Java: Autoformat.

java/ql/src/Advisory/Documentation/SpuriousJavadocParam.ql

@@ -22,7 +22,8 @@ where
     not exists(TypeVariable tv | tv.getGenericCallable() = callable |
       "<" + tv.getName() + ">" = paramTag.getParamName()
     ) and
-    msg = "@param tag \"" + paramTag.getParamName() + "\" does not match any actual parameter of " +
+    msg =
+      "@param tag \"" + paramTag.getParamName() + "\" does not match any actual parameter of " +
         what + " \"" + callable.getName() + "()\"."
   else
     // The tag has no value at all.

java/ql/src/AlertSuppressionAnnotations.ql

@@ -38,7 +38,8 @@ class SuppressionAnnotation extends SuppressWarningsAnnotation {
   }
 
   private Annotation firstAnnotation() {
-    result = min(this.getASiblingAnnotation() as m
+    result =
+      min(this.getASiblingAnnotation() as m
         order by
           m.getLocation().getStartLine(), m.getLocation().getStartColumn()
       )

java/ql/src/Compatibility/JDK9/JdkInternalsReplacement.qll

@@ -11,18 +11,21 @@ predicate jdkInternalReplacement(string old, string new) {
 }
 
 private predicate jdkInternalReplacement(string r) {
-  r = "com.sun.crypto.provider.SunJCE=Use java.security.Security.getProvider(provider-name) @since 1.3" or
+  r =
+    "com.sun.crypto.provider.SunJCE=Use java.security.Security.getProvider(provider-name) @since 1.3" or
   r = "com.sun.org.apache.xml.internal.security=Use java.xml.crypto @since 1.6" or
   r = "com.sun.org.apache.xml.internal.security.utils.Base64=Use java.util.Base64 @since 1.8" or
   r = "com.sun.org.apache.xml.internal.resolver=Use javax.xml.catalog @since 9" or
   r = "com.sun.net.ssl=Use javax.net.ssl @since 1.4" or
-  r = "com.sun.net.ssl.internal.ssl.Provider=Use java.security.Security.getProvider(provider-name) @since 1.3" or
+  r =
+    "com.sun.net.ssl.internal.ssl.Provider=Use java.security.Security.getProvider(provider-name) @since 1.3" or
   r = "com.sun.rowset=Use javax.sql.rowset.RowSetProvider @since 1.7" or
   r = "com.sun.tools.javac.tree=Use com.sun.source @since 1.6" or
   r = "com.sun.tools.javac=Use javax.tools and javax.lang.model @since 1.6" or
   r = "java.awt.peer=Should not use. See https://bugs.openjdk.java.net/browse/JDK-8037739" or
   r = "java.awt.dnd.peer=Should not use. See https://bugs.openjdk.java.net/browse/JDK-8037739" or
-  r = "jdk.internal.ref.Cleaner=Use java.lang.ref.PhantomReference @since 1.2 or java.lang.ref.Cleaner @since 9" or
+  r =
+    "jdk.internal.ref.Cleaner=Use java.lang.ref.PhantomReference @since 1.2 or java.lang.ref.Cleaner @since 9" or
   r = "sun.awt.CausedFocusEvent=Use java.awt.event.FocusEvent::getCause @since 9" or
   r = "sun.font.FontUtilities=See java.awt.Font.textRequiresLayout @since 9" or
   r = "sun.reflect.Reflection=Use java.lang.StackWalker @since 9" or
@@ -32,10 +35,13 @@ private predicate jdkInternalReplacement(string r) {
   r = "sun.misc.SignalHandler=See http://openjdk.java.net/jeps/260" or
   r = "sun.security.action=Use java.security.PrivilegedAction @since 1.1" or
   r = "sun.security.krb5=Use com.sun.security.jgss" or
-  r = "sun.security.provider.PolicyFile=Use java.security.Policy.getInstance(\"JavaPolicy\", new URIParameter(uri)) @since 1.6" or
+  r =
+    "sun.security.provider.PolicyFile=Use java.security.Policy.getInstance(\"JavaPolicy\", new URIParameter(uri)) @since 1.6" or
   r = "sun.security.provider.Sun=Use java.security.Security.getProvider(provider-name) @since 1.3" or
-  r = "sun.security.util.HostnameChecker=Use javax.net.ssl.SSLParameters.setEndpointIdentificationAlgorithm(\"HTTPS\") @since 1.7 or javax.net.ssl.HttpsURLConnection.setHostnameVerifier() @since 1.4" or
+  r =
-  r = "sun.security.util.SecurityConstants=Use appropriate java.security.Permission subclass @since 1.1" or
+    "sun.security.util.HostnameChecker=Use javax.net.ssl.SSLParameters.setEndpointIdentificationAlgorithm(\"HTTPS\") @since 1.7 or javax.net.ssl.HttpsURLConnection.setHostnameVerifier() @since 1.4" or
+  r =
+    "sun.security.util.SecurityConstants=Use appropriate java.security.Permission subclass @since 1.1" or
   r = "sun.security.x509.X500Name=Use javax.security.auth.x500.X500Principal @since 1.4" or
   r = "sun.tools.jar=Use java.util.jar or jar tool @since 1.2" or
   // Internal APIs removed in JDK 9
@@ -45,7 +51,8 @@ private predicate jdkInternalReplacement(string r) {
   r = "sun.awt.image.codec=Use javax.imageio @since 1.4" or
   r = "sun.misc.BASE64Encoder=Use java.util.Base64 @since 1.8" or
   r = "sun.misc.BASE64Decoder=Use java.util.Base64 @since 1.8" or
-  r = "sun.misc.Cleaner=Use java.lang.ref.PhantomReference @since 1.2 or java.lang.ref.Cleaner @since 9" or
+  r =
+    "sun.misc.Cleaner=Use java.lang.ref.PhantomReference @since 1.2 or java.lang.ref.Cleaner @since 9" or
   r = "sun.misc.Service=Use java.util.ServiceLoader @since 1.6" or
   r = "sun.misc=Removed. See http://openjdk.java.net/jeps/260" or
   r = "sun.reflect=Removed. See http://openjdk.java.net/jeps/260"

java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLocking.ql

@@ -30,7 +30,8 @@ where
     // Non-volatile double-checked locking is ok when the object is immutable and
     // there is only a single non-synchronized field read.
     immutableFieldType(f.getType()) and
-    1 = strictcount(FieldAccess fa |
+    1 =
+      strictcount(FieldAccess fa |
         fa.getField() = f and
         fa.getEnclosingCallable() = sync.getEnclosingCallable() and
         not fa.getEnclosingStmt().getEnclosingStmt*() = sync.getBlock()

java/ql/src/Likely Bugs/Concurrency/InconsistentAccess.ql

@@ -53,9 +53,8 @@ class MyField extends Field {
   }
 
   int getNumSynchedAccesses() {
-    result = count(Expr synched |
+    result =
-        synched = this.getAnAccess() and withinLocalSynchronization(synched)
+      count(Expr synched | synched = this.getAnAccess() and withinLocalSynchronization(synched))
-      )
   }
 
   int getNumAccesses() { result = count(this.getAnAccess()) }

java/ql/src/Likely Bugs/Concurrency/LazyInitStaticField.ql

@@ -51,9 +51,8 @@ class LockObjectField extends Field {
 class ValidSynchStmt extends Stmt {
   ValidSynchStmt() {
     // It's OK to lock the enclosing class.
-    this.(SynchronizedStmt).getExpr().(TypeLiteral).getTypeName().getType() = this
+    this.(SynchronizedStmt).getExpr().(TypeLiteral).getTypeName().getType() =
-          .getEnclosingCallable()
+      this.getEnclosingCallable().getDeclaringType()
-          .getDeclaringType()
     or
     // It's OK to lock on a "lock object field".
     this.(SynchronizedStmt).getExpr().(FieldRead).getField() instanceof LockObjectField

java/ql/src/Likely Bugs/Likely Typos/UnusedFormatArg.ql

@@ -18,7 +18,8 @@ import semmle.code.java.StringFormat
 int getNumberOfReferencedIndices(FormattingCall fmtcall) {
   exists(int maxref, int skippedrefs |
     maxref = max(FormatString fmt | fmtcall.getAFormatString() = fmt | fmt.getMaxFmtSpecIndex()) and
-    skippedrefs = count(int i |
+    skippedrefs =
+      count(int i |
         forex(FormatString fmt | fmtcall.getAFormatString() = fmt |
           i = fmt.getASkippedFmtSpecIndex()
         )

java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql

@@ -67,8 +67,9 @@ where
   (
     // No unchecked operations, so the cast would crash straight away.
     not uncheckedCastType(target) and
-    message = "Impossible downcast: the cast from " + source.getName() + "[] to " + target.getName()
+    message =
-        + "[] will always fail with a ClassCastException."
+      "Impossible downcast: the cast from " + source.getName() + "[] to " + target.getName() +
+        "[] will always fail with a ClassCastException."
     or
     // For unchecked operations, the crash would not occur at the cast site,
     // but only if/when the value is assigned to a variable of different array type.
@@ -80,7 +81,8 @@ where
     returnedFrom(ce, ce.getEnclosingCallable()) and
     ce.getEnclosingCallable().getReturnType().(Array).getElementType() = target and
     not ce.getEnclosingCallable().isPrivate() and
-    message = "Impossible downcast: this is returned by " + ce.getEnclosingCallable().getName() +
+    message =
+      "Impossible downcast: this is returned by " + ce.getEnclosingCallable().getName() +
         " as a value of type " + target.getName() + "[], but the array has type " + source.getName()
         + "[]. Callers of " + ce.getEnclosingCallable().getName() +
         " may fail with a ClassCastException."
@@ -91,8 +93,9 @@ where
       returnedVariableFrom(v, m) and
       m.getReturnType().(Array).getElementType() = target and
       not m.isPrivate() and
-      message = "Impossible downcast: this is assigned to " + v.getName() + " which is returned by "
+      message =
-          + m + " as a value of type " + target.getName() + "[], but the array has type " +
+        "Impossible downcast: this is assigned to " + v.getName() + " which is returned by " + m +
+          " as a value of type " + target.getName() + "[], but the array has type " +
           source.getName() + "[]. Callers of " + m.getName() +
           " may fail with a ClassCastException."
     )

java/ql/src/Likely Bugs/Statements/ReturnValueIgnored.ql

@@ -88,7 +88,8 @@ predicate methodStats(Method m, int used, int total, int percentage) {
 }
 
 int chainedUses(Method m) {
-  result = count(MethodAccess ma, MethodAccess qual |
+  result =
+    count(MethodAccess ma, MethodAccess qual |
       ma.getMethod() = m and
       ma.getQualifier() = qual and
       qual.getMethod() = m

java/ql/src/Metrics/Authors/AuthorsPerFile.ql

@@ -13,7 +13,6 @@ import java
 
 from CompilationUnit u, int num
 where
-  num = strictcount(string s |
+  num =
-      exists(Documentable d | d.getAuthor() = s and d.getCompilationUnit() = u)
+    strictcount(string s | exists(Documentable d | d.getAuthor() = s and d.getCompilationUnit() = u))
-    )
 select u, num

java/ql/src/Metrics/Callables/StatementNestingDepth.ql

@@ -36,5 +36,6 @@ predicate nestingDepth(Stmt s, int depth) {
 
 from Method m, int depth
 where
-  depth = max(Stmt s, int aDepth | s.getEnclosingCallable() = m and nestingDepth(s, aDepth) | aDepth)
+  depth =
+    max(Stmt s, int aDepth | s.getEnclosingCallable() = m and nestingDepth(s, aDepth) | aDepth)
 select m, depth order by depth

java/ql/src/Metrics/Files/FAfferentCoupling.ql

@@ -14,7 +14,8 @@ import java
 
 from CompilationUnit f, int n
 where
-  n = count(File g |
+  n =
+    count(File g |
       exists(Class c | c.fromSource() and c.getCompilationUnit() = f |
         exists(Class d | d.fromSource() and d.getCompilationUnit() = g | depends(d, c))
       )

java/ql/src/Metrics/Files/FCyclomaticComplexity.ql

@@ -14,7 +14,8 @@ import java
 
 from CompilationUnit f, float n
 where
-  n = avg(Callable c, int toAvg |
+  n =
+    avg(Callable c, int toAvg |
       c.getCompilationUnit() = f and toAvg = c.getMetrics().getCyclomaticComplexity()
     |
       toAvg

java/ql/src/Metrics/Files/FEfferentCoupling.ql

@@ -15,7 +15,8 @@ import java
 
 from CompilationUnit f, int n
 where
-  n = count(File g |
+  n =
+    count(File g |
       exists(Class c | c.fromSource() and c.getCompilationUnit() = g |
         exists(Class d | d.fromSource() and d.getCompilationUnit() = f | depends(d, c))
       )

java/ql/src/Metrics/Files/FLinesOfDuplicatedCode.ql

@@ -16,7 +16,8 @@ import external.CodeDuplication
 
 from File f, int n
 where
-  n = count(int line |
+  n =
+    count(int line |
       exists(DuplicateBlock d | d.sourceFile() = f |
         line in [d.sourceStartLine() .. d.sourceEndLine()] and
         not whitelistedLineForDuplication(f, line)

java/ql/src/Metrics/Files/FLinesOfSimilarCode.ql

@@ -14,7 +14,8 @@ import external.CodeDuplication
 
 from File f, int n
 where
-  n = count(int line |
+  n =
+    count(int line |
       exists(SimilarBlock d | d.sourceFile() = f |
         line in [d.sourceStartLine() .. d.sourceEndLine()] and
         not whitelistedLineForDuplication(f, line)

java/ql/src/Metrics/Files/FSelfContainedness.ql

@@ -14,12 +14,14 @@ import java
 
 from CompilationUnit f, float selfContaindness, int efferentSourceCoupling, int efferentCoupling
 where
-  efferentSourceCoupling = count(CompilationUnit g |
+  efferentSourceCoupling =
+    count(CompilationUnit g |
       exists(RefType c | c.fromSource() and c.getCompilationUnit() = g |
         exists(RefType d | d.fromSource() and d.getCompilationUnit() = f | depends(d, c))
       )
     ) and
-  efferentCoupling = count(CompilationUnit g |
+  efferentCoupling =
+    count(CompilationUnit g |
       exists(RefType c | c.getCompilationUnit() = g |
         exists(RefType d | d.fromSource() and d.getCompilationUnit() = f | depends(d, c))
       )

java/ql/src/Metrics/Internal/Extents.qll

@@ -52,7 +52,8 @@ class RangeRefType extends RefType {
   }
 
   private Member lastMember() {
-    result = max(this.getAMember() as m
+    result =
+      max(this.getAMember() as m
         order by
           m.getLocation().getStartLine(), m.getLocation().getStartColumn()
       )

java/ql/src/Metrics/RefTypes/TPercentageOfComments.ql

@@ -15,6 +15,7 @@ import java
 from RefType t, int n
 where
   t.fromSource() and
-  n = (100 * t.getMetrics().getNumberOfCommentLines()) /
+  n =
+    (100 * t.getMetrics().getNumberOfCommentLines()) /
       (t.getMetrics().getNumberOfCommentLines() + t.getMetrics().getNumberOfLinesOfCode())
 select t, n order by n desc

java/ql/src/Performance/InefficientKeySetIterator.ql

@@ -60,8 +60,6 @@ from MethodAccess ma, Method get
 where
   ma.getMethod() = get and
   get.hasName("get") and
-  ma.getAnArgument().(VarAccess).getVariable().(Key).getBase().getBase() = ma
+  ma.getAnArgument().(VarAccess).getVariable().(Key).getBase().getBase() =
-        .getQualifier()
+    ma.getQualifier().(VarAccess).getVariable()
-        .(VarAccess)
-        .getVariable()
 select ma, "Inefficient use of key set iterator instead of entry set iterator."

java/ql/src/Security/CWE/CWE-798/SensitiveApi.qll

@@ -24,8 +24,10 @@ private predicate javaApiCallablePasswordParam(string s) {
   s = "com.sun.net.ssl.KeyManagerFactory;init(KeyStore, char[]);1" or
   s = "com.sun.net.ssl.KeyManagerFactorySpi;engineInit(KeyStore, char[]);1" or
   s = "com.sun.net.ssl.KeyManagerFactorySpiWrapper;engineInit(KeyStore, char[]);1" or
-  s = "com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.PrivateKeyResolver;PrivateKeyResolver(KeyStore, char[]);1" or
+  s =
-  s = "com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.SecretKeyResolver;SecretKeyResolver(KeyStore, char[]);1" or
+    "com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.PrivateKeyResolver;PrivateKeyResolver(KeyStore, char[]);1" or
+  s =
+    "com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.SecretKeyResolver;SecretKeyResolver(KeyStore, char[]);1" or
   s = "com.sun.rowset.JdbcRowSetImpl;JdbcRowSetImpl(String, String, String);2" or
   s = "com.sun.rowset.JdbcRowSetImpl;setPassword(String);0" or
   s = "com.sun.security.auth.module.JndiLoginModule;verifyPassword(String, String);1" or
@@ -33,15 +35,18 @@ private predicate javaApiCallablePasswordParam(string s) {
   s = "com.sun.security.ntlm.Client;Client(String, String, String, String, char[]);4" or
   s = "com.sun.security.ntlm.NTLM;getP2(char[]);0" or
   s = "com.sun.security.ntlm.NTLM;getP1(char[]);0" or
-  s = "com.sun.security.sasl.digest.DigestMD5Base;generateResponseValue(String, String, String, String, String, char[], byte[], byte[], int, byte[]);5" or
+  s =
-  s = "com.sun.security.sasl.digest.DigestMD5Server;generateResponseAuth(String, char[], byte[], int, byte[]);1" or
+    "com.sun.security.sasl.digest.DigestMD5Base;generateResponseValue(String, String, String, String, String, char[], byte[], byte[], int, byte[]);5" or
+  s =
+    "com.sun.security.sasl.digest.DigestMD5Server;generateResponseAuth(String, char[], byte[], int, byte[]);1" or
   s = "com.sun.tools.internal.ws.wscompile.AuthInfo;AuthInfo(URL, String, String);2" or
   s = "java.net.PasswordAuthentication;PasswordAuthentication(String, char[]);1" or
   s = "java.security.KeyStore;setKeyEntry(String, Key, char[], Certificate[]);2" or
   s = "java.security.KeyStore;store(OutputStream, char[]);1" or
   s = "java.security.KeyStore;getKey(String, char[]);1" or
   s = "java.security.KeyStore;load(InputStream, char[]);1" or
-  s = "java.security.KeyStore$PasswordProtection;PasswordProtection(char[], String, AlgorithmParameterSpec);0" or
+  s =
+    "java.security.KeyStore$PasswordProtection;PasswordProtection(char[], String, AlgorithmParameterSpec);0" or
   s = "java.security.KeyStore$PasswordProtection;PasswordProtection(char[]);0" or
   s = "java.security.KeyStoreSpi;engineStore(OutputStream, char[]);1" or
   s = "java.security.KeyStoreSpi;engineLoad(InputStream, char[]);1" or
@@ -66,12 +71,14 @@ private predicate javaApiCallablePasswordParam(string s) {
   s = "sun.net.ftp.impl.FtpClient;login(String, char[]);1" or
   s = "sun.net.ftp.impl.FtpClient;tryLogin(String, char[]);1" or
   s = "sun.net.www.protocol.http.DigestAuthentication;encode(String, char[], MessageDigest);1" or
-  s = "sun.net.www.protocol.http.DigestAuthentication;computeDigest(boolean, String, char[], String, String, String, String, String, String);2" or
+  s =
+    "sun.net.www.protocol.http.DigestAuthentication;computeDigest(boolean, String, char[], String, String, String, String, String, String);2" or
   s = "sun.security.krb5.EncryptionKey;acquireSecretKey(char[], String, int, byte[]);0" or
   s = "sun.security.krb5.EncryptionKey;stringToKey(char[], String, byte[], int);0" or
   s = "sun.security.krb5.EncryptionKey;EncryptionKey(char[], String, String);0" or
   s = "sun.security.krb5.EncryptionKey;acquireSecretKeys(char[], String);0" or
-  s = "sun.security.krb5.EncryptionKey;acquireSecretKey(PrincipalName, char[], int, SaltAndParams);1" or
+  s =
+    "sun.security.krb5.EncryptionKey;acquireSecretKey(PrincipalName, char[], int, SaltAndParams);1" or
   s = "sun.security.krb5.KrbAsRep;decryptUsingPassword(char[], KrbAsReq, PrincipalName);0" or
   s = "sun.security.krb5.internal.crypto.Aes128;stringToKey(char[], String, byte[]);0" or
   s = "sun.security.krb5.internal.crypto.Aes256;stringToKey(char[], String, byte[]);0" or
@@ -109,7 +116,8 @@ private predicate javaApiCallablePasswordParam(string s) {
   s = "sun.security.ssl.KeyManagerFactoryImpl$X509;engineInit(KeyStore, char[]);1" or
   s = "sun.security.ssl.SunX509KeyManagerImpl;SunX509KeyManagerImpl(KeyStore, char[]);1" or
   s = "sun.security.tools.keytool.Main;getNewPasswd(String, char[]);1" or
-  s = "sun.tools.jconsole.ConnectDialog;setConnectionParameters(String, String, int, String, String, String);4" or
+  s =
+    "sun.tools.jconsole.ConnectDialog;setConnectionParameters(String, String, int, String, String, String);4" or
   s = "sun.tools.jconsole.JConsole;addHost(String, int, String, String);3" or
   s = "sun.tools.jconsole.JConsole;addUrl(String, String, String, boolean);2" or
   s = "sun.tools.jconsole.JConsole;addHost(String, int, String, String, boolean);3" or
@@ -136,20 +144,26 @@ predicate javaApiCallableUsernameParam(Callable c, int i) {
 private predicate javaApiCallableUsernameParam(string s) {
   // Auto-generated using an auxiliary query run on the JDK source code.
   s = "com.sun.istack.internal.tools.DefaultAuthenticator$AuthInfo;AuthInfo(URL, String, String);1" or
-  s = "com.sun.jndi.ldap.DigestClientId;DigestClientId(int, String, int, String, Control[], OutputStream, String, String, Object, Hashtable<?,?>);7" or
+  s =
-  s = "com.sun.jndi.ldap.LdapClient;getInstance(boolean, String, int, String, int, int, OutputStream, int, String, Control[], String, String, Object, Hashtable<?,?>);11" or
+    "com.sun.jndi.ldap.DigestClientId;DigestClientId(int, String, int, String, Control[], OutputStream, String, String, Object, Hashtable<?,?>);7" or
-  s = "com.sun.jndi.ldap.LdapPoolManager;getLdapClient(String, int, String, int, int, OutputStream, int, String, Control[], String, String, Object, Hashtable<?,?>);10" or
+  s =
-  s = "com.sun.jndi.ldap.SimpleClientId;SimpleClientId(int, String, int, String, Control[], OutputStream, String, String, Object);7" or
+    "com.sun.jndi.ldap.LdapClient;getInstance(boolean, String, int, String, int, int, OutputStream, int, String, Control[], String, String, Object, Hashtable<?,?>);11" or
+  s =
+    "com.sun.jndi.ldap.LdapPoolManager;getLdapClient(String, int, String, int, int, OutputStream, int, String, Control[], String, String, Object, Hashtable<?,?>);10" or
+  s =
+    "com.sun.jndi.ldap.SimpleClientId;SimpleClientId(int, String, int, String, Control[], OutputStream, String, String, Object);7" or
   s = "com.sun.net.httpserver.BasicAuthenticator;checkCredentials(String, String);0" or
   s = "com.sun.net.httpserver.HttpPrincipal;HttpPrincipal(String, String);0" or
   s = "com.sun.rowset.JdbcRowSetImpl;JdbcRowSetImpl(String, String, String);1" or
   s = "com.sun.security.ntlm.Client;Client(String, String, String, String, char[]);2" or
   s = "com.sun.security.ntlm.Server;getPassword(String, String);1" or
-  s = "com.sun.security.sasl.digest.DigestMD5Server;generateResponseAuth(String, char[], byte[], int, byte[]);0" or
+  s =
+    "com.sun.security.sasl.digest.DigestMD5Server;generateResponseAuth(String, char[], byte[], int, byte[]);0" or
   s = "com.sun.tools.internal.ws.wscompile.AuthInfo;AuthInfo(URL, String, String);1" or
   s = "java.net.PasswordAuthentication;PasswordAuthentication(String, char[]);0" or
   s = "java.sql.DriverManager;getConnection(String, String, String);1" or
-  s = "javax.print.attribute.standard.JobOriginatingUserName;JobOriginatingUserName(String, Locale);0" or
+  s =
+    "javax.print.attribute.standard.JobOriginatingUserName;JobOriginatingUserName(String, Locale);0" or
   s = "javax.print.attribute.standard.RequestingUserName;RequestingUserName(String, Locale);0" or
   s = "javax.sql.ConnectionPoolDataSource;getPooledConnection(String, String);0" or
   s = "javax.sql.DataSource;getConnection(String, String);0" or
@@ -157,7 +171,8 @@ private predicate javaApiCallableUsernameParam(string s) {
   s = "sun.jvmstat.perfdata.monitor.protocol.local.LocalVmManager;LocalVmManager(String);0" or
   s = "sun.jvmstat.perfdata.monitor.protocol.local.PerfDataFile;getFile(String, int);0" or
   s = "sun.jvmstat.perfdata.monitor.protocol.local.PerfDataFile;getTempDirectory(String);0" or
-  s = "sun.jvmstat.perfdata.monitor.protocol.rmi.RemoteVmManager;RemoteVmManager(RemoteHost, String);1" or
+  s =
+    "sun.jvmstat.perfdata.monitor.protocol.rmi.RemoteVmManager;RemoteVmManager(RemoteHost, String);1" or
   s = "sun.misc.Perf;attach(String, int, int);0" or
   s = "sun.misc.Perf;attach(String, int, String);0" or
   s = "sun.misc.Perf;attachImpl(String, int, int);0" or
@@ -167,9 +182,11 @@ private predicate javaApiCallableUsernameParam(string s) {
   s = "sun.net.ftp.impl.FtpClient;login(String, char[], String);0" or
   s = "sun.net.ftp.impl.FtpClient;tryLogin(String, char[]);0" or
   s = "sun.net.ftp.impl.FtpClient;login(String, char[]);0" or
-  s = "sun.net.www.protocol.http.DigestAuthentication;computeDigest(boolean, String, char[], String, String, String, String, String, String);1" or
+  s =
+    "sun.net.www.protocol.http.DigestAuthentication;computeDigest(boolean, String, char[], String, String, String, String, String, String);1" or
   s = "sun.security.acl.PrincipalImpl;PrincipalImpl(String);0" or
-  s = "sun.tools.jconsole.ConnectDialog;setConnectionParameters(String, String, int, String, String, String);3" or
+  s =
+    "sun.tools.jconsole.ConnectDialog;setConnectionParameters(String, String, int, String, String, String);3" or
   s = "sun.tools.jconsole.JConsole;failed(Exception, String, String, String);2" or
   s = "sun.tools.jconsole.JConsole;addHost(String, int, String, String, boolean);2" or
   s = "sun.tools.jconsole.JConsole;addUrl(String, String, String, boolean);1" or
@@ -241,16 +258,22 @@ private predicate javaApiCallableCryptoKeyParam(string s) {
   s = "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher;engineUnwrap(byte[], String, int);0" or
   s = "com.sun.crypto.provider.PCBC;init(boolean, String, byte[], byte[]);2" or
   s = "com.sun.crypto.provider.PKCS12PBECipherCore;implUnwrap(byte[], String, int);0" or
-  s = "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede;engineUnwrap(byte[], String, int);0" or
+  s =
-  s = "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128;engineUnwrap(byte[], String, int);0" or
+    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede;engineUnwrap(byte[], String, int);0" or
-  s = "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40;engineUnwrap(byte[], String, int);0" or
+  s =
-  s = "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128;engineUnwrap(byte[], String, int);0" or
+    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128;engineUnwrap(byte[], String, int);0" or
-  s = "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40;engineUnwrap(byte[], String, int);0" or
+  s =
+    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40;engineUnwrap(byte[], String, int);0" or
+  s =
+    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128;engineUnwrap(byte[], String, int);0" or
+  s =
+    "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40;engineUnwrap(byte[], String, int);0" or
   s = "com.sun.crypto.provider.RC2Cipher;engineUnwrap(byte[], String, int);0" or
   s = "com.sun.crypto.provider.RC2Crypt;init(boolean, String, byte[]);2" or
   s = "com.sun.crypto.provider.RSACipher;engineUnwrap(byte[], String, int);0" or
   s = "com.sun.crypto.provider.SymmetricCipher;init(boolean, String, byte[]);2" or
-  s = "com.sun.crypto.provider.TlsMasterSecretGenerator$TlsMasterSecretKey;TlsMasterSecretKey(byte[], int, int);0" or
+  s =
+    "com.sun.crypto.provider.TlsMasterSecretGenerator$TlsMasterSecretKey;TlsMasterSecretKey(byte[], int, int);0" or
   s = "java.security.KeyStore;setKeyEntry(String, byte[], Certificate[]);1" or
   s = "java.security.KeyStoreSpi;engineSetKeyEntry(String, byte[], Certificate[]);1" or
   s = "java.security.cert.X509CertSelector;setSubjectPublicKey(byte[]);0" or
@@ -270,17 +293,24 @@ private predicate javaApiCallableCryptoKeyParam(string s) {
   s = "javax.crypto.spec.SecretKeySpec;SecretKeySpec(byte[], String);0" or
   s = "javax.crypto.spec.SecretKeySpec;SecretKeySpec(byte[], int, int, String);0" or
   s = "javax.security.auth.kerberos.KerberosKey;KerberosKey(KerberosPrincipal, byte[], int, int);1" or
-  s = "javax.security.auth.kerberos.KerberosTicket;KerberosTicket(byte[], KerberosPrincipal, KerberosPrincipal, byte[], int, boolean[], Date, Date, Date, Date, InetAddress[]);3" or
+  s =
-  s = "javax.security.auth.kerberos.KerberosTicket;init(byte[], KerberosPrincipal, KerberosPrincipal, byte[], int, boolean[], Date, Date, Date, Date, InetAddress[]);3" or
+    "javax.security.auth.kerberos.KerberosTicket;KerberosTicket(byte[], KerberosPrincipal, KerberosPrincipal, byte[], int, boolean[], Date, Date, Date, Date, InetAddress[]);3" or
+  s =
+    "javax.security.auth.kerberos.KerberosTicket;init(byte[], KerberosPrincipal, KerberosPrincipal, byte[], int, boolean[], Date, Date, Date, Date, InetAddress[]);3" or
   s = "javax.security.auth.kerberos.KeyImpl;KeyImpl(byte[], int);0" or
   s = "sun.security.jgss.krb5.CipherHelper;getInitializedDes(boolean, byte[], byte[]);1" or
   s = "sun.security.jgss.krb5.CipherHelper;getDesCbcChecksum(byte[], byte[], byte[], int, int);0" or
   s = "sun.security.jgss.krb5.CipherHelper;getDesEncryptionKey(byte[]);0" or
-  s = "sun.security.jgss.krb5.CipherHelper;desCbcDecrypt(WrapToken, byte[], byte[], int, int, byte[], int);1" or
+  s =
-  s = "sun.security.jgss.krb5.CipherHelper;desCbcDecrypt(WrapToken, byte[], InputStream, int, byte[], int);1" or
+    "sun.security.jgss.krb5.CipherHelper;desCbcDecrypt(WrapToken, byte[], byte[], int, int, byte[], int);1" or
-  s = "sun.security.jgss.krb5.Krb5InitCredential;Krb5InitCredential(Krb5NameElement, byte[], KerberosPrincipal, KerberosPrincipal, byte[], int, boolean[], Date, Date, Date, Date, InetAddress[]);4" or
+  s =
-  s = "sun.security.jgss.krb5.Krb5InitCredential;Krb5InitCredential(Krb5NameElement, Credentials, byte[], KerberosPrincipal, KerberosPrincipal, byte[], int, boolean[], Date, Date, Date, Date, InetAddress[]);5" or
+    "sun.security.jgss.krb5.CipherHelper;desCbcDecrypt(WrapToken, byte[], InputStream, int, byte[], int);1" or
-  s = "sun.security.krb5.Credentials;Credentials(byte[], String, String, byte[], int, boolean[], Date, Date, Date, Date, InetAddress[]);3" or
+  s =
+    "sun.security.jgss.krb5.Krb5InitCredential;Krb5InitCredential(Krb5NameElement, byte[], KerberosPrincipal, KerberosPrincipal, byte[], int, boolean[], Date, Date, Date, Date, InetAddress[]);4" or
+  s =
+    "sun.security.jgss.krb5.Krb5InitCredential;Krb5InitCredential(Krb5NameElement, Credentials, byte[], KerberosPrincipal, KerberosPrincipal, byte[], int, boolean[], Date, Date, Date, Date, InetAddress[]);5" or
+  s =
+    "sun.security.krb5.Credentials;Credentials(byte[], String, String, byte[], int, boolean[], Date, Date, Date, Date, InetAddress[]);3" or
   s = "sun.security.krb5.EncryptionKey;EncryptionKey(int, byte[]);1" or
   s = "sun.security.krb5.EncryptionKey;EncryptionKey(byte[], int, Integer);0" or
   s = "sun.security.krb5.internal.crypto.Aes128;decryptRaw(byte[], int, byte[], byte[], int, int);0" or
@@ -288,34 +318,49 @@ private predicate javaApiCallableCryptoKeyParam(string s) {
   s = "sun.security.krb5.internal.crypto.Aes128;decrypt(byte[], int, byte[], byte[], int, int);0" or
   s = "sun.security.krb5.internal.crypto.Aes128;encryptRaw(byte[], int, byte[], byte[], int, int);0" or
   s = "sun.security.krb5.internal.crypto.Aes128;encrypt(byte[], int, byte[], byte[], int, int);0" or
-  s = "sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType;encrypt(byte[], byte[], byte[], int);1" or
+  s =
+    "sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType;encrypt(byte[], byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType;decrypt(byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType;encrypt(byte[], byte[], int);1" or
-  s = "sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType;decrypt(byte[], byte[], byte[], int);1" or
+  s =
+    "sun.security.krb5.internal.crypto.Aes128CtsHmacSha1EType;decrypt(byte[], byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.Aes256;encrypt(byte[], int, byte[], byte[], int, int);0" or
   s = "sun.security.krb5.internal.crypto.Aes256;decryptRaw(byte[], int, byte[], byte[], int, int);0" or
   s = "sun.security.krb5.internal.crypto.Aes256;calculateChecksum(byte[], int, byte[], int, int);0" or
   s = "sun.security.krb5.internal.crypto.Aes256;encryptRaw(byte[], int, byte[], byte[], int, int);0" or
   s = "sun.security.krb5.internal.crypto.Aes256;decrypt(byte[], int, byte[], byte[], int, int);0" or
-  s = "sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType;encrypt(byte[], byte[], byte[], int);1" or
+  s =
-  s = "sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType;decrypt(byte[], byte[], byte[], int);1" or
+    "sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType;encrypt(byte[], byte[], byte[], int);1" or
+  s =
+    "sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType;decrypt(byte[], byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType;decrypt(byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType;encrypt(byte[], byte[], int);1" or
-  s = "sun.security.krb5.internal.crypto.ArcFourHmac;encryptRaw(byte[], int, byte[], byte[], int, int);0" or
+  s =
-  s = "sun.security.krb5.internal.crypto.ArcFourHmac;decryptRaw(byte[], int, byte[], byte[], int, int, byte[]);0" or
+    "sun.security.krb5.internal.crypto.ArcFourHmac;encryptRaw(byte[], int, byte[], byte[], int, int);0" or
-  s = "sun.security.krb5.internal.crypto.ArcFourHmac;decrypt(byte[], int, byte[], byte[], int, int);0" or
+  s =
-  s = "sun.security.krb5.internal.crypto.ArcFourHmac;decryptSeq(byte[], int, byte[], byte[], int, int);0" or
+    "sun.security.krb5.internal.crypto.ArcFourHmac;decryptRaw(byte[], int, byte[], byte[], int, int, byte[]);0" or
-  s = "sun.security.krb5.internal.crypto.ArcFourHmac;encrypt(byte[], int, byte[], byte[], int, int);0" or
+  s =
-  s = "sun.security.krb5.internal.crypto.ArcFourHmac;calculateChecksum(byte[], int, byte[], int, int);0" or
+    "sun.security.krb5.internal.crypto.ArcFourHmac;decrypt(byte[], int, byte[], byte[], int, int);0" or
-  s = "sun.security.krb5.internal.crypto.ArcFourHmac;encryptSeq(byte[], int, byte[], byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.ArcFourHmac;decryptSeq(byte[], int, byte[], byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.ArcFourHmac;encrypt(byte[], int, byte[], byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.ArcFourHmac;calculateChecksum(byte[], int, byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.ArcFourHmac;encryptSeq(byte[], int, byte[], byte[], int, int);0" or
   s = "sun.security.krb5.internal.crypto.ArcFourHmacEType;decrypt(byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.ArcFourHmacEType;encrypt(byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.ArcFourHmacEType;decrypt(byte[], byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.ArcFourHmacEType;encrypt(byte[], byte[], byte[], int);1" or
-  s = "sun.security.krb5.internal.crypto.CksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
+  s =
-  s = "sun.security.krb5.internal.crypto.CksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
+    "sun.security.krb5.internal.crypto.CksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
-  s = "sun.security.krb5.internal.crypto.Crc32CksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
+  s =
-  s = "sun.security.krb5.internal.crypto.Crc32CksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
+    "sun.security.krb5.internal.crypto.CksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
+  s =
+    "sun.security.krb5.internal.crypto.Crc32CksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
+  s =
+    "sun.security.krb5.internal.crypto.Crc32CksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
   s = "sun.security.krb5.internal.crypto.Des;cbc_encrypt(byte[], byte[], byte[], byte[], boolean);2" or
   s = "sun.security.krb5.internal.crypto.Des;set_parity(byte[]);0" or
   s = "sun.security.krb5.internal.crypto.Des;bad_key(byte[]);0" or
@@ -326,8 +371,10 @@ private predicate javaApiCallableCryptoKeyParam(string s) {
   s = "sun.security.krb5.internal.crypto.Des3;decrypt(byte[], int, byte[], byte[], int, int);0" or
   s = "sun.security.krb5.internal.crypto.Des3;calculateChecksum(byte[], int, byte[], int, int);0" or
   s = "sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType;encrypt(byte[], byte[], int);1" or
-  s = "sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType;encrypt(byte[], byte[], byte[], int);1" or
+  s =
-  s = "sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType;decrypt(byte[], byte[], byte[], int);1" or
+    "sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType;encrypt(byte[], byte[], byte[], int);1" or
+  s =
+    "sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType;decrypt(byte[], byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType;decrypt(byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.DesCbcCrcEType;decrypt(byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.DesCbcCrcEType;encrypt(byte[], byte[], int);1" or
@@ -335,59 +382,94 @@ private predicate javaApiCallableCryptoKeyParam(string s) {
   s = "sun.security.krb5.internal.crypto.DesCbcEType;decrypt(byte[], byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.DesCbcEType;encrypt(byte[], byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.DesCbcEType;decrypt(byte[], byte[], int);1" or
-  s = "sun.security.krb5.internal.crypto.DesMacCksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
+  s =
+    "sun.security.krb5.internal.crypto.DesMacCksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
   s = "sun.security.krb5.internal.crypto.DesMacCksumType;decryptKeyedChecksum(byte[], byte[]);1" or
-  s = "sun.security.krb5.internal.crypto.DesMacCksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
+  s =
-  s = "sun.security.krb5.internal.crypto.DesMacKCksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
+    "sun.security.krb5.internal.crypto.DesMacCksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
-  s = "sun.security.krb5.internal.crypto.DesMacKCksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
+  s =
+    "sun.security.krb5.internal.crypto.DesMacKCksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
+  s =
+    "sun.security.krb5.internal.crypto.DesMacKCksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
   s = "sun.security.krb5.internal.crypto.EType;encrypt(byte[], byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.EType;decrypt(byte[], byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.EType;decrypt(byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.EType;encrypt(byte[], byte[], int);1" or
-  s = "sun.security.krb5.internal.crypto.HmacMd5ArcFourCksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
+  s =
-  s = "sun.security.krb5.internal.crypto.HmacMd5ArcFourCksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
+    "sun.security.krb5.internal.crypto.HmacMd5ArcFourCksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
-  s = "sun.security.krb5.internal.crypto.HmacSha1Aes128CksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
+  s =
-  s = "sun.security.krb5.internal.crypto.HmacSha1Aes128CksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
+    "sun.security.krb5.internal.crypto.HmacMd5ArcFourCksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
-  s = "sun.security.krb5.internal.crypto.HmacSha1Aes256CksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
+  s =
-  s = "sun.security.krb5.internal.crypto.HmacSha1Aes256CksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
+    "sun.security.krb5.internal.crypto.HmacSha1Aes128CksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
-  s = "sun.security.krb5.internal.crypto.HmacSha1Des3KdCksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
+  s =
-  s = "sun.security.krb5.internal.crypto.HmacSha1Des3KdCksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
+    "sun.security.krb5.internal.crypto.HmacSha1Aes128CksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
+  s =
+    "sun.security.krb5.internal.crypto.HmacSha1Aes256CksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
+  s =
+    "sun.security.krb5.internal.crypto.HmacSha1Aes256CksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
+  s =
+    "sun.security.krb5.internal.crypto.HmacSha1Des3KdCksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
+  s =
+    "sun.security.krb5.internal.crypto.HmacSha1Des3KdCksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
   s = "sun.security.krb5.internal.crypto.NullEType;decrypt(byte[], byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.NullEType;decrypt(byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.NullEType;encrypt(byte[], byte[], byte[], int);1" or
   s = "sun.security.krb5.internal.crypto.NullEType;encrypt(byte[], byte[], int);1" or
-  s = "sun.security.krb5.internal.crypto.RsaMd5CksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
+  s =
-  s = "sun.security.krb5.internal.crypto.RsaMd5CksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
+    "sun.security.krb5.internal.crypto.RsaMd5CksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
+  s =
+    "sun.security.krb5.internal.crypto.RsaMd5CksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
   s = "sun.security.krb5.internal.crypto.RsaMd5DesCksumType;decryptKeyedChecksum(byte[], byte[]);1" or
-  s = "sun.security.krb5.internal.crypto.RsaMd5DesCksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
+  s =
-  s = "sun.security.krb5.internal.crypto.RsaMd5DesCksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
+    "sun.security.krb5.internal.crypto.RsaMd5DesCksumType;verifyKeyedChecksum(byte[], int, byte[], byte[], int);2" or
-  s = "sun.security.krb5.internal.crypto.dk.AesDkCrypto;encryptCTS(byte[], int, byte[], byte[], byte[], int, int, boolean);0" or
+  s =
-  s = "sun.security.krb5.internal.crypto.dk.AesDkCrypto;decrypt(byte[], int, byte[], byte[], int, int);0" or
+    "sun.security.krb5.internal.crypto.RsaMd5DesCksumType;calculateKeyedChecksum(byte[], int, byte[], int);2" or
-  s = "sun.security.krb5.internal.crypto.dk.AesDkCrypto;encryptRaw(byte[], int, byte[], byte[], int, int);0" or
+  s =
-  s = "sun.security.krb5.internal.crypto.dk.AesDkCrypto;calculateChecksum(byte[], int, byte[], int, int);0" or
+    "sun.security.krb5.internal.crypto.dk.AesDkCrypto;encryptCTS(byte[], int, byte[], byte[], byte[], int, int, boolean);0" or
-  s = "sun.security.krb5.internal.crypto.dk.AesDkCrypto;encrypt(byte[], int, byte[], byte[], byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.dk.AesDkCrypto;decrypt(byte[], int, byte[], byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.dk.AesDkCrypto;encryptRaw(byte[], int, byte[], byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.dk.AesDkCrypto;calculateChecksum(byte[], int, byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.dk.AesDkCrypto;encrypt(byte[], int, byte[], byte[], byte[], int, int);0" or
   s = "sun.security.krb5.internal.crypto.dk.AesDkCrypto;getHmac(byte[], byte[]);0" or
   s = "sun.security.krb5.internal.crypto.dk.AesDkCrypto;getCipher(byte[], byte[], int);0" or
-  s = "sun.security.krb5.internal.crypto.dk.AesDkCrypto;decryptRaw(byte[], int, byte[], byte[], int, int);0" or
+  s =
-  s = "sun.security.krb5.internal.crypto.dk.AesDkCrypto;decryptCTS(byte[], int, byte[], byte[], int, int, boolean);0" or
+    "sun.security.krb5.internal.crypto.dk.AesDkCrypto;decryptRaw(byte[], int, byte[], byte[], int, int);0" or
-  s = "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;decryptSeq(byte[], int, byte[], byte[], int, int);0" or
+  s =
-  s = "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;decryptRaw(byte[], int, byte[], byte[], int, int, byte[]);0" or
+    "sun.security.krb5.internal.crypto.dk.AesDkCrypto;decryptCTS(byte[], int, byte[], byte[], int, int, boolean);0" or
-  s = "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;decrypt(byte[], int, byte[], byte[], int, int);0" or
+  s =
-  s = "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;encryptRaw(byte[], int, byte[], byte[], int, int);0" or
+    "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;decryptSeq(byte[], int, byte[], byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;decryptRaw(byte[], int, byte[], byte[], int, int, byte[]);0" or
+  s =
+    "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;decrypt(byte[], int, byte[], byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;encryptRaw(byte[], int, byte[], byte[], int, int);0" or
   s = "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;getCipher(byte[], byte[], int);0" or
-  s = "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;encryptSeq(byte[], int, byte[], byte[], int, int);0" or
+  s =
-  s = "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;calculateChecksum(byte[], int, byte[], int, int);0" or
+    "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;encryptSeq(byte[], int, byte[], byte[], int, int);0" or
-  s = "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;encrypt(byte[], int, byte[], byte[], byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;calculateChecksum(byte[], int, byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;encrypt(byte[], int, byte[], byte[], byte[], int, int);0" or
   s = "sun.security.krb5.internal.crypto.dk.ArcFourCrypto;getHmac(byte[], byte[]);0" or
   s = "sun.security.krb5.internal.crypto.dk.Des3DkCrypto;keyCorrection(byte[]);0" or
   s = "sun.security.krb5.internal.crypto.dk.Des3DkCrypto;getCipher(byte[], byte[], int);0" or
   s = "sun.security.krb5.internal.crypto.dk.Des3DkCrypto;getHmac(byte[], byte[]);0" or
   s = "sun.security.krb5.internal.crypto.dk.Des3DkCrypto;setParityBit(byte[]);0" or
-  s = "sun.security.krb5.internal.crypto.dk.DkCrypto;encrypt(byte[], int, byte[], byte[], byte[], int, int);0" or
+  s =
-  s = "sun.security.krb5.internal.crypto.dk.DkCrypto;decrypt(byte[], int, byte[], byte[], int, int);0" or
+    "sun.security.krb5.internal.crypto.dk.DkCrypto;encrypt(byte[], int, byte[], byte[], byte[], int, int);0" or
-  s = "sun.security.krb5.internal.crypto.dk.DkCrypto;encryptRaw(byte[], int, byte[], byte[], int, int);0" or
+  s =
-  s = "sun.security.krb5.internal.crypto.dk.DkCrypto;calculateChecksum(byte[], int, byte[], int, int);0" or
+    "sun.security.krb5.internal.crypto.dk.DkCrypto;decrypt(byte[], int, byte[], byte[], int, int);0" or
-  s = "sun.security.krb5.internal.crypto.dk.DkCrypto;decryptRaw(byte[], int, byte[], byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.dk.DkCrypto;encryptRaw(byte[], int, byte[], byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.dk.DkCrypto;calculateChecksum(byte[], int, byte[], int, int);0" or
+  s =
+    "sun.security.krb5.internal.crypto.dk.DkCrypto;decryptRaw(byte[], int, byte[], byte[], int, int);0" or
   s = "sun.security.krb5.internal.crypto.dk.DkCrypto;getHmac(byte[], byte[]);0" or
   s = "sun.security.krb5.internal.crypto.dk.DkCrypto;getCipher(byte[], byte[], int);0" or
   s = "sun.security.krb5.internal.crypto.dk.DkCrypto;dk(byte[], byte[]);0" or
@@ -423,6 +505,8 @@ predicate otherApiCallableCredentialParam(Callable c, int i) {
 private predicate otherApiCallableCredentialParam(string s) {
   s = "javax.crypto.spec.IvParameterSpec;IvParameterSpec(byte[]);0" or
   s = "javax.crypto.spec.IvParameterSpec;IvParameterSpec(byte[], int, int);0" or
-  s = "org.springframework.security.core.userdetails.User;User(String, String, boolean, boolean, boolean, boolean, Collection<? extends GrantedAuthority>);0" or
+  s =
-  s = "org.springframework.security.core.userdetails.User;User(String, String, boolean, boolean, boolean, boolean, Collection<? extends GrantedAuthority>);1"
+    "org.springframework.security.core.userdetails.User;User(String, String, boolean, boolean, boolean, boolean, Collection<? extends GrantedAuthority>);0" or
+  s =
+    "org.springframework.security.core.userdetails.User;User(String, String, boolean, boolean, boolean, boolean, Collection<? extends GrantedAuthority>);1"
 }

java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql

@@ -64,8 +64,8 @@ where
   forall(Expr e | e = v.getAnAssignedValue() | e.getType() = v.getPrimitiveType()) and
   (
     not v.getDeclExpr().getParent() instanceof EnhancedForStmt or
-    v.getDeclExpr().getParent().(EnhancedForStmt).getExpr().getType().(Array).getComponentType() = v
+    v.getDeclExpr().getParent().(EnhancedForStmt).getExpr().getType().(Array).getComponentType() =
-          .getPrimitiveType()
+      v.getPrimitiveType()
   ) and
   notDeliberatelyBoxed(v) and
   not affectsOverload(v)

java/ql/src/Violations of Best Practice/Comments/CommentedCode.qll

@@ -35,7 +35,8 @@ private predicate looksLikeCode(JavadocText line) {
  * - HTML entities in hexadecimal notation (e.g. `灟`)
  */
 private string trimmedCommentText(JavadocText line) {
-  result = line
+  result =
+    line
         .getText()
         .trim()
         .regexpReplaceAll("\\s*//.*$", "")
@@ -74,7 +75,8 @@ private class JavadocFirst extends Javadoc {
  * The number of lines that look like code in the comment `first`, or ones that follow it.
  */
 private int codeCount(JavadocFirst first) {
-  result = sum(Javadoc following |
+  result =
+    sum(Javadoc following |
       following = getNextComment*(first) and not hasCodeTags(following)
     |
       count(JavadocText line | line = following.getAChild() and looksLikeCode(line))
@@ -85,7 +87,8 @@ private int codeCount(JavadocFirst first) {
  * The number of lines in the comment `first`, or ones that follow it.
  */
 private int anyCount(JavadocFirst first) {
-  result = sum(Javadoc following |
+  result =
+    sum(Javadoc following |
       following = getNextComment*(first) and not hasCodeTags(following)
     |
       count(JavadocText line |

java/ql/src/Violations of Best Practice/Magic Constants/MagicConstants.qll

@@ -308,7 +308,8 @@ predicate isNumber(Literal lit) {
 predicate magicConstant(Literal e, string msg) {
   exists(string value, int n, string context |
     firstOccurrence(e, value, context, n) and
-    msg = "Magic constant: literal '" + value + "' is used " + n.toString() + " times in calls to " +
+    msg =
+      "Magic constant: literal '" + value + "' is used " + n.toString() + " times in calls to " +
         context
   )
 }
@@ -399,8 +400,9 @@ predicate literalInsteadOfConstant(
 ) {
   exists(string context |
     canUseFieldInsteadOfLiteral(constField, magicLiteral, context) and
-    message = "Literal value '" + magicLiteral.getLiteral() + "' used " + " in a call to " + context
+    message =
-        + "; consider using the defined constant $@." and
+      "Literal value '" + magicLiteral.getLiteral() + "' used " + " in a call to " + context +
+        "; consider using the defined constant $@." and
     linkText = constField.getName() and
     (
       constField.getCompilationUnit() = magicLiteral.getCompilationUnit() or

java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsFieldConfusing.ql

@@ -21,12 +21,14 @@ where
   (if callable instanceof Constructor then callableType = "" else callableType = "method ") and
   (
     confusingAccess(d, f) and
-    message = "Confusing name: " + callableType +
+    message =
+      "Confusing name: " + callableType +
         "$@ also refers to field $@ (without qualifying it with 'this')."
     or
     thisAccess(d, f) and
     not confusingAccess(d, f) and
-    message = "Potentially confusing name: " + callableType + "$@ also refers to field $@ (as this."
+    message =
-        + f.getName() + ")."
+      "Potentially confusing name: " + callableType + "$@ also refers to field $@ (as this." +
+        f.getName() + ")."
   )
 select d, message, callable, callable.getName(), f, f.getName()

java/ql/src/Violations of Best Practice/legacy/AutoBoxing.ql

@@ -79,7 +79,7 @@ where
   unboxed(e) and conv = "This expression is implicitly unboxed."
   or
   exists(Variable v | rebox(e, v) |
-    conv = "This expression implicitly unboxes, updates, and reboxes the value of '" + v.getName() +
+    conv =
-        "'."
+      "This expression implicitly unboxes, updates, and reboxes the value of '" + v.getName() + "'."
   )
 select e, conv

java/ql/src/external/CodeDuplication.qll

@@ -108,7 +108,8 @@ predicate similarLines(File f, int line) {
 }
 
 private predicate similarLinesPerEquivalenceClass(int equivClass, int lines, File f) {
-  lines = strictsum(SimilarBlock b, int toSum |
+  lines =
+    strictsum(SimilarBlock b, int toSum |
       (b.sourceFile() = f and b.getEquivalenceClass() = equivClass) and
       toSum = b.sourceLines()
     |
@@ -120,7 +121,8 @@ pragma[noopt]
 private predicate similarLinesCovered(File f, int coveredLines, File otherFile) {
   exists(int numLines | numLines = f.getTotalNumberOfLines() |
     exists(int coveredApprox |
-      coveredApprox = strictsum(int num |
+      coveredApprox =
+        strictsum(int num |
           exists(int equivClass |
             similarLinesPerEquivalenceClass(equivClass, num, f) and
             similarLinesPerEquivalenceClass(equivClass, num, otherFile) and
@@ -143,7 +145,8 @@ predicate duplicateLines(File f, int line) {
 }
 
 private predicate duplicateLinesPerEquivalenceClass(int equivClass, int lines, File f) {
-  lines = strictsum(DuplicateBlock b, int toSum |
+  lines =
+    strictsum(DuplicateBlock b, int toSum |
       (b.sourceFile() = f and b.getEquivalenceClass() = equivClass) and
       toSum = b.sourceLines()
     |
@@ -155,7 +158,8 @@ pragma[noopt]
 private predicate duplicateLinesCovered(File f, int coveredLines, File otherFile) {
   exists(int numLines | numLines = f.getTotalNumberOfLines() |
     exists(int coveredApprox |
-      coveredApprox = strictsum(int num |
+      coveredApprox =
+        strictsum(int num |
           exists(int equivClass |
             duplicateLinesPerEquivalenceClass(equivClass, num, f) and
             duplicateLinesPerEquivalenceClass(equivClass, num, otherFile) and
@@ -192,7 +196,8 @@ predicate duplicateFiles(File f, File other, int percent) {
 
 predicate duplicateAnonymousClass(AnonymousClass c, AnonymousClass other) {
   exists(int numDup |
-    numDup = strictcount(Method m1 |
+    numDup =
+      strictcount(Method m1 |
         exists(Method m2 |
           duplicateMethod(m1, m2) and
           m1 = sourceMethod() and
@@ -209,7 +214,8 @@ predicate duplicateAnonymousClass(AnonymousClass c, AnonymousClass other) {
 
 pragma[noopt]
 predicate mostlyDuplicateClassBase(Class c, Class other, int numDup, int total) {
-  numDup = strictcount(Method m1 |
+  numDup =
+    strictcount(Method m1 |
       exists(Method m2 |
         duplicateMethod(m1, m2) and
         m1 = sourceMethod() and

java/ql/src/external/DefectFilter.qll

@@ -48,7 +48,8 @@ class DefectResult extends int {
 
   /** Gets the URL corresponding to the location of this query result. */
   string getURL() {
-    result = "file://" + getFile().getAbsolutePath() + ":" + getStartLine() + ":" + getStartColumn()
+    result =
-        + ":" + getEndLine() + ":" + getEndColumn()
+      "file://" + getFile().getAbsolutePath() + ":" + getStartLine() + ":" + getStartColumn() + ":" +
+        getEndLine() + ":" + getEndColumn()
   }
 }

java/ql/src/external/MetricFilter.qll

@@ -37,7 +37,8 @@ class MetricResult extends int {
   float getValue() { metricResults(this, _, _, _, _, _, _, result) }
 
   string getURL() {
-    result = "file://" + getFile().getAbsolutePath() + ":" + getStartLine() + ":" + getStartColumn()
+    result =
-        + ":" + getEndLine() + ":" + getEndColumn()
+      "file://" + getFile().getAbsolutePath() + ":" + getStartLine() + ":" + getStartColumn() + ":" +
+        getEndLine() + ":" + getEndColumn()
   }
 }

java/ql/src/semmle/code/java/Concurrency.qll

@@ -14,7 +14,8 @@ predicate locallySynchronizedOn(Expr e, SynchronizedStmt sync, Variable v) {
  */
 predicate locallySynchronizedOnThis(Expr e, RefType thisType) {
   exists(SynchronizedStmt sync | e.getEnclosingStmt().getEnclosingStmt+() = sync |
-    sync.getExpr().getProperExpr().(ThisAccess).getType().(RefType).getSourceDeclaration() = thisType
+    sync.getExpr().getProperExpr().(ThisAccess).getType().(RefType).getSourceDeclaration() =
+      thisType
   )
   or
   exists(SynchronizedCallable c | c = e.getEnclosingCallable() |

java/ql/src/semmle/code/java/DependencyCounts.qll

@@ -27,7 +27,8 @@ predicate numDepends(RefType t, RefType dep, int value) {
   not isRaw(t) and
   not t = dep and
   // Type `t` depends on:
-  value = strictcount(Element elem |
+  value =
+    strictcount(Element elem |
       // its supertypes,
       exists(RefType s | elem = s and t.hasSupertype(s) | usesType(s, dep))
       or
@@ -106,7 +107,8 @@ predicate numDepends(RefType t, RefType dep, int value) {
 
 predicate filePackageDependencyCount(File sourceFile, int total, string entity) {
   exists(Package targetPackage |
-    total = strictsum(RefType sourceType, RefType targetType, int num |
+    total =
+      strictsum(RefType sourceType, RefType targetType, int num |
         sourceType.getFile() = sourceFile and
         sourceType.fromSource() and
         sourceType.getPackage() != targetPackage and
@@ -141,7 +143,8 @@ predicate fileJarDependencyCount(File sourceFile, int total, string entity) {
     targetJar.(File).getExtension() = "jar" and
     jarStem != "rt"
   |
-    total = strictsum(RefType r, RefType dep, int num |
+    total =
+      strictsum(RefType r, RefType dep, int num |
         r.getFile() = sourceFile and
         r.fromSource() and
         dep.getFile().getParentContainer*() = targetJar and

java/ql/src/semmle/code/java/Expr.qll

@@ -171,7 +171,8 @@ class CompileTimeConstantExpr extends Expr {
     or
     result = this.(ParExpr).getExpr().(CompileTimeConstantExpr).getStringValue()
     or
-    result = this.(AddExpr).getLeftOperand().(CompileTimeConstantExpr).getStringValue() +
+    result =
+      this.(AddExpr).getLeftOperand().(CompileTimeConstantExpr).getStringValue() +
         this.(AddExpr).getRightOperand().(CompileTimeConstantExpr).getStringValue()
     or
     // Ternary conditional, with compile-time constant condition.

java/ql/src/semmle/code/java/Generics.qll

@@ -332,7 +332,8 @@ class ParameterizedType extends RefType {
 
   /** Gets the number of type arguments of this parameterized type. */
   int getNumberOfTypeArguments() {
-    result = count(int pos |
+    result =
+      count(int pos |
         typeArgs(_, pos, this) or
         typeVars(_, _, pos, _, this)
       )

java/ql/src/semmle/code/java/Modules.qll

@@ -190,7 +190,8 @@ class ProvidesDirective extends Directive, @provides {
   string getServiceImplementationName() { providesWith(this, result) }
 
   override string toString() {
-    result = "provides " + getServiceInterfaceName() + " with " +
+    result =
+      "provides " + getServiceInterfaceName() + " with " +
         concat(getServiceImplementationName(), ", ") + ";"
   }
 }

java/ql/src/semmle/code/java/StringFormat.qll

@@ -175,7 +175,8 @@ class FormattingCall extends Call {
     then
       exists(Expr arg | arg = this.getArgument(1 + this.getFormatStringIndex()) |
         result = arg.(ArrayCreationExpr).getFirstDimensionSize() or
-        result = arg
+        result =
+          arg
               .(VarAccess)
               .getVariable()
               .getAnAssignedValue()
@@ -410,7 +411,8 @@ private class PrintfFormatString extends FormatString {
   }
 
   override int getMaxFmtSpecIndex() {
-    result = max(int ix |
+    result =
+      max(int ix |
         ix = fmtSpecRefersToSpecificIndex(_) or
         ix = count(int i | fmtSpecRefersToSequentialIndex(i))
       )

java/ql/src/semmle/code/java/Type.qll

@@ -524,7 +524,8 @@ class RefType extends Type, Annotatable, Modifiable, @reftype {
    * Gets the JVM descriptor for this type, as used in bytecode.
    */
   override string getTypeDescriptor() {
-    result = "L" + this.getPackage().getName().replaceAll(".", "/") + "/" +
+    result =
+      "L" + this.getPackage().getName().replaceAll(".", "/") + "/" +
         this.getSourceDeclaration().nestedName() + ";"
   }
 

java/ql/src/semmle/code/java/UnitTests.qll

@@ -160,20 +160,15 @@ class TestNGTestMethod extends Method {
     exists(TestNGTestAnnotation testAnnotation |
       testAnnotation = getAnAnnotation() and
       // The data provider must have the same name as the referenced data provider
-      result.getDataProviderName() = testAnnotation
+      result.getDataProviderName() =
-            .getValue("dataProvider")
+        testAnnotation.getValue("dataProvider").(StringLiteral).getRepresentedString()
-            .(StringLiteral)
-            .getRepresentedString()
     |
       // Either the data provider should be on the current class, or a supertype
       getDeclaringType().getAnAncestor() = result.getDeclaringType()
       or
       // Or the data provider class should be declared
-      result.getDeclaringType() = testAnnotation
+      result.getDeclaringType() =
-            .getValue("dataProviderClass")
+        testAnnotation.getValue("dataProviderClass").(TypeLiteral).getTypeName().getType()
-            .(TypeLiteral)
-            .getTypeName()
-            .getType()
     )
   }
 }
@@ -257,7 +252,8 @@ class TestNGDataProviderMethod extends Method {
    * Gets the name associated with this data provider.
    */
   string getDataProviderName() {
-    result = getAnAnnotation()
+    result =
+      getAnAnnotation()
           .(TestNGDataProviderAnnotation)
           .getValue("name")
           .(StringLiteral)

java/ql/src/semmle/code/java/dataflow/ModulusAnalysis.qll

@@ -149,11 +149,8 @@ private predicate rankedPhiInput(
   SsaPhiNode phi, SsaVariable inp, SsaReadPositionPhiInputEdge edge, int r
 ) {
   edge.phiInput(phi, inp) and
-  edge = rank[r](SsaReadPositionPhiInputEdge e |
+  edge =
-      e.phiInput(phi, _)
+    rank[r](SsaReadPositionPhiInputEdge e | e.phiInput(phi, _) | e order by getId(e.getOrigBlock()))
-    |
-      e order by getId(e.getOrigBlock())
-    )
 }
 
 /**

java/ql/src/semmle/code/java/dataflow/SSA.qll

@@ -105,7 +105,8 @@ class SsaSourceVariable extends TSsaSourceVariable {
    * not have a specific source code location.
    */
   private VarAccess getFirstAccess() {
-    result = min(this.getAnAccess() as a
+    result =
+      min(this.getAnAccess() as a
         order by
           a.getLocation().getStartLine(), a.getLocation().getStartColumn()
       )
@@ -450,7 +451,8 @@ private module SsaImpl {
    */
   private predicate callDefUseRank(TrackedField f, BasicBlock b, int rankix, int i) {
     updateCandidate(f, _, b, _) and
-    i = rank[rankix](int j |
+    i =
+      rank[rankix](int j |
         certainVariableUpdate(f, _, b, j) or
         variableUseOrCapture(f, b, j) or
         updateCandidate(f, _, b, j)
@@ -612,7 +614,8 @@ private module SsaImpl {
      * basic blocks.
      */
     private predicate defUseRank(TrackedVar v, BasicBlock b, int rankix, int i) {
-      i = rank[rankix](int j |
+      i =
+        rank[rankix](int j |
           any(TrackedSsaDef def).definesAt(v, b, j) or variableUseOrCapture(v, b, j)
         )
     }

java/ql/src/semmle/code/java/dataflow/TypeFlow.qll

@@ -151,7 +151,8 @@ private predicate joinStep(TypeFlowNode n1, TypeFlowNode n2) {
 }
 
 private predicate joinStepRank1(int r, TypeFlowNode n1, TypeFlowNode n2) {
-  n1 = rank[r](TypeFlowNode n |
+  n1 =
+    rank[r](TypeFlowNode n |
       joinStep(n, n2)
     |
       n order by n.getLocation().getStartLine(), n.getLocation().getStartColumn()

java/ql/src/semmle/code/java/dataflow/internal/BaseSSA.qll

@@ -188,7 +188,8 @@ private module SsaImpl {
      * basic blocks.
      */
     private predicate defUseRank(BaseSsaSourceVariable v, BasicBlock b, int rankix, int i) {
-      i = rank[rankix](int j |
+      i =
+        rank[rankix](int j |
           any(TrackedSsaDef def).definesAt(v, b, j) or variableUseOrCapture(v, b, j)
         )
     }

java/ql/src/semmle/code/java/dataflow/internal/DataFlowPrivate.qll

@@ -100,8 +100,8 @@ private predicate variableCaptureStep(Node node1, ExprNode node2) {
     not exists(captured.getAUse()) and
     exists(SsaVariable capturedDef | capturedDef = captured.getAnUltimateDefinition() |
       capturedDef.(SsaImplicitInit).isParameterDefinition(node1.asParameter()) or
-      capturedDef.(SsaExplicitUpdate).getDefiningExpr().(VariableAssign).getSource() = node1
+      capturedDef.(SsaExplicitUpdate).getDefiningExpr().(VariableAssign).getSource() =
-            .asExpr() or
+        node1.asExpr() or
       capturedDef.(SsaExplicitUpdate).getDefiningExpr().(AssignOp) = node1.asExpr()
     )
   )

java/ql/src/semmle/code/java/dispatch/WrappedInvocation.qll

@@ -37,7 +37,8 @@ class FunctionalInterface extends Interface {
  * `n`th parameter.
  */
 private predicate runner(Method m, int n, Method runmethod) {
-  m.getParameterType(n).(RefType).getSourceDeclaration().(FunctionalInterface).getRunMethod() = runmethod and
+  m.getParameterType(n).(RefType).getSourceDeclaration().(FunctionalInterface).getRunMethod() =
+    runmethod and
   (
     m.isNative()
     or

java/ql/src/semmle/code/java/frameworks/Mockito.qll

@@ -288,7 +288,8 @@ class MockitoSpiedField extends MockitoAnnotatedField {
 }
 
 private int mockableParameterCount(Constructor constructor) {
-  result = count(Parameter p |
+  result =
+    count(Parameter p |
       p = constructor.getAParameter() and p.getType() instanceof MockitoMockableType
     )
 }

java/ql/src/semmle/code/java/frameworks/gwt/GwtUiBinder.qll

@@ -58,7 +58,8 @@ class GwtUiHandler extends Method {
    * Gets the name of the field for which this handler is registered.
    */
   string getFieldName() {
-    result = getAnAnnotation()
+    result =
+      getAnAnnotation()
           .(GwtUiHandlerAnnotation)
           .getValue("value")
           .(CompileTimeConstantExpr)

java/ql/src/semmle/code/java/frameworks/jackson/JacksonSerializability.qll

@@ -207,8 +207,8 @@ class JacksonMixedInCallable extends Callable {
       then
         // The mixed in type will have a different name to the target type, so just compare the
         // parameters.
-        result.getSignature().suffix(targetType.getName().length()) = getSignature()
+        result.getSignature().suffix(targetType.getName().length()) =
-              .suffix(getDeclaringType().getName().length())
+          getSignature().suffix(getDeclaringType().getName().length())
       else
         // Signatures should match
         result.getSignature() = getSignature()

java/ql/src/semmle/code/java/frameworks/javaee/Persistence.qll

@@ -33,13 +33,8 @@ class PersistentEntity extends RefType {
    */
   string getAccessTypeFromAnnotation() {
     exists(AccessAnnotation accessType | accessType = getAnAnnotation() |
-      result = accessType
+      result =
-            .getValue("value")
+        accessType.getValue("value").(FieldRead).getField().(EnumConstant).getName().toLowerCase()
-            .(FieldRead)
-            .getField()
-            .(EnumConstant)
-            .getName()
-            .toLowerCase()
     )
   }
 }

java/ql/src/semmle/code/java/frameworks/javaee/PersistenceXML.qll

@@ -14,11 +14,8 @@ class PersistenceXMLFile extends XMLFile {
   }
 
   PersistencePropertyElement getAPropertyElement() {
-    result = this
+    result =
-          .getRoot()
+      this.getRoot().getAPersistenceUnitElement().getAPropertiesElement().getAPropertyElement()
-          .getAPersistenceUnitElement()
-          .getAPropertiesElement()
-          .getAPropertyElement()
   }
 }
 

java/ql/src/semmle/code/java/frameworks/javaee/ejb/EJB.qll

@@ -21,11 +21,8 @@ class SessionEJB extends EJB {
     this.getAnAnnotation().getType().hasName("Stateful") or
     // XML deployment descriptor.
     exists(EjbJarXMLFile f |
-      this.getQualifiedName() = f
+      this.getQualifiedName() =
-            .getASessionElement()
+        f.getASessionElement().getAnEjbClassElement().getACharactersSet().getCharacters()
-            .getAnEjbClassElement()
-            .getACharactersSet()
-            .getCharacters()
     )
   }
 
@@ -160,11 +157,8 @@ class MessageDrivenBean extends EJB {
     or
     // XML deployment descriptor.
     exists(EjbJarXMLFile f |
-      this.getQualifiedName() = f
+      this.getQualifiedName() =
-            .getAMessageDrivenElement()
+        f.getAMessageDrivenElement().getAnEjbClassElement().getACharactersSet().getCharacters()
-            .getAnEjbClassElement()
-            .getACharactersSet()
-            .getCharacters()
     )
   }
 }
@@ -179,11 +173,8 @@ class EntityEJB extends EJB {
     or
     // XML deployment descriptor.
     exists(EjbJarXMLFile f |
-      this.getQualifiedName() = f
+      this.getQualifiedName() =
-            .getAnEntityElement()
+        f.getAnEntityElement().getAnEjbClassElement().getACharactersSet().getCharacters()
-            .getAnEjbClassElement()
-            .getACharactersSet()
-            .getCharacters()
     )
   }
 }
@@ -253,11 +244,8 @@ abstract class BusinessInterface extends Interface {
 class XmlSpecifiedBusinessInterface extends BusinessInterface {
   XmlSpecifiedBusinessInterface() {
     exists(EjbJarXMLFile f |
-      this.getQualifiedName() = f
+      this.getQualifiedName() =
-            .getASessionElement()
+        f.getASessionElement().getABusinessElement().getACharactersSet().getCharacters()
-            .getABusinessElement()
-            .getACharactersSet()
-            .getCharacters()
     )
   }
 
@@ -271,21 +259,15 @@ class XmlSpecifiedBusinessInterface extends BusinessInterface {
 
   override predicate isLocal() {
     exists(EjbJarXMLFile f |
-      this.getQualifiedName() = f
+      this.getQualifiedName() =
-            .getASessionElement()
+        f.getASessionElement().getABusinessLocalElement().getACharactersSet().getCharacters()
-            .getABusinessLocalElement()
-            .getACharactersSet()
-            .getCharacters()
     )
   }
 
   override predicate isRemote() {
     exists(EjbJarXMLFile f |
-      this.getQualifiedName() = f
+      this.getQualifiedName() =
-            .getASessionElement()
+        f.getASessionElement().getABusinessRemoteElement().getACharactersSet().getCharacters()
-            .getABusinessRemoteElement()
-            .getACharactersSet()
-            .getCharacters()
     )
   }
 }
@@ -411,11 +393,8 @@ class ExtendedRemoteInterface extends LegacyEjbRemoteInterface, RemoteEJBInterfa
 class XmlSpecifiedRemoteInterface extends LegacyEjbRemoteInterface {
   XmlSpecifiedRemoteInterface() {
     exists(EjbJarXMLFile f |
-      this.getQualifiedName() = f
+      this.getQualifiedName() =
-            .getASessionElement()
+        f.getASessionElement().getARemoteElement().getACharactersSet().getCharacters()
-            .getARemoteElement()
-            .getACharactersSet()
-            .getCharacters()
     )
   }
 
@@ -451,11 +430,8 @@ class AnnotatedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
 class XmlSpecifiedRemoteHomeInterface extends LegacyEjbRemoteHomeInterface {
   XmlSpecifiedRemoteHomeInterface() {
     exists(EjbJarXMLFile f |
-      this.getQualifiedName() = f
+      this.getQualifiedName() =
-            .getASessionElement()
+        f.getASessionElement().getARemoteHomeElement().getACharactersSet().getCharacters()
-            .getARemoteHomeElement()
-            .getACharactersSet()
-            .getCharacters()
     )
   }
 
@@ -479,11 +455,8 @@ class ExtendedLocalInterface extends LegacyEjbLocalInterface, LocalEJBInterface
 class XmlSpecifiedLocalInterface extends LegacyEjbLocalInterface {
   XmlSpecifiedLocalInterface() {
     exists(EjbJarXMLFile f |
-      this.getQualifiedName() = f
+      this.getQualifiedName() =
-            .getASessionElement()
+        f.getASessionElement().getALocalElement().getACharactersSet().getCharacters()
-            .getALocalElement()
-            .getACharactersSet()
-            .getCharacters()
     )
   }
 
@@ -520,11 +493,8 @@ class AnnotatedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
 class XmlSpecifiedLocalHomeInterface extends LegacyEjbLocalHomeInterface {
   XmlSpecifiedLocalHomeInterface() {
     exists(EjbJarXMLFile f |
-      this.getQualifiedName() = f
+      this.getQualifiedName() =
-            .getASessionElement()
+        f.getASessionElement().getALocalHomeElement().getACharactersSet().getCharacters()
-            .getALocalHomeElement()
-            .getACharactersSet()
-            .getCharacters()
     )
   }
 

java/ql/src/semmle/code/java/frameworks/spring/SpringBeanFile.qll

@@ -34,12 +34,8 @@ class SpringBeanFile extends XMLFile {
    * applicable to any profile.
    */
   string getAProfileExpr() {
-    result = getBeansElement()
+    result =
-          .getAttribute("profile")
+      getBeansElement().getAttribute("profile").getValue().splitAt(",").splitAt(" ").splitAt(";") and
-          .getValue()
-          .splitAt(",")
-          .splitAt(" ")
-          .splitAt(";") and
     result.length() != 0
   }
 

java/ql/src/semmle/code/java/frameworks/spring/SpringComponentScan.qll

@@ -60,7 +60,8 @@ class SpringBasePackage extends string {
       // Interpret the contexts of the `web.xml` "contextConfigLocation" parameter as a base package,
       // but only if the appropriate context class is chosen.
       exists(WebXMLFile webXML |
-        webXML.getContextParamValue("contextClass") = "org.springframework.web.context.support.AnnotationConfigWebApplicationContext"
+        webXML.getContextParamValue("contextClass") =
+          "org.springframework.web.context.support.AnnotationConfigWebApplicationContext"
       |
         basePackages = webXML.getContextParamValue("contextConfigLocation")
       )

java/ql/src/semmle/code/java/frameworks/spring/metrics/MetricSpringBean.qll

@@ -41,14 +41,16 @@ class MetricSpringBean extends SpringBean {
   int getEfferentCoupling() { result = count(SpringBean other | springDepends(this, other, _)) }
 
   int getLocalAfferentCoupling() {
-    result = count(SpringBean other |
+    result =
+      count(SpringBean other |
         springDepends(other, this, _) and
         this.getSpringBeanFile() = other.getSpringBeanFile()
       )
   }
 
   int getLocalEfferentCoupling() {
-    result = count(SpringBean other |
+    result =
+      count(SpringBean other |
         springDepends(this, other, _) and
         this.getSpringBeanFile() = other.getSpringBeanFile()
       )

java/ql/src/semmle/code/java/metrics/MetricCallable.qll

@@ -40,7 +40,8 @@ class MetricCallable extends Callable {
    * plus one.
    */
   int getCyclomaticComplexity() {
-    result = count(Stmt stmt | branchingStmt(stmt) and stmt.getEnclosingCallable() = this) +
+    result =
+      count(Stmt stmt | branchingStmt(stmt) and stmt.getEnclosingCallable() = this) +
         count(Expr expr | branchingExpr(expr) and expr.getEnclosingCallable() = this) + 1
   }
 
@@ -49,7 +50,8 @@ class MetricCallable extends Callable {
    * and expressions within the callable, plus one for the callable itself.
    */
   int getHalsteadLength() {
-    result = count(Stmt s | s.getEnclosingCallable() = this) +
+    result =
+      count(Stmt s | s.getEnclosingCallable() = this) +
         count(Expr e | e.getEnclosingCallable() = this) + 1
   }
 
@@ -58,7 +60,8 @@ class MetricCallable extends Callable {
    * of all statements and expressions within the callable.
    */
   int getHalsteadVocabulary() {
-    result = count(string id |
+    result =
+      count(string id |
         exists(Stmt s | s.getEnclosingCallable() = this and id = s.getHalsteadID())
         or
         exists(Expr e | e.getEnclosingCallable() = this and id = e.getHalsteadID())

java/ql/src/semmle/code/java/metrics/MetricElement.qll

@@ -79,7 +79,8 @@ class MetricElement extends Element {
 
   /** Gets the maintainability index without comment weight. */
   float getMaintainabilityIndexWithoutComments() {
-    result = 171 - 5.2 * this.getHalsteadVolume().log() - 0.23 * this.getCyclomaticComplexity() -
+    result =
+      171 - 5.2 * this.getHalsteadVolume().log() - 0.23 * this.getCyclomaticComplexity() -
         16.2 * this.getNumberOfLinesOfCode().log()
   }
 
@@ -101,8 +102,8 @@ class MetricElement extends Element {
    * `MetricRefType` and `MetricCallable` provide concrete implementations.
    */
   float getMaintainabilityIndex() {
-    result = this.getMaintainabilityIndexWithoutComments() +
+    result =
-        this.getMaintainabilityIndexCommentWeight()
+      this.getMaintainabilityIndexWithoutComments() + this.getMaintainabilityIndexCommentWeight()
   }
 }
 /* ========================================================================= */

java/ql/src/semmle/code/java/metrics/MetricPackage.qll

@@ -22,7 +22,8 @@ class MetricPackage extends Package, MetricElement {
   /** Gets the number of lines of code in this package. */
   override int getNumberOfLinesOfCode() {
     // Refer to `numlines(...)` directly to avoid invalid recursive aggregate.
-    result = sum(CompilationUnit cu, int lines |
+    result =
+      sum(CompilationUnit cu, int lines |
         cu.getPackage() = this and numlines(cu, _, lines, _)
       |
         lines
@@ -31,7 +32,8 @@ class MetricPackage extends Package, MetricElement {
 
   /** Gets the number of lines of comments in this package. */
   override int getNumberOfCommentLines() {
-    result = sum(CompilationUnit cu, int lines |
+    result =
+      sum(CompilationUnit cu, int lines |
         cu.getPackage() = this and numlines(cu, _, _, lines)
       |
         lines
@@ -40,7 +42,8 @@ class MetricPackage extends Package, MetricElement {
 
   /** Gets the total number of lines in this package, including code, comments and whitespace-only lines. */
   override int getTotalNumberOfLines() {
-    result = sum(CompilationUnit cu, int lines |
+    result =
+      sum(CompilationUnit cu, int lines |
         cu.getPackage() = this and numlines(cu, lines, _, _)
       |
         lines
@@ -60,7 +63,8 @@ class MetricPackage extends Package, MetricElement {
    * This is an indication of the size of the API provided by this package.
    */
   int getNumberOfPublicCallables() {
-    result = sum(MetricRefType t, int toSum |
+    result =
+      sum(MetricRefType t, int toSum |
         t.getPackage() = this and
         toSum = t.getNumberOfPublicCallables()
       |
@@ -86,7 +90,8 @@ class MetricPackage extends Package, MetricElement {
    * package metrics, such as the instability metric.
    */
   int getAfferentCoupling() {
-    result = count(RefType t |
+    result =
+      count(RefType t |
         t.getPackage() != this and
         exists(RefType s | s.getPackage() = this and depends(t, s))
       )
@@ -105,7 +110,8 @@ class MetricPackage extends Package, MetricElement {
    * package metrics, such as the instability metric.
    */
   int getEfferentCoupling() {
-    result = count(RefType t |
+    result =
+      count(RefType t |
         t.getPackage() = this and
         exists(RefType s | s.getPackage() != this and depends(t, s))
       )
@@ -114,7 +120,8 @@ class MetricPackage extends Package, MetricElement {
   /** Efferent Coupling (outgoing dependencies) to the specified package. */
   int getEfferentCoupling(Package p) {
     p != this and
-    result = count(RefType t |
+    result =
+      count(RefType t |
         t.getPackage() = this and
         exists(RefType s | s.getPackage() = p and depends(t, s))
       )
@@ -219,7 +226,8 @@ class MetricPackage extends Package, MetricElement {
    * for metrics that are directly computed from code.
    */
   float relationalCohesion() {
-    result = 1 +
+    result =
+      1 +
         avg(RefType t, float toAvg |
           t.getPackage() = this and
           toAvg = this.countDependencies(t)
@@ -264,7 +272,8 @@ class MetricPackage extends Package, MetricElement {
    * representative member of the cycle to which it belongs.
    */
   predicate isRepresentative() {
-    this.getName() = min(MetricPackage p, string toMin |
+    this.getName() =
+      min(MetricPackage p, string toMin |
         p = this.getACycleMember() and
         toMin = p.getName()
       |
@@ -278,7 +287,8 @@ class MetricPackage extends Package, MetricElement {
    * The fan-in of a package is the average efferent coupling over all callables in that package.
    */
   float getAverageFanIn() {
-    result = avg(RefType t, MetricCallable c, int toAvg |
+    result =
+      avg(RefType t, MetricCallable c, int toAvg |
         (c = t.getACallable() and t.getPackage() = this) and
         toAvg = c.getAfferentCoupling()
       |

java/ql/src/semmle/code/java/metrics/MetricRefType.qll

@@ -125,11 +125,8 @@ class MetricRefType extends RefType, MetricElement {
       // m = number of methods that access some field
       m = count(this.getAccessingMethod()) and
       // r = average (over f) of number of methods that access field f
-      r = avg(Field f |
+      r =
-          f = this.getAccessedField()
+        avg(Field f | f = this.getAccessedField() | count(Method x | this.accessesLocalField(x, f))) and
-        |
-          count(Method x | this.accessesLocalField(x, f))
-        ) and
       // avoid division by zero
       m != 1 and
       // compute LCOM
@@ -184,7 +181,8 @@ class MetricRefType extends RefType, MetricElement {
   float getLackOfCohesionCK() {
     exists(int callables, int linked, float n |
       callables = count(Callable m | includeInLackOfCohesionCK(m)) and
-      linked = count(Callable m1, Callable m2 |
+      linked =
+        count(Callable m1, Callable m2 |
           exists(Field f |
             relevantCallableAndFieldCK(m1, f) and
             relevantCallableAndFieldCK(m2, f) and
@@ -296,13 +294,15 @@ class MetricRefType extends RefType, MetricElement {
    */
   float getSpecialisationIndex() {
     this.getNumberOfCallables() != 0 and
-    result = (this.getNumberOverridden() * this.getInheritanceDepth()) /
+    result =
+      (this.getNumberOverridden() * this.getInheritanceDepth()) /
         this.getNumberOfCallables().(float)
   }
 
   /** Gets the Halstead length of a type, estimated as the sum of the Halstead lengths of its callables. */
   override int getHalsteadLength() {
-    result = sum(Callable c, int toSum |
+    result =
+      sum(Callable c, int toSum |
         c = this.getACallable() and
         toSum = c.getMetrics().getHalsteadLength()
       |
@@ -312,7 +312,8 @@ class MetricRefType extends RefType, MetricElement {
 
   /** Gets the Halstead vocabulary of a type, estimated as the sum of the Halstead vocabularies of its callables. */
   override int getHalsteadVocabulary() {
-    result = sum(Callable c, int toSum |
+    result =
+      sum(Callable c, int toSum |
         c = this.getACallable() and
         toSum = c.getMetrics().getHalsteadVocabulary()
       |
@@ -322,7 +323,8 @@ class MetricRefType extends RefType, MetricElement {
 
   /** Gets the cyclomatic complexity of a type, estimated as the sum of the cyclomatic complexities of its callables. */
   override int getCyclomaticComplexity() {
-    result = sum(Callable c, int toSum |
+    result =
+      sum(Callable c, int toSum |
         c = this.getACallable() and
         toSum = c.getMetrics().getCyclomaticComplexity()
       |

java/ql/src/semmle/code/java/security/Encryption.qll

@@ -75,7 +75,8 @@ private string algorithmRegex(string algorithmString) {
   // Algorithms usually appear in names surrounded by characters that are not
   // alphabetical characters in the same case. This handles the upper and lower
   // case cases.
-  result = "((^|.*[^A-Z])(" + algorithmString + ")([^A-Z].*|$))" +
+  result =
+    "((^|.*[^A-Z])(" + algorithmString + ")([^A-Z].*|$))" +
       // or...
       "|" +
       // For lowercase, we want to be careful to avoid being confused by camelCase
@@ -113,7 +114,8 @@ private string algorithmBlacklistString(int i) {
 
 /** Gets a regex for matching strings that look like they contain a blacklisted algorithm. */
 string algorithmBlacklistRegex() {
-  result = algorithmRegex(algorithmBlacklistString(max(int i | exists(rankedAlgorithmBlacklist(i)))))
+  result =
+    algorithmRegex(algorithmBlacklistString(max(int i | exists(rankedAlgorithmBlacklist(i)))))
 }
 
 /** Gets a whitelist of algorithms that are known to be secure. */
@@ -138,7 +140,8 @@ private string algorithmWhitelistString(int i) {
 
 /** Gets a regex for matching strings that look like they contain a whitelisted algorithm. */
 string algorithmWhitelistRegex() {
-  result = algorithmRegex(algorithmWhitelistString(max(int i | exists(rankedAlgorithmWhitelist(i)))))
+  result =
+    algorithmRegex(algorithmWhitelistString(max(int i | exists(rankedAlgorithmWhitelist(i)))))
 }
 
 /**

java/ql/src/semmle/code/java/security/UnsafeDeserialization.qll

@@ -20,8 +20,8 @@ class SafeXStream extends DataFlow2::Configuration {
   SafeXStream() { this = "UnsafeDeserialization::SafeXStream" }
 
   override predicate isSource(DataFlow::Node src) {
-    any(XStreamEnableWhiteListing ma).getQualifier().(VarAccess).getVariable().getAnAccess() = src
+    any(XStreamEnableWhiteListing ma).getQualifier().(VarAccess).getVariable().getAnAccess() =
-          .asExpr()
+      src.asExpr()
   }
 
   override predicate isSink(DataFlow::Node sink) {
@@ -36,8 +36,8 @@ class SafeKryo extends DataFlow2::Configuration {
   SafeKryo() { this = "UnsafeDeserialization::SafeKryo" }
 
   override predicate isSource(DataFlow::Node src) {
-    any(KryoEnableWhiteListing ma).getQualifier().(VarAccess).getVariable().getAnAccess() = src
+    any(KryoEnableWhiteListing ma).getQualifier().(VarAccess).getVariable().getAnAccess() =
-          .asExpr()
+      src.asExpr()
   }
 
   override predicate isSink(DataFlow::Node sink) {

java/ql/src/semmle/code/java/security/XmlParsers.qll

@@ -151,9 +151,11 @@ private class ConstantStringExpr extends Expr {
  * A general configuration that is safe when enabled.
  */
 Expr singleSafeConfig() {
-  result.(ConstantStringExpr).getStringValue() = "http://apache.org/xml/features/disallow-doctype-decl"
+  result.(ConstantStringExpr).getStringValue() =
+    "http://apache.org/xml/features/disallow-doctype-decl"
   or
-  result.(ConstantStringExpr).getStringValue() = "http://javax.xml.XMLConstants/feature/secure-processing"
+  result.(ConstantStringExpr).getStringValue() =
+    "http://javax.xml.XMLConstants/feature/secure-processing"
   or
   exists(Field f |
     result = f.getAnAccess() and
@@ -494,7 +496,8 @@ class SafeSAXParserFactory extends VarAccess {
       exists(SAXParserFactoryConfig config | config.getQualifier() = v.getAnAccess() |
         config
             .disables(any(ConstantStringExpr s |
-                s.getStringValue() = "http://apache.org/xml/features/nonvalidating/load-external-dtd"
+                s.getStringValue() =
+                  "http://apache.org/xml/features/nonvalidating/load-external-dtd"
               ))
       )
     )
@@ -695,7 +698,8 @@ class ExplicitlySafeXMLReader extends VarAccess {
       exists(XMLReaderConfig config | config.getQualifier() = v.getAnAccess() |
         config
             .disables(any(ConstantStringExpr s |
-                s.getStringValue() = "http://apache.org/xml/features/nonvalidating/load-external-dtd"
+                s.getStringValue() =
+                  "http://apache.org/xml/features/nonvalidating/load-external-dtd"
               ))
       )
       or
@@ -828,7 +832,8 @@ class XmlConstants extends RefType {
 
 /** A configuration specific for transformers and schema. */
 Expr configAccessExternalDTD() {
-  result.(ConstantStringExpr).getStringValue() = "http://javax.xml.XMLConstants/property/accessExternalDTD"
+  result.(ConstantStringExpr).getStringValue() =
+    "http://javax.xml.XMLConstants/property/accessExternalDTD"
   or
   exists(Field f |
     result = f.getAnAccess() and
@@ -839,7 +844,8 @@ Expr configAccessExternalDTD() {
 
 /** A configuration specific for transformers. */
 Expr configAccessExternalStyleSheet() {
-  result.(ConstantStringExpr).getStringValue() = "http://javax.xml.XMLConstants/property/accessExternalStylesheet"
+  result.(ConstantStringExpr).getStringValue() =
+    "http://javax.xml.XMLConstants/property/accessExternalStylesheet"
   or
   exists(Field f |
     result = f.getAnAccess() and
@@ -850,7 +856,8 @@ Expr configAccessExternalStyleSheet() {
 
 /** A configuration specific for schema. */
 Expr configAccessExternalSchema() {
-  result.(ConstantStringExpr).getStringValue() = "http://javax.xml.XMLConstants/property/accessExternalSchema"
+  result.(ConstantStringExpr).getStringValue() =
+    "http://javax.xml.XMLConstants/property/accessExternalSchema"
   or
   exists(Field f |
     result = f.getAnAccess() and

java/ql/src/semmle/code/xml/AndroidManifest.qll

@@ -114,11 +114,9 @@ class AndroidComponentXmlElement extends XMLElement {
   string getResolvedComponentName() {
     if getComponentName().matches(".%")
     then
-      result = getParent()
+      result =
-              .(XMLElement)
+        getParent().(XMLElement).getParent().(AndroidManifestXmlElement).getPackageAttributeValue() +
-              .getParent()
+          getComponentName()
-              .(AndroidManifestXmlElement)
-              .getPackageAttributeValue() + getComponentName()
     else result = getComponentName()
   }
 

java/ql/src/semmle/code/xml/Ant.qll

@@ -18,7 +18,8 @@ class AntTarget extends XMLElement {
    * This is a utility method used for extracting individual dependencies.
    */
   string getDependsString() {
-    result = "," +
+    result =
+      "," +
         this
             .getAttributeValue("depends")
             .replaceAll(" ", "")

java/ql/src/semmle/code/xml/MavenPom.qll

@@ -66,7 +66,8 @@ class Pom extends ProtoPom {
 
   /** Gets a Maven coordinate of the form `groupId:artifactId:version`. */
   string getCoordinate() {
-    result = this.getGroup().getValue() + ":" + this.getArtifact().getValue() + ":" +
+    result =
+      this.getGroup().getValue() + ":" + this.getArtifact().getValue() + ":" +
         this.getVersion().getValue()
   }
 
@@ -195,8 +196,8 @@ class Pom extends ProtoPom {
         relativePath = "src"
     |
       // Resolve the relative path against the base directory for this POM
-      result.getAbsolutePath() = normalize(getFile().getParentContainer().getAbsolutePath() + "/" +
+      result.getAbsolutePath() =
-            relativePath)
+        normalize(getFile().getParentContainer().getAbsolutePath() + "/" + relativePath)
     )
   }
 
@@ -411,7 +412,8 @@ class MavenRepoJar extends File {
     exists(MavenRepo mr | mr.getAJarFile() = this |
       // Assuming the standard layout, the first part of the directory structure from the maven
       // repository will be the groupId converted to a path by replacing "." with "/".
-      result = getParentContainer()
+      result =
+        getParentContainer()
             .getParentContainer()
             .getParentContainer()
             .getAbsolutePath()

java/ql/src/semmle/code/xml/XML.qll

@@ -100,11 +100,8 @@ class XMLParent extends @xmlparent {
    * left to right, separated by a space.
    */
   string allCharactersString() {
-    result = concat(string chars, int pos |
+    result =
-        xmlChars(_, chars, this, pos, _, _)
+      concat(string chars, int pos | xmlChars(_, chars, this, pos, _, _) | chars, " " order by pos)
-      |
-        chars, " " order by pos
-      )
   }
 
   /** Gets the text value contained in this XML parent. */