@@ -1,3 +1,25 @@
+## 1.0.4
+
+No user-facing changes.
+
+## 1.0.3
+
+No user-facing changes.
+
+## 1.0.2
+
+No user-facing changes.
+
+## 1.0.1
+
+No user-facing changes.
+
+## 1.0.0
+
+### Breaking Changes
+
+* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0.
+
 ## 0.0.23

 No user-facing changes.
--- a/java/ql/automodel/src/change-notes/2024-05-23-Version1.md
+++ b/java/ql/automodel/src/change-notes/2024-05-23-Version1.md
@@ -1,4 +1,5 @@
---
-category: breaking
---
+## 1.0.0
+
+### Breaking Changes
+
 * CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0.
--- a/java/ql/automodel/src/change-notes/released/1.0.1.md
+++ b/java/ql/automodel/src/change-notes/released/1.0.1.md
@@ -0,0 +1,3 @@
+## 1.0.1
+
+No user-facing changes.
--- a/java/ql/automodel/src/change-notes/released/1.0.2.md
+++ b/java/ql/automodel/src/change-notes/released/1.0.2.md
@@ -0,0 +1,3 @@
+## 1.0.2
+
+No user-facing changes.
--- a/java/ql/automodel/src/change-notes/released/1.0.3.md
+++ b/java/ql/automodel/src/change-notes/released/1.0.3.md
@@ -0,0 +1,3 @@
+## 1.0.3
+
+No user-facing changes.
--- a/java/ql/automodel/src/change-notes/released/1.0.4.md
+++ b/java/ql/automodel/src/change-notes/released/1.0.4.md
@@ -0,0 +1,3 @@
+## 1.0.4
+
+No user-facing changes.
--- a/java/ql/automodel/src/codeql-pack.release.yml
+++ b/java/ql/automodel/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.23
+lastReleaseVersion: 1.0.4
--- a/java/ql/automodel/src/qlpack.yml
+++ b/java/ql/automodel/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 1.0.0-dev
+version: 1.0.5-dev
 groups:
    - java
    - automodel
--- a/java/ql/integration-tests/all-platforms/java/android-sample-kotlin-build-script-no-wrapper/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/android-sample-kotlin-build-script-no-wrapper/test.expected
@@ -1,3 +1,6 @@
+#select
+| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
+| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
 xmlFiles
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -15,6 +18,3 @@ xmlFiles
 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
 | project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
-#select
-| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
-| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
--- a/java/ql/integration-tests/all-platforms/java/android-sample-kotlin-build-script/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/android-sample-kotlin-build-script/test.expected
@@ -1,3 +1,6 @@
+#select
+| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
+| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
 xmlFiles
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -15,6 +18,3 @@ xmlFiles
 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
 | project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
-#select
-| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
-| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
--- a/java/ql/integration-tests/all-platforms/java/android-sample-no-wrapper/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/android-sample-no-wrapper/test.expected
@@ -1,3 +1,6 @@
+#select
+| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
+| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
 xmlFiles
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -15,6 +18,3 @@ xmlFiles
 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
 | project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
-#select
-| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
-| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
--- a/java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script-no-wrapper/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script-no-wrapper/test.expected
@@ -1,3 +1,6 @@
+#select
+| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
+| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
 xmlFiles
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -18,6 +21,3 @@ xmlFiles
 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
 | project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
-#select
-| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
-| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
--- a/java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script/test.expected
@@ -1,3 +1,6 @@
+#select
+| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
+| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
 xmlFiles
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -18,6 +21,3 @@ xmlFiles
 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
 | project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
-#select
-| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
-| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
--- a/java/ql/integration-tests/all-platforms/java/android-sample-old-style-no-wrapper/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/android-sample-old-style-no-wrapper/test.expected
@@ -1,3 +1,6 @@
+#select
+| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
+| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
 xmlFiles
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -18,6 +21,3 @@ xmlFiles
 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
 | project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
-#select
-| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
-| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
--- a/java/ql/integration-tests/all-platforms/java/android-sample-old-style/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/android-sample-old-style/test.expected
@@ -1,3 +1,6 @@
+#select
+| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
+| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
 xmlFiles
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -18,6 +21,3 @@ xmlFiles
 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
 | project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
-#select
-| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
-| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
--- a/java/ql/integration-tests/all-platforms/java/android-sample/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/android-sample/test.expected
@@ -1,3 +1,6 @@
+#select
+| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
+| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
 xmlFiles
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -15,6 +18,3 @@ xmlFiles
 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
 | project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
-#select
-| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
-| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
--- a/java/ql/integration-tests/all-platforms/java/ant-sample/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/ant-sample/test.expected
@@ -1,4 +1,4 @@
-xmlFiles
-| build.xml:0:0:0:0 | build.xml |
 #select
 | src/main/java/com/example/App.java:0:0:0:0 | App |
+xmlFiles
+| build.xml:0:0:0:0 | build.xml |
--- a/java/ql/integration-tests/all-platforms/java/buildless-dependency-different-repository/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/buildless-dependency-different-repository/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/buildless-erroneous/DatabaseQualityDiagnostics.expected
+++ b/java/ql/integration-tests/all-platforms/java/buildless-erroneous/DatabaseQualityDiagnostics.expected
@@ -0,0 +1,6 @@
+diagnosticAttributes
+| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityCliSummaryTable | true |
+| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityStatusPage | true |
+| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | visibilityTelemetry | true |
+#select
+| Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | Scanning Java code completed successfully, but the scan encountered issues. This may be caused by problems identifying dependencies or use of generated source code, among other reasons -- see other CodeQL diagnostics reported on the CodeQL status page for more details of possible causes. Addressing these warnings is advisable to avoid false-positive or missing results. If they cannot be addressed, consider scanning Java using either the `autobuild` or `manual` [build modes](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#comparison-of-the-build-modes). | 1 |
--- a/java/ql/integration-tests/all-platforms/java/buildless-erroneous/DatabaseQualityDiagnostics.qlref
+++ b/java/ql/integration-tests/all-platforms/java/buildless-erroneous/DatabaseQualityDiagnostics.qlref
@@ -0,0 +1 @@
+Telemetry/DatabaseQualityDiagnostics.ql
--- a/java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/diagnostics.expected
+++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/diagnostics.expected
@@ -1,6 +1,6 @@
 {
  "markdownMessage": "A Gradle process was aborted because it didn't write to the console for 5 seconds. Consider either lengthening the timeout if appropriate by setting CODEQL_EXTRACTOR_JAVA_BUILDLESS_CHILD_PROCESS_IDLE_TIMEOUT to a higher value or zero for no timeout, or else investigate why Gradle timed out. Java analysis will continue, but the analysis may be of reduced quality.",
-  "severity": "warning",
+  "severity": "note",
  "source": {
    "extractorName": "java",
    "id": "java/autobuilder/buildless/gradle-timed-out",
@@ -14,7 +14,7 @@
 }
 {
  "markdownMessage": "Build tool(s) should have been able to provide a recommended classpath but the attempt failed. Extraction will continue, but external dependencies will be inferred from the Java package names used. Consider troubleshooting the build tool error or using a build mode other than 'none'.",
-  "severity": "warning",
+  "severity": "note",
  "source": {
    "extractorName": "java",
    "id": "java/autobuilder/buildless/classpath-from-tool-failed",
@@ -84,7 +84,7 @@
 }
 {
  "markdownMessage": "Running the Gradle plugin `org.gradle:github-dependency-graph-gradle-plugin` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
-  "severity": "warning",
+  "severity": "note",
  "source": {
    "extractorName": "java",
    "id": "java/autobuilder/buildless/github-dependency-graph-gradle-plugin-failed",
--- a/java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/buildless-gradle-timeout/test.expected
@@ -1,5 +1,5 @@
-xmlFiles
-| gradle/verification-metadata.xml:0:0:0:0 | gradle/verification-metadata.xml |
 #select
 | src/main/java/com/example/App.java:0:0:0:0 | App |
 | src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
+xmlFiles
+| gradle/verification-metadata.xml:0:0:0:0 | gradle/verification-metadata.xml |
--- a/java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/buildless-inherit-trust-store/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/diagnostics.expected
+++ b/java/ql/integration-tests/all-platforms/java/buildless-maven-timeout/diagnostics.expected
@@ -1,6 +1,6 @@
 {
  "markdownMessage": "A Maven process was aborted because it didn't write to the console for 5 seconds. Consider either lenghtening the timeout if appropriate by setting CODEQL_EXTRACTOR_JAVA_BUILDLESS_CHILD_PROCESS_IDLE_TIMEOUT to a higher value or zero for no timeout, or else investigate why Maven timed out. Java analysis will continue, but the analysis may be of reduced quality.",
-  "severity": "warning",
+  "severity": "note",
  "source": {
    "extractorName": "java",
    "id": "java/autobuilder/buildless/maven-timed-out",
@@ -14,7 +14,7 @@
 }
 {
  "markdownMessage": "Build tool(s) should have been able to provide a recommended classpath but the attempt failed. Extraction will continue, but external dependencies will be inferred from the Java package names used. Consider troubleshooting the build tool error or using a build mode other than 'none'.",
-  "severity": "warning",
+  "severity": "note",
  "source": {
    "extractorName": "java",
    "id": "java/autobuilder/buildless/classpath-from-tool-failed",
@@ -84,7 +84,7 @@
 }
 {
  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.2:graph` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
-  "severity": "warning",
+  "severity": "note",
  "source": {
    "extractorName": "java",
    "id": "java/autobuilder/buildless/depgraph-maven-plugin-failed",
--- a/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/diagnostics.expected
+++ b/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/diagnostics.expected
@@ -1,6 +1,6 @@
 {
  "markdownMessage": "At least one dependency JAR suggested by the build system could not be downloaded. This means the analysis will try to satisfy the dependency with its default choice for the required external package name, which may be the wrong version or the wrong package entirely. This may lead to partial analysis of code using this dependency. See the extraction log for full details. If the cause appears to be a temporary outage, consider retrying the analysis.",
-  "severity": "warning",
+  "severity": "note",
  "source": {
    "extractorName": "java",
    "id": "java/extractor/buildless/suggested-classpath-fetches-failed",
@@ -14,7 +14,7 @@
 }
 {
  "markdownMessage": "Buildless extraction tried and failed to fetch a jar (`https://repo1.maven.org/maven2, junit:junit:jar:9.9.9`). If a temporary network outage is likely, consider retrying the scan.",
-  "severity": "warning",
+  "severity": "note",
  "source": {
    "extractorName": "java",
    "id": "java/extractor/buildless/jar-fetch-failed",
@@ -98,7 +98,7 @@
 }
 {
  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.2:graph` yielded an artifact transfer exception. This means some dependency information will be unavailable, and so some dependencies will be guessed based on Java package names. Consider investigating why this plugin encountered errors retrieving dependencies.",
-  "severity": "warning",
+  "severity": "note",
  "source": {
    "extractorName": "java",
    "id": "java/autobuilder/buildless/depgraph-maven-plugin-transfer-exception",
--- a/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/buildless-maven/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/buildless-maven/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/.gitattributes
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/.gitattributes
@@ -0,0 +1,9 @@
+#
+# https://help.github.com/articles/dealing-with-line-endings/
+#
+# Linux start script should use lf
+/gradlew        text eol=lf
+
+# These are Windows script files and should use crlf
+*.bat           text eol=crlf
+
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/.gitignore
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/.gitignore
@@ -0,0 +1,5 @@
+# Ignore Gradle project-specific cache directory
+.gradle
+
+# Ignore Gradle build output directory
+build
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/build.gradle
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/build.gradle
@@ -0,0 +1,16 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ *
+ * This is a general purpose Gradle build.
+ * To learn more about Gradle by exploring our Samples at https://docs.gradle.org/8.3/samples
+ */
+
+apply plugin: 'java-library'
+
+repositories {
+  mavenCentral()
+}
+
+dependencies {
+  api 'org.apache.commons:commons-math3:3.6.1'
+}
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/buildless-fetches.expected
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/buildless-fetches.expected
@@ -0,0 +1 @@
+https://repo.maven.apache.org/maven2/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/diagnostics.expected
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/diagnostics.expected
@@ -0,0 +1,70 @@
+{
+  "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/using-build-tool-advice",
+    "name": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis used the system default JDK.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/jdk-system-default",
+    "name": "Java analysis used the system default JDK"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis with build-mode 'none' completed.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/complete",
+    "name": "Java analysis with build-mode 'none' completed"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/mode-active",
+    "name": "Java was extracted with build-mode set to 'none'"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": true,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Reading the dependency graph from build files provided 1 classpath entries",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/depgraph-provided-by-gradle",
+    "name": "Java analysis extracted precise dependency graph information from tool Gradle"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/force_sequential_test_execution
@@ -0,0 +1,3 @@
+# We currently have a bug where gradle tests become flaky when executed in parallel
+# - sometimes, gradle fails to connect to the gradle daemon.
+# Therefore, force this test to run sequentially.
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/gradle/wrapper/gradle-wrapper.jar
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/gradle/wrapper/gradle-wrapper.jar
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/gradle/wrapper/gradle-wrapper.properties
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,7 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/gradlew
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/gradlew
@@ -0,0 +1,249 @@
+#!/bin/sh
+
+#
+# Copyright © 2015-2021 the original authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##############################################################################
+#
+#   Gradle start up script for POSIX generated by Gradle.
+#
+#   Important for running:
+#
+#   (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
+#       noncompliant, but you have some other compliant shell such as ksh or
+#       bash, then to run this script, type that shell name before the whole
+#       command line, like:
+#
+#           ksh Gradle
+#
+#       Busybox and similar reduced shells will NOT work, because this script
+#       requires all of these POSIX shell features:
+#         * functions;
+#         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
+#           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
+#         * compound commands having a testable exit status, especially «case»;
+#         * various built-in commands including «command», «set», and «ulimit».
+#
+#   Important for patching:
+#
+#   (2) This script targets any POSIX shell, so it avoids extensions provided
+#       by Bash, Ksh, etc; in particular arrays are avoided.
+#
+#       The "traditional" practice of packing multiple parameters into a
+#       space-separated string is a well documented source of bugs and security
+#       problems, so this is (mostly) avoided, by progressively accumulating
+#       options in "$@", and eventually passing that to Java.
+#
+#       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
+#       and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
+#       see the in-line comments for details.
+#
+#       There are tweaks for specific operating systems such as AIX, CygWin,
+#       Darwin, MinGW, and NonStop.
+#
+#   (3) This script is generated from the Groovy template
+#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       within the Gradle project.
+#
+#       You can find Gradle at https://github.com/gradle/gradle/.
+#
+##############################################################################
+
+# Attempt to set APP_HOME
+
+# Resolve links: $0 may be a link
+app_path=$0
+
+# Need this for daisy-chained symlinks.
+while
+    APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
+    [ -h "$app_path" ]
+do
+    ls=$( ls -ld "$app_path" )
+    link=${ls#*' -> '}
+    case $link in             #(
+      /*)   app_path=$link ;; #(
+      *)    app_path=$APP_HOME$link ;;
+    esac
+done
+
+# This is normally unused
+# shellcheck disable=SC2034
+APP_BASE_NAME=${0##*/}
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD=maximum
+
+warn () {
+    echo "$*"
+} >&2
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+} >&2
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "$( uname )" in                #(
+  CYGWIN* )         cygwin=true  ;; #(
+  Darwin* )         darwin=true  ;; #(
+  MSYS* | MINGW* )  msys=true    ;; #(
+  NONSTOP* )        nonstop=true ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD=$JAVA_HOME/jre/sh/java
+    else
+        JAVACMD=$JAVA_HOME/bin/java
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD=java
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+fi
+
+# Increase the maximum file descriptors if we can.
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
+    case $MAX_FD in #(
+      max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC3045
+        MAX_FD=$( ulimit -H -n ) ||
+            warn "Could not query maximum file descriptor limit"
+    esac
+    case $MAX_FD in  #(
+      '' | soft) :;; #(
+      *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC3045
+        ulimit -n "$MAX_FD" ||
+            warn "Could not set maximum file descriptor limit to $MAX_FD"
+    esac
+fi
+
+# Collect all arguments for the java command, stacking in reverse order:
+#   * args from the command line
+#   * the main class name
+#   * -classpath
+#   * -D...appname settings
+#   * --module-path (only if needed)
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if "$cygwin" || "$msys" ; then
+    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
+    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
+
+    JAVACMD=$( cygpath --unix "$JAVACMD" )
+
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    for arg do
+        if
+            case $arg in                                #(
+              -*)   false ;;                            # don't mess with options #(
+              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
+                    [ -e "$t" ] ;;                      #(
+              *)    false ;;
+            esac
+        then
+            arg=$( cygpath --path --ignore --mixed "$arg" )
+        fi
+        # Roll the args list around exactly as many times as the number of
+        # args, so each arg winds up back in the position where it started, but
+        # possibly modified.
+        #
+        # NB: a `for` loop captures its iteration list before it begins, so
+        # changing the positional parameters here affects neither the number of
+        # iterations, nor the values presented in `arg`.
+        shift                   # remove old arg
+        set -- "$@" "$arg"      # push replacement arg
+    done
+fi
+
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Collect all arguments for the java command;
+#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
+#     shell script including quotes and variable substitutions, so put them in
+#     double quotes to make sure that they get re-expanded; and
+#   * put everything else in single quotes, so that it's not re-expanded.
+
+set -- \
+        "-Dorg.gradle.appname=$APP_BASE_NAME" \
+        -classpath "$CLASSPATH" \
+        org.gradle.wrapper.GradleWrapperMain \
+        "$@"
+
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
+# Use "xargs" to parse quoted args.
+#
+# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
+#
+# In Bash we could simply go:
+#
+#   readarray ARGS < <( xargs -n1 <<<"$var" ) &&
+#   set -- "${ARGS[@]}" "$@"
+#
+# but POSIX shell has neither arrays nor command substitution, so instead we
+# post-process each arg (as a line of input to sed) to backslash-escape any
+# character that might be a shell metacharacter, then use eval to reverse
+# that process (while maintaining the separation between arguments), and wrap
+# the whole thing up as a single "set" statement.
+#
+# This will of course break if any of these variables contains a newline or
+# an unmatched quote.
+#
+
+eval "set -- $(
+        printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+        xargs -n1 |
+        sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+        tr '\n' ' '
+    )" '"$@"'
+
+exec "$JAVACMD" "$@"
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/gradlew.bat
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/gradlew.bat
@@ -0,0 +1,92 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%"=="" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if %ERRORLEVEL% equ 0 goto execute
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+
+:end
+@rem End local scope for the variables with windows NT shell
+if %ERRORLEVEL% equ 0 goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/settings.gradle
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/settings.gradle
@@ -0,0 +1,8 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ *
+ * The settings file is used to specify which projects to include in your build.
+ * For more detailed information on multi-project builds, please refer to https://docs.gradle.org/8.3/userguide/building_swift_projects.html in the Gradle documentation.
+ */
+
+rootProject.name = 'buildless-gradle'
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/src/main/java/com/fractestexample/Test.java
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/src/main/java/com/fractestexample/Test.java
@@ -0,0 +1,9 @@
+package com.fractestexample;
+
+import org.apache.commons.math3.fraction.Fraction;
+
+public class Test {
+
+  public Fraction test() { return Fraction.ONE; }
+
+}
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/test.expected
@@ -0,0 +1 @@
+| src/main/java/com/fractestexample/Test.java:0:0:0:0 | Test |
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/test.py
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/test.py
@@ -0,0 +1,40 @@
+from create_database_utils import *
+from diagnostics_test_utils import *
+from buildless_test_utils import *
+import mitm_proxy
+import os
+import shutil
+import subprocess
+import sys
+
+shutil.rmtree('certs', ignore_errors=True)
+os.mkdir('certs')
+
+ca_cert_file = 'certs/ca-cert.pem'
+ca_key_file = 'certs/ca-key.pem'
+mitm_proxy.generateCA(ca_cert_file, ca_key_file)
+with open(ca_cert_file, 'rb') as f:
+    cert_pem = f.read().decode('ascii')
+
+# This starts an HTTP proxy server on http://localhost:9430
+environment = os.environ.copy()
+environment["PROXY_USER"] = "proxy"
+environment["PROXY_PASSWORD"] = "password"
+
+proxy_server_process = subprocess.Popen(
+    [sys.executable, mitm_proxy.__file__, "9430", "certs/ca-cert.pem", "certs/ca-key.pem"], env=environment)
+
+try:
+    run_codeql_database_create([], lang="java", extra_env={
+        "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS": "true",
+        "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_CLASSPATH_FROM_BUILD_FILES": "true",
+        "CODEQL_PROXY_HOST": "localhost",
+        "CODEQL_PROXY_PORT": "9430",
+        "CODEQL_PROXY_USER": "proxy",
+        "CODEQL_PROXY_PASSWORD": "password",
+        "CODEQL_PROXY_CA_CERTIFICATE": cert_pem
+    })
+finally:
+    proxy_server_process.kill()
+check_diagnostics()
+check_buildless_fetches()
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/test.ql
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-gradle/test.ql
@@ -0,0 +1,5 @@
+import java
+
+from File f
+where f.isSourceFile()
+select f
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/buildless-fetches.expected
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/buildless-fetches.expected
@@ -0,0 +1,26 @@
+https://repo.maven.apache.org/maven2/com/feiniaojin/naaf/naaf-graceful-response-example/1.0/naaf-graceful-response-example-1.0.jar
+https://repo.maven.apache.org/maven2/com/github/MoebiusSolutions/avro-registry-in-source/avro-registry-in-source-tests/1.8/avro-registry-in-source-tests-1.8.jar
+https://repo.maven.apache.org/maven2/com/github/MoebiusSolutions/avro-registry-in-source/example-project/1.5/example-project-1.5.jar
+https://repo.maven.apache.org/maven2/com/intuit/benten/benten-examples/0.1.5/benten-examples-0.1.5.jar
+https://repo.maven.apache.org/maven2/com/jakewharton/twirl/sample-runtime/1.2.0/sample-runtime-1.2.0.jar
+https://repo.maven.apache.org/maven2/com/mattunderscore/code/generation/specky/plugin-example/0.8.0/plugin-example-0.8.0.jar
+https://repo.maven.apache.org/maven2/com/microsoft/tang/tang-test-jarAB/0.9/tang-test-jarAB-0.9.jar
+https://repo.maven.apache.org/maven2/de/knutwalker/rx-redis-example_2.11/0.1.2/rx-redis-example_2.11-0.1.2.jar
+https://repo.maven.apache.org/maven2/de/knutwalker/rx-redis-java-example_2.11/0.1.2/rx-redis-java-example_2.11-0.1.2.jar
+https://repo.maven.apache.org/maven2/io/github/scrollsyou/example-spring-boot-starter/1.0.0/example-spring-boot-starter-1.0.0.jar
+https://repo.maven.apache.org/maven2/io/streamnative/com/example/maven-central-template/server/3.0.0/server-3.0.0.jar
+https://repo.maven.apache.org/maven2/junit/junit/4.11/junit-4.11.jar
+https://repo.maven.apache.org/maven2/no/nav/security/token-validation-ktor-demo/3.1.0/token-validation-ktor-demo-3.1.0.jar
+https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-fileupload/0.5.10/minijax-example-fileupload-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-inject/0.5.10/minijax-example-inject-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-json/0.5.10/minijax-example-json-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-mustache/0.5.10/minijax-example-mustache-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-petclinic/0.5.10/minijax-example-petclinic-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-security/0.5.10/minijax-example-security-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-ssl/0.5.10/minijax-example-ssl-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-todo-backend/0.5.10/minijax-example-todo-backend-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/minijax/minijax-example-websocket/0.5.10/minijax-example-websocket-0.5.10.jar
+https://repo.maven.apache.org/maven2/org/scalamock/scalamock-examples_2.10/3.6.0/scalamock-examples_2.10-3.6.0.jar
+https://repo.maven.apache.org/maven2/org/somda/sdc/glue-examples/4.0.0/glue-examples-4.0.0.jar
+https://repo.maven.apache.org/maven2/us/fatehi/schemacrawler-examplecode/16.20.2/schemacrawler-examplecode-16.20.2.jar
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/diagnostics.expected
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/diagnostics.expected
@@ -0,0 +1,70 @@
+{
+  "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/using-build-tool-advice",
+    "name": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis used the system default JDK.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/jdk-system-default",
+    "name": "Java analysis used the system default JDK"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis with build-mode 'none' completed.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/complete",
+    "name": "Java analysis with build-mode 'none' completed"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/mode-active",
+    "name": "Java was extracted with build-mode set to 'none'"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": true,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Reading the dependency graph from build files provided 2 classpath entries",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/depgraph-provided-by-maven",
+    "name": "Java analysis extracted precise dependency graph information from tool Maven"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/pom.xml
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/pom.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>com.example</groupId>
+  <artifactId>maven-sample</artifactId>
+  <version>1.0-SNAPSHOT</version>
+
+  <name>maven-sample</name>
+  <!-- FIXME change it to the project's website -->
+  <url>http://www.example.com</url>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <maven.compiler.source>1.7</maven.compiler.source>
+    <maven.compiler.target>1.7</maven.compiler.target>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.11</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <artifactId>exec-maven-plugin</artifactId>
+        <groupId>org.codehaus.mojo</groupId>
+        <version>1.1.1</version>
+        <executions>
+          <execution>
+            <id>check-maven-version</id>
+            <phase>package</phase>
+            <goals>
+              <goal>java</goal>
+            </goals>
+          </execution>
+        </executions>
+        <configuration>
+          <mainClass>com.example.App</mainClass>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>com.diffplug.spotless</groupId>
+        <artifactId>spotless-maven-plugin</artifactId>
+        <version>2.19.1</version>
+        <executions>
+          <execution>
+            <goals>
+              <goal>check</goal>
+            </goals>
+            <phase>compile</phase>
+          </execution>
+        </executions>
+        <configuration>
+          <java>
+            <licenseHeader>
+              <content>/* FAIL ME */</content>
+            </licenseHeader>
+          </java>
+        </configuration>
+      </plugin>
+    </plugins>
+    <pluginManagement>
+      <!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
+      <plugins>
+        <!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle -->
+        <plugin>
+          <artifactId>maven-clean-plugin</artifactId>
+          <version>3.1.0</version>
+        </plugin>
+        <!-- default lifecycle, jar packaging: see https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging -->
+        <plugin>
+          <artifactId>maven-resources-plugin</artifactId>
+          <version>3.0.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-compiler-plugin</artifactId>
+          <version>3.8.0</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-surefire-plugin</artifactId>
+          <version>2.22.1</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-jar-plugin</artifactId>
+          <version>3.0.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-install-plugin</artifactId>
+          <version>2.5.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-deploy-plugin</artifactId>
+          <version>2.8.2</version>
+        </plugin>
+        <!-- site lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#site_Lifecycle -->
+        <plugin>
+          <artifactId>maven-site-plugin</artifactId>
+          <version>3.7.1</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-project-info-reports-plugin</artifactId>
+          <version>3.0.0</version>
+        </plugin>
+      </plugins>
+    </pluginManagement>
+  </build>
+</project>
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/src/main/java/com/example/App.java
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/src/main/java/com/example/App.java
@@ -0,0 +1,30 @@
+package com.example;
+
+import java.util.regex.Pattern;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+    public static void main( String[] args )
+    {
+        System.out.println( "Hello World!" );
+        String expectedVersion = System.getenv("EXPECT_MAVEN");
+        Path mavenHome = Paths.get(System.getProperty("maven.home")).normalize();
+        String observedVersion = mavenHome.getFileName().toString();
+        if (expectedVersion != null && !expectedVersion.equals(observedVersion)) {
+                System.err.println("Wrong maven version, expected '" + expectedVersion + "' but got '" + observedVersion + "'" + mavenHome);
+                System.exit(1);
+        }
+        String commandMatcher = System.getenv("EXPECT_COMMAND_REGEX");
+        String command = System.getProperty("sun.java.command");
+        if (commandMatcher != null && !Pattern.matches(commandMatcher, command)) {
+                System.err.println("Wrong command line, '" + command + "' does not match '" + commandMatcher + "'");
+                System.exit(1);
+        }
+    }
+}
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/src/main/resources/my-app.properties
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/src/main/resources/my-app.properties
@@ -0,0 +1 @@
+version=1.0
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/src/main/resources/page.xml
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/src/main/resources/page.xml
@@ -0,0 +1,8 @@
+<html>
+<head>
+<title>A sample</title>
+</head>
+<body>
+<p>Hello world!</p>
+</body>
+</html>
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/src/main/resources/struts.xml
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/src/main/resources/struts.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<struts>
+This is a sample file
+</struts>
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/src/test/java/com/example/AppTest.java
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/src/test/java/com/example/AppTest.java
@@ -0,0 +1,20 @@
+package com.example;
+
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+{
+    /**
+     * Rigorous Test :-)
+     */
+    @Test
+    public void shouldAnswerWithTrue()
+    {
+        assertTrue( true );
+    }
+}
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/test.expected
@@ -0,0 +1,11 @@
+#select
+| src/main/java/com/example/App.java:0:0:0:0 | App |
+| src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
+xmlFiles
+| pom.xml:0:0:0:0 | pom.xml |
+| src/main/resources/page.xml:0:0:0:0 | src/main/resources/page.xml |
+| src/main/resources/struts.xml:0:0:0:0 | src/main/resources/struts.xml |
+| test-db/working/settings.xml:0:0:0:0 | test-db/working/settings.xml |
+propertiesFiles
+| src/main/resources/my-app.properties:0:0:0:0 | src/main/resources/my-app.properties |
+| test-db/log/ext/javac.properties:0:0:0:0 | test-db/log/ext/javac.properties |
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/test.py
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/test.py
@@ -0,0 +1,40 @@
+from create_database_utils import *
+from diagnostics_test_utils import *
+from buildless_test_utils import *
+import mitm_proxy
+import os
+import shutil
+import subprocess
+import sys
+
+shutil.rmtree('certs', ignore_errors=True)
+os.mkdir('certs')
+
+ca_cert_file = 'certs/ca-cert.pem'
+ca_key_file = 'certs/ca-key.pem'
+mitm_proxy.generateCA(ca_cert_file, ca_key_file)
+with open(ca_cert_file, 'rb') as f:
+    cert_pem = f.read().decode('ascii')
+
+# This starts an HTTP proxy server on http://localhost:9431
+environment = os.environ.copy()
+environment["PROXY_USER"] = "proxy"
+environment["PROXY_PASSWORD"] = "password"
+
+proxy_server_process = subprocess.Popen(
+    [sys.executable, mitm_proxy.__file__, "9431", "certs/ca-cert.pem", "certs/ca-key.pem"], env=environment)
+
+try:
+    run_codeql_database_create([], lang="java", extra_env={
+        "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS": "true",
+        "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_CLASSPATH_FROM_BUILD_FILES": "true",
+        "CODEQL_PROXY_HOST": "localhost",
+        "CODEQL_PROXY_PORT": "9431",
+        "CODEQL_PROXY_USER": "proxy",
+        "CODEQL_PROXY_PASSWORD": "password",
+        "CODEQL_PROXY_CA_CERTIFICATE": cert_pem
+    })
+finally:
+    proxy_server_process.kill()
+check_diagnostics()
+check_buildless_fetches()
--- a/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/test.ql
+++ b/java/ql/integration-tests/all-platforms/java/buildless-proxy-maven/test.ql
@@ -0,0 +1,9 @@
+import java
+
+from File f
+where f.isSourceFile()
+select f
+
+query predicate xmlFiles(XmlFile x) { any() }
+
+query predicate propertiesFiles(File f) { f.getExtension() = "properties" }
--- a/java/ql/integration-tests/all-platforms/java/buildless-snapshot-repository/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/buildless-snapshot-repository/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/diagnostics/dependency-error/diagnostics.expected
+++ b/java/ql/integration-tests/all-platforms/java/diagnostics/dependency-error/diagnostics.expected
@@ -1,5 +1,5 @@
 {
-  "markdownMessage": "A dependency failed to download. Check that all dependencies are available, and [supply credentials for any private dependencies](https://github.com/Azure/actions-workflow-samples/blob/master/assets/create-secrets-for-GitHub-workflows.md#set-up-secrets-in-github-action-workflows).\n\nRelevant output line: `Caused by: org.eclipse.aether.transfer.ArtifactNotFoundException: Could not find artifact junit:junit-nonesuch:jar:4.11 in central (https://repo.maven.apache.org/maven2)`",
+  "markdownMessage": "A dependency failed to download. Check that all dependencies are available, and [supply credentials for any private dependencies](https://github.com/Azure/actions-workflow-samples/blob/master/assets/create-secrets-for-GitHub-workflows.md#set-up-secrets-in-github-action-workflows).\n\n",
  "severity": "error",
  "source": {
    "extractorName": "java",
--- a/java/ql/integration-tests/all-platforms/java/diagnostics/dependency-error/test.py
+++ b/java/ql/integration-tests/all-platforms/java/diagnostics/dependency-error/test.py
@@ -1,6 +1,7 @@
 import os
 import pathlib
 import shutil
+import re

 from create_database_utils import *
 from diagnostics_test_utils import *
@@ -13,4 +14,5 @@ except FileNotFoundError:

 run_codeql_database_create([], lang="java", runFunction = runUnsuccessfully, db = None)

-check_diagnostics()
+# Drop the specific output line here because it varies from version to version of Maven.
+check_diagnostics(replacements = {"Relevant output line: [^\"]*": ""})
--- a/java/ql/integration-tests/all-platforms/java/diagnostics/maven-http-repository/diagnostics.expected
+++ b/java/ql/integration-tests/all-platforms/java/diagnostics/maven-http-repository/diagnostics.expected
@@ -1,3 +1,17 @@
+{
+  "markdownMessage": "A dependency failed to download. Check that all dependencies are available, and [supply credentials for any private dependencies](https://github.com/Azure/actions-workflow-samples/blob/master/assets/create-secrets-for-GitHub-workflows.md#set-up-secrets-in-github-action-workflows).\n\nRelevant output line: `Caused by: org.apache.maven.project.DependencyResolutionException: Could not resolve dependencies for project com.example:maven-sample:jar:1.0-SNAPSHOT: Failed to collect dependencies at junit-nonesuch:junit-nonesuch:jar:4.11`",
+  "severity": "error",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/dependency-download-failure",
+    "name": "Failed to download a dependency"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
  "markdownMessage": "Building your code triggered an access to an insecure HTTP Maven repository. Allow access to insecure repositories, or [update your build to use HTTPS](https://maven.apache.org/docs/3.8.1/release-notes.html#how-to-fix-when-i-get-a-http-repository-blocked).\n\nRelevant output line: `Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact junit-nonesuch:junit-nonesuch:pom:4.11 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [insecure (http://repo.maven.apache.org/maven2/, default, releases+snapshots)]`",
  "severity": "error",
--- a/java/ql/integration-tests/all-platforms/java/ecj-sample-noexit/Test.java
+++ b/java/ql/integration-tests/all-platforms/java/ecj-sample-noexit/Test.java
@@ -0,0 +1 @@
+public class Test { }
--- a/java/ql/integration-tests/all-platforms/java/ecj-sample-noexit/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/ecj-sample-noexit/test.expected
@@ -0,0 +1 @@
+| Test.java:1:14:1:17 | Test |
--- a/java/ql/integration-tests/all-platforms/java/ecj-sample-noexit/test.py
+++ b/java/ql/integration-tests/all-platforms/java/ecj-sample-noexit/test.py
@@ -0,0 +1,6 @@
+import urllib.request
+from create_database_utils import *
+
+urllib.request.urlretrieve("https://repo1.maven.org/maven2/org/eclipse/jdt/ecj/3.37.0/ecj-3.37.0.jar", "ecj.jar")
+
+run_codeql_database_create(["java -cp ecj.jar org.eclipse.jdt.internal.compiler.batch.Main -noExit Test.java"], lang="java")
--- a/java/ql/integration-tests/all-platforms/java/ecj-sample-noexit/test.ql
+++ b/java/ql/integration-tests/all-platforms/java/ecj-sample-noexit/test.ql
@@ -0,0 +1,3 @@
+import java
+
+select any(Class c | c.fromSource())
--- a/java/ql/integration-tests/all-platforms/java/ecj-sample/Test.java
+++ b/java/ql/integration-tests/all-platforms/java/ecj-sample/Test.java
@@ -0,0 +1 @@
+public class Test { }
--- a/java/ql/integration-tests/all-platforms/java/ecj-sample/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/ecj-sample/test.expected
@@ -0,0 +1 @@
+| Test.java:1:14:1:17 | Test |
--- a/java/ql/integration-tests/all-platforms/java/ecj-sample/test.py
+++ b/java/ql/integration-tests/all-platforms/java/ecj-sample/test.py
@@ -0,0 +1,6 @@
+import urllib.request
+from create_database_utils import *
+
+urllib.request.urlretrieve("https://repo1.maven.org/maven2/org/eclipse/jdt/ecj/3.37.0/ecj-3.37.0.jar", "ecj.jar")
+
+run_codeql_database_create(["java -cp ecj.jar org.eclipse.jdt.internal.compiler.batch.Main Test.java"], lang="java")
--- a/java/ql/integration-tests/all-platforms/java/ecj-sample/test.ql
+++ b/java/ql/integration-tests/all-platforms/java/ecj-sample/test.ql
@@ -0,0 +1,3 @@
+import java
+
+select any(Class c | c.fromSource())
--- a/java/ql/integration-tests/all-platforms/java/ecj-tolerate-enum-annotations/Diagnostics.expected
+++ b/java/ql/integration-tests/all-platforms/java/ecj-tolerate-enum-annotations/Diagnostics.expected
--- a/java/ql/integration-tests/all-platforms/java/ecj-tolerate-enum-annotations/Diagnostics.ql
+++ b/java/ql/integration-tests/all-platforms/java/ecj-tolerate-enum-annotations/Diagnostics.ql
@@ -0,0 +1,4 @@
+import semmle.code.java.Diagnostics
+
+from Diagnostic d
+select d, d.getSeverity(), d.getMessage()
--- a/java/ql/integration-tests/all-platforms/java/ecj-tolerate-enum-annotations/Test.java
+++ b/java/ql/integration-tests/all-platforms/java/ecj-tolerate-enum-annotations/Test.java
@@ -0,0 +1,9 @@
+public enum Test {
+
+  A("A"), B("B"), C("C");
+
+  private Test(@Ann String x) { }
+
+}
+
+@interface Ann {}
--- a/java/ql/integration-tests/all-platforms/java/ecj-tolerate-enum-annotations/Test2.java
+++ b/java/ql/integration-tests/all-platforms/java/ecj-tolerate-enum-annotations/Test2.java
@@ -0,0 +1,2 @@
+
+public class Test2 { Test t; }
--- a/java/ql/integration-tests/all-platforms/java/ecj-tolerate-enum-annotations/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/ecj-tolerate-enum-annotations/test.expected
@@ -0,0 +1 @@
+| Test.java:5:16:5:28 | x | Test.java:5:16:5:19 | Ann |
--- a/java/ql/integration-tests/all-platforms/java/ecj-tolerate-enum-annotations/test.py
+++ b/java/ql/integration-tests/all-platforms/java/ecj-tolerate-enum-annotations/test.py
@@ -0,0 +1,8 @@
+import urllib.request
+from create_database_utils import *
+
+urllib.request.urlretrieve("https://repo1.maven.org/maven2/org/eclipse/jdt/ecj/3.38.0/ecj-3.38.0.jar", "ecj.jar")
+
+# This tests the case where ECJ emits a RuntimeIn/VisibleAnnotations attribute that isn't the same size as the corresponding method argument list, in particular due to forgetting to include the synthetic parameters added to explicit enumeration constructors.
+
+run_codeql_database_create(["java -cp ecj.jar org.eclipse.jdt.internal.compiler.batch.Main Test.java -d out -source 8", "java -cp ecj.jar org.eclipse.jdt.internal.compiler.batch.Main Test2.java -cp out -source 8"], lang="java")
--- a/java/ql/integration-tests/all-platforms/java/ecj-tolerate-enum-annotations/test.ql
+++ b/java/ql/integration-tests/all-platforms/java/ecj-tolerate-enum-annotations/test.ql
@@ -0,0 +1,4 @@
+import java
+
+from Parameter p
+select p, p.getAnAnnotation()
--- a/java/ql/integration-tests/all-platforms/java/gradle-sample-kotlin-script/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/gradle-sample-kotlin-script/test.expected
@@ -1,4 +1,4 @@
-xmlFiles
 #select
 | app/src/main/java/test/App.java:0:0:0:0 | App |
 | app/src/test/java/test/AppTest.java:0:0:0:0 | AppTest |
+xmlFiles
--- a/java/ql/integration-tests/all-platforms/java/gradle-sample/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/gradle-sample/test.expected
@@ -1,5 +1,5 @@
-xmlFiles
-| gradle/verification-metadata.xml:0:0:0:0 | gradle/verification-metadata.xml |
 #select
 | src/main/java/com/example/App.java:0:0:0:0 | App |
 | src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
+xmlFiles
+| gradle/verification-metadata.xml:0:0:0:0 | gradle/verification-metadata.xml |
--- a/java/ql/integration-tests/all-platforms/java/java-web-jsp/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/java-web-jsp/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/java-web-jsp/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/java-web-jsp/test.expected
@@ -1,15 +1,3 @@
-xmlFiles
-| pom.xml:0:0:0:0 | pom.xml |
-| spotbugs-security-exclude.xml:0:0:0:0 | spotbugs-security-exclude.xml |
-| spotbugs-security-include.xml:0:0:0:0 | spotbugs-security-include.xml |
-| src/main/webapp/WEB-INF/applicationContext.xml:0:0:0:0 | src/main/webapp/WEB-INF/applicationContext.xml |
-| src/main/webapp/WEB-INF/web.xml:0:0:0:0 | src/main/webapp/WEB-INF/web.xml |
-| src/main/webapp/WEB-INF/weblogic.xml:0:0:0:0 | src/main/webapp/WEB-INF/weblogic.xml |
-| target/vulnerable-jsp-app-1.0.0-SNAPSHOT/WEB-INF/applicationContext.xml:0:0:0:0 | target/vulnerable-jsp-app-1.0.0-SNAPSHOT/WEB-INF/applicationContext.xml |
-| target/vulnerable-jsp-app-1.0.0-SNAPSHOT/WEB-INF/web.xml:0:0:0:0 | target/vulnerable-jsp-app-1.0.0-SNAPSHOT/WEB-INF/web.xml |
-| target/vulnerable-jsp-app-1.0.0-SNAPSHOT/WEB-INF/weblogic.xml:0:0:0:0 | target/vulnerable-jsp-app-1.0.0-SNAPSHOT/WEB-INF/weblogic.xml |
-| target/web.xml:0:0:0:0 | target/web.xml |
-| target/webfrag.xml:0:0:0:0 | target/webfrag.xml |
 #select
 | src/main/java/com/acme/Counter.java:0:0:0:0 | Counter |
 | src/main/java/com/acme/Date2Tag.java:0:0:0:0 | Date2Tag |
@@ -56,3 +44,15 @@ xmlFiles
 | target/classes/jsp/xss/xss4_jsp.java:0:0:0:0 | xss4_jsp |
 | target/classes/jsp/xss/xss5_jsp.java:0:0:0:0 | xss5_jsp |
 | target/classes/org/apache/jsp/tag/web/panel_tag.java:0:0:0:0 | panel_tag |
+xmlFiles
+| pom.xml:0:0:0:0 | pom.xml |
+| spotbugs-security-exclude.xml:0:0:0:0 | spotbugs-security-exclude.xml |
+| spotbugs-security-include.xml:0:0:0:0 | spotbugs-security-include.xml |
+| src/main/webapp/WEB-INF/applicationContext.xml:0:0:0:0 | src/main/webapp/WEB-INF/applicationContext.xml |
+| src/main/webapp/WEB-INF/web.xml:0:0:0:0 | src/main/webapp/WEB-INF/web.xml |
+| src/main/webapp/WEB-INF/weblogic.xml:0:0:0:0 | src/main/webapp/WEB-INF/weblogic.xml |
+| target/vulnerable-jsp-app-1.0.0-SNAPSHOT/WEB-INF/applicationContext.xml:0:0:0:0 | target/vulnerable-jsp-app-1.0.0-SNAPSHOT/WEB-INF/applicationContext.xml |
+| target/vulnerable-jsp-app-1.0.0-SNAPSHOT/WEB-INF/web.xml:0:0:0:0 | target/vulnerable-jsp-app-1.0.0-SNAPSHOT/WEB-INF/web.xml |
+| target/vulnerable-jsp-app-1.0.0-SNAPSHOT/WEB-INF/weblogic.xml:0:0:0:0 | target/vulnerable-jsp-app-1.0.0-SNAPSHOT/WEB-INF/weblogic.xml |
+| target/web.xml:0:0:0:0 | target/web.xml |
+| target/webfrag.xml:0:0:0:0 | target/webfrag.xml |
--- a/java/ql/integration-tests/all-platforms/java/maven-enforcer/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/maven-enforcer/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/maven-enforcer/pom.xml
+++ b/java/ql/integration-tests/all-platforms/java/maven-enforcer/pom.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>com.example</groupId>
+  <artifactId>maven-sample</artifactId>
+  <version>1.0-SNAPSHOT</version>
+
+  <name>maven-sample</name>
+  <!-- FIXME change it to the project's website -->
+  <url>http://www.example.com</url>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <maven.compiler.source>1.7</maven.compiler.source>
+    <maven.compiler.target>1.7</maven.compiler.target>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.11</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <artifactId>exec-maven-plugin</artifactId>
+        <groupId>org.codehaus.mojo</groupId>
+        <version>1.1.1</version>
+        <executions>
+          <execution>
+            <id>check-maven-version</id>
+            <phase>package</phase>
+            <goals>
+              <goal>java</goal>
+            </goals>
+          </execution>
+        </executions>
+        <configuration>
+          <mainClass>com.example.App</mainClass>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>com.diffplug.spotless</groupId>
+        <artifactId>spotless-maven-plugin</artifactId>
+        <version>2.19.1</version>
+        <executions>
+          <execution>
+            <goals>
+              <goal>check</goal>
+            </goals>
+            <phase>compile</phase>
+          </execution>
+        </executions>
+        <configuration>
+          <java>
+            <licenseHeader>
+              <content>/* FAIL ME */</content>
+            </licenseHeader>
+          </java>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-enforcer-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>enforce-maven</id>
+            <goals>
+              <goal>enforce</goal>
+            </goals>
+            <configuration>
+              <rules>
+                <requireMavenVersion>
+                  <version>[3.1.1,)</version>
+                </requireMavenVersion>
+              </rules>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+    <pluginManagement>
+      <!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
+      <plugins>
+        <!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle -->
+        <plugin>
+          <artifactId>maven-clean-plugin</artifactId>
+          <version>3.1.0</version>
+        </plugin>
+        <!-- default lifecycle, jar packaging: see https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging -->
+        <plugin>
+          <artifactId>maven-resources-plugin</artifactId>
+          <version>3.0.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-compiler-plugin</artifactId>
+          <version>3.8.0</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-surefire-plugin</artifactId>
+          <version>2.22.1</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-jar-plugin</artifactId>
+          <version>3.0.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-install-plugin</artifactId>
+          <version>2.5.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-deploy-plugin</artifactId>
+          <version>2.8.2</version>
+        </plugin>
+        <!-- site lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#site_Lifecycle -->
+        <plugin>
+          <artifactId>maven-site-plugin</artifactId>
+          <version>3.7.1</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-project-info-reports-plugin</artifactId>
+          <version>3.0.0</version>
+        </plugin>
+      </plugins>
+    </pluginManagement>
+  </build>
+</project>
--- a/java/ql/integration-tests/all-platforms/java/maven-enforcer/src/main/java/com/example/App.java
+++ b/java/ql/integration-tests/all-platforms/java/maven-enforcer/src/main/java/com/example/App.java
@@ -0,0 +1,30 @@
+package com.example;
+
+import java.util.regex.Pattern;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+    public static void main( String[] args )
+    {
+        System.out.println( "Hello World!" );
+        String expectedVersion = System.getenv("EXPECT_MAVEN");
+        Path mavenHome = Paths.get(System.getProperty("maven.home")).normalize();
+        String observedVersion = mavenHome.getFileName().toString();
+        if (expectedVersion != null && !expectedVersion.equals(observedVersion)) {
+                System.err.println("Wrong maven version, expected '" + expectedVersion + "' but got '" + observedVersion + "'" + mavenHome);
+                System.exit(1);
+        }
+        String commandMatcher = System.getenv("EXPECT_COMMAND_REGEX");
+        String command = System.getProperty("sun.java.command");
+        if (commandMatcher != null && !Pattern.matches(commandMatcher, command)) {
+                System.err.println("Wrong command line, '" + command + "' does not match '" + commandMatcher + "'");
+                System.exit(1);
+        }
+    }
+}
--- a/java/ql/integration-tests/all-platforms/java/maven-enforcer/src/main/resources/my-app.properties
+++ b/java/ql/integration-tests/all-platforms/java/maven-enforcer/src/main/resources/my-app.properties
@@ -0,0 +1 @@
+version=1.0
--- a/java/ql/integration-tests/all-platforms/java/maven-enforcer/src/main/resources/page.xml
+++ b/java/ql/integration-tests/all-platforms/java/maven-enforcer/src/main/resources/page.xml
@@ -0,0 +1,8 @@
+<html>
+<head>
+<title>A sample</title>
+</head>
+<body>
+<p>Hello world!</p>
+</body>
+</html>
--- a/java/ql/integration-tests/all-platforms/java/maven-enforcer/src/main/resources/struts.xml
+++ b/java/ql/integration-tests/all-platforms/java/maven-enforcer/src/main/resources/struts.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<struts>
+This is a sample file
+</struts>
--- a/java/ql/integration-tests/all-platforms/java/maven-enforcer/src/test/java/com/example/AppTest.java
+++ b/java/ql/integration-tests/all-platforms/java/maven-enforcer/src/test/java/com/example/AppTest.java
@@ -0,0 +1,20 @@
+package com.example;
+
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+{
+    /**
+     * Rigorous Test :-)
+     */
+    @Test
+    public void shouldAnswerWithTrue()
+    {
+        assertTrue( true );
+    }
+}
--- a/java/ql/integration-tests/all-platforms/java/maven-enforcer/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/maven-enforcer/test.expected
@@ -0,0 +1,15 @@
+#select
+| src/main/java/com/example/App.java:0:0:0:0 | App |
+| src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
+xmlFiles
+| pom.xml:0:0:0:0 | pom.xml |
+| src/main/resources/page.xml:0:0:0:0 | src/main/resources/page.xml |
+| src/main/resources/struts.xml:0:0:0:0 | src/main/resources/struts.xml |
+| target/classes/page.xml:0:0:0:0 | target/classes/page.xml |
+| target/classes/struts.xml:0:0:0:0 | target/classes/struts.xml |
+propertiesFiles
+| src/main/resources/my-app.properties:0:0:0:0 | src/main/resources/my-app.properties |
+| target/classes/my-app.properties:0:0:0:0 | target/classes/my-app.properties |
+| target/maven-archiver/pom.properties:0:0:0:0 | target/maven-archiver/pom.properties |
+| test-db/log/ext/javac-1.properties:0:0:0:0 | test-db/log/ext/javac-1.properties |
+| test-db/log/ext/javac.properties:0:0:0:0 | test-db/log/ext/javac.properties |
--- a/java/ql/integration-tests/all-platforms/java/maven-enforcer/test.py
+++ b/java/ql/integration-tests/all-platforms/java/maven-enforcer/test.py
@@ -0,0 +1,5 @@
+import sys
+
+from create_database_utils import *
+
+run_codeql_database_create([], lang="java")
--- a/java/ql/integration-tests/all-platforms/java/maven-enforcer/test.ql
+++ b/java/ql/integration-tests/all-platforms/java/maven-enforcer/test.ql
@@ -0,0 +1,9 @@
+import java
+
+from File f
+where f.isSourceFile()
+select f
+
+query predicate xmlFiles(XmlFile x) { any() }
+
+query predicate propertiesFiles(File f) { f.getExtension() = "properties" }
--- a/java/ql/integration-tests/all-platforms/java/maven-sample-extract-properties/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/maven-sample-extract-properties/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/maven-sample-extract-properties/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/maven-sample-extract-properties/test.expected
@@ -1,3 +1,6 @@
+#select
+| src/main/java/com/example/App.java:0:0:0:0 | App |
+| src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
 xmlFiles
 | pom.xml:0:0:0:0 | pom.xml |
 | src/main/resources/page.xml:0:0:0:0 | src/main/resources/page.xml |
@@ -10,6 +13,3 @@ propertiesFiles
 | target/maven-archiver/pom.properties:0:0:0:0 | target/maven-archiver/pom.properties |
 | test-db/log/ext/javac-1.properties:0:0:0:0 | test-db/log/ext/javac-1.properties |
 | test-db/log/ext/javac.properties:0:0:0:0 | test-db/log/ext/javac.properties |
-#select
-| src/main/java/com/example/App.java:0:0:0:0 | App |
-| src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
--- a/java/ql/integration-tests/all-platforms/java/maven-sample-large-xml-files/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/maven-sample-large-xml-files/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/maven-sample-large-xml-files/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/maven-sample-large-xml-files/test.expected
@@ -1,7 +1,7 @@
+#select
+| src/main/java/com/example/App.java:0:0:0:0 | App |
+| src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
 xmlFiles
 | pom.xml:0:0:0:0 | pom.xml |
 | src/main/resources/struts.xml:0:0:0:0 | src/main/resources/struts.xml |
 | target/classes/struts.xml:0:0:0:0 | target/classes/struts.xml |
-#select
-| src/main/java/com/example/App.java:0:0:0:0 | App |
-| src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
--- a/java/ql/integration-tests/all-platforms/java/maven-sample-small-xml-files/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/maven-sample-small-xml-files/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/maven-sample-small-xml-files/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/maven-sample-small-xml-files/test.expected
@@ -1,3 +1,6 @@
+#select
+| src/main/java/com/example/App.java:0:0:0:0 | App |
+| src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
 xmlFiles
 | generated-0.xml:0:0:0:0 | generated-0.xml |
 | generated-1.xml:0:0:0:0 | generated-1.xml |
@@ -9,6 +12,3 @@ xmlFiles
 | src/main/resources/struts.xml:0:0:0:0 | src/main/resources/struts.xml |
 | target/classes/page.xml:0:0:0:0 | target/classes/page.xml |
 | target/classes/struts.xml:0:0:0:0 | target/classes/struts.xml |
-#select
-| src/main/java/com/example/App.java:0:0:0:0 | App |
-| src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
--- a/java/ql/integration-tests/all-platforms/java/maven-sample-xml-mode-all/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/maven-sample-xml-mode-all/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/maven-sample-xml-mode-all/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/maven-sample-xml-mode-all/test.expected
@@ -1,9 +1,9 @@
+#select
+| src/main/java/com/example/App.java:0:0:0:0 | App |
+| src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
 xmlFiles
 | pom.xml:0:0:0:0 | pom.xml |
 | src/main/resources/page.xml:0:0:0:0 | src/main/resources/page.xml |
 | src/main/resources/struts.xml:0:0:0:0 | src/main/resources/struts.xml |
 | target/classes/page.xml:0:0:0:0 | target/classes/page.xml |
 | target/classes/struts.xml:0:0:0:0 | target/classes/struts.xml |
-#select
-| src/main/java/com/example/App.java:0:0:0:0 | App |
-| src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
--- a/java/ql/integration-tests/all-platforms/java/maven-sample-xml-mode-byname/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/maven-sample-xml-mode-byname/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/maven-sample-xml-mode-byname/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/maven-sample-xml-mode-byname/test.expected
@@ -1,7 +1,7 @@
+#select
+| src/main/java/com/example/App.java:0:0:0:0 | App |
+| src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
 xmlFiles
 | pom.xml:0:0:0:0 | pom.xml |
 | src/main/resources/struts.xml:0:0:0:0 | src/main/resources/struts.xml |
 | target/classes/struts.xml:0:0:0:0 | target/classes/struts.xml |
-#select
-| src/main/java/com/example/App.java:0:0:0:0 | App |
-| src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
--- a/java/ql/integration-tests/all-platforms/java/maven-sample-xml-mode-disabled/force_sequential_test_execution
+++ b/java/ql/integration-tests/all-platforms/java/maven-sample-xml-mode-disabled/force_sequential_test_execution
@@ -0,0 +1 @@
+# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially
--- a/java/ql/integration-tests/all-platforms/java/maven-sample-xml-mode-disabled/test.expected
+++ b/java/ql/integration-tests/all-platforms/java/maven-sample-xml-mode-disabled/test.expected
@@ -1,4 +1,4 @@
-xmlFiles
 #select
 | src/main/java/com/example/App.java:0:0:0:0 | App |
 | src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
+xmlFiles
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`# Concurrent Maven processes using ~/.m2/repository is not safe, so this test must run sequentially`
				`@@ -0,0 +1 @@`
				`https://repo.maven.apache.org/maven2/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar`
				`@@ -0,0 +1 @@`
				`\| src/main/java/com/fractestexample/Test.java:0:0:0:0 \| Test \|`
				`@@ -0,0 +1 @@`
				`\| Test.java:5:16:5:28 \| x \| Test.java:5:16:5:19 \| Ann \|`