Merge branch 'main' into alexdenisov/swift-multiple-modules

config/identical-files.json

@@ -453,11 +453,11 @@
     "python/ql/src/Lexical/CommentedOutCodeReferences.inc.qhelp"
   ],
   "IDE Contextual Queries": [
-    "cpp/ql/src/IDEContextual.qll",
-    "csharp/ql/src/IDEContextual.qll",
-    "java/ql/src/IDEContextual.qll",
-    "javascript/ql/src/IDEContextual.qll",
-    "python/ql/src/analysis/IDEContextual.qll"
+    "cpp/ql/lib/IDEContextual.qll",
+    "csharp/ql/lib/IDEContextual.qll",
+    "java/ql/lib/IDEContextual.qll",
+    "javascript/ql/lib/IDEContextual.qll",
+    "python/ql/lib/analysis/IDEContextual.qll"
   ],
   "SSA C#": [
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImplCommon.qll",

cpp/ql/src/change-notes/2022-06-29-move-contextual-queries.md

@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+* Contextual queries and the query libraries they depend on have been moved to the `codeql/cpp-all` package.

csharp/ql/src/change-notes/2022-06-29-move-contextual-queries.md

@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+* Contextual queries and the query libraries they depend on have been moved to the `codeql/csharp-all` package.

docs/codeql/reusables/beta-note-package-management.rst

@@ -2,4 +2,4 @@
 
     Note
 
-    The CodeQL package management functionality, including CodeQL packs, is currently available as a beta release and is subject to change. During the beta release, CodeQL packs are available only using GitHub Packages - the GitHub Container registry. To use this beta functionality, install version 2.6.0 or higher of the CodeQL CLI bundle from: https://github.com/github/codeql-action/releases.
+    The CodeQL package management functionality, including CodeQL packs, is currently available as a beta release and is subject to change. During the beta release, CodeQL packs are available only using GitHub Packages - the GitHub Container registry. To use this beta functionality, install the latest version of the CodeQL CLI bundle from: https://github.com/github/codeql-action/releases.

java/documentation/library-coverage/coverage.csv

@@ -1,121 +1,121 @@
-package,sink,source,summary,sink:bean-validation,sink:create-file,sink:groovy,sink:header-splitting,sink:information-leak,sink:intent-start,sink:jdbc-url,sink:jexl,sink:jndi-injection,sink:ldap,sink:logging,sink:mvel,sink:ognl-injection,sink:open-url,sink:pending-intent-sent,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:set-hostname-verifier,sink:sql,sink:url-open-stream,sink:url-redirect,sink:write-file,sink:xpath,sink:xslt,sink:xss,source:android-widget,source:contentprovider,source:remote,summary:taint,summary:value
-android.app,16,,103,,,,,,7,,,,,,,,,9,,,,,,,,,,,,,,,,,,18,85
-android.content,24,27,108,,,,,,16,,,,,,,,,,,,,,,,,8,,,,,,,,27,,31,77
-android.database,59,,30,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,,,30,
-android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15
-android.os,,,122,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,41,81
-android.util,6,16,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,16,,
-android.webkit,3,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,2,,
-android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,1,
-androidx.slice,2,5,88,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,5,,27,61
-cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.fasterxml.jackson.databind,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
-com.google.common.base,4,,85,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,,62,23
-com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17
-com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551
-com.google.common.flogger,29,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,
-com.google.common.io,6,,73,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,72,1
-com.opensymphony.xwork2.ognl,3,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,
-com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7,
-com.unboundid.ldap.sdk,17,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,
-com.zaxxer.hikari,2,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,
-flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
-groovy.lang,26,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-groovy.util,5,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-jakarta.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,7,,
-jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
-jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
-jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
-jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,94,55
-java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-java.io,37,,39,,15,,,,,,,,,,,,,,,,,,,,,,,,22,,,,,,,39,
-java.lang,13,,58,,,,,,,,,,,8,,,,,4,,,1,,,,,,,,,,,,,,46,12
-java.net,10,3,7,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,3,7,
-java.nio,15,,6,,13,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,6,
-java.sql,11,,,,,,,,,4,,,,,,,,,,,,,,,,7,,,,,,,,,,,
-java.util,44,,438,,,,,,,,,,,34,,,,,,5,2,,1,2,,,,,,,,,,,,24,414
-javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,7,,
-javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
-javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
-javax.management.remote,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,
-javax.naming,7,,,,,,,,,,,6,1,,,,,,,,,,,,,,,,,,,,,,,,
-javax.net.ssl,2,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
-javax.script,1,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,
-javax.servlet,4,21,2,,,,3,1,,,,,,,,,,,,,,,,,,,,,,,,,,,21,2,
-javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
-javax.ws.rs.client,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
-javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
-javax.ws.rs.core,3,,149,,,,1,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,94,55
-javax.xml.transform,1,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,6,
-javax.xml.xpath,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,
-jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10
-kotlin.jvm.internal,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
-net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,
-ognl,6,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,
-okhttp3,2,,47,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,22,25
-org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
-org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
-org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
-org.apache.commons.io,104,,561,,89,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,547,14
-org.apache.commons.jexl2,15,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.jexl3,15,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.lang3,,,424,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,293,131
-org.apache.commons.logging,6,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.ognl,6,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52
-org.apache.directory.ldap.client.api,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.apache.hc.core5.http,1,2,39,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,2,39,
-org.apache.hc.core5.net,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,
-org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6
-org.apache.http,27,3,70,,,,,,,,,,,,,,25,,,,,,,,,,,,,,,2,,,3,62,8
-org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,57,
-org.apache.log4j,11,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.logging.log4j,359,,8,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,4,4
-org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.apache.shiro.jndi,1,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
-org.codehaus.groovy.control,1,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,,
-org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,
-org.jboss.logging,324,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,
-org.jdbi.v3.core,6,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
-org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38
-org.mvel2,16,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,
-org.scijava.log,13,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,
-org.slf4j,55,,6,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,2,4
-org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30
-org.springframework.boot.jdbc,1,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
-org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-org.springframework.http,14,,70,,,,,,,,,,,,,,14,,,,,,,,,,,,,,,,,,,60,10
-org.springframework.jdbc.core,10,,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,
-org.springframework.jdbc.datasource,4,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,
-org.springframework.jndi,1,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.ldap,47,,,,,,,,,,,33,14,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,
-org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32
-org.springframework.util,,,139,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,87,52
-org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,
-org.springframework.web.client,13,3,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,3,,
-org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,
-org.springframework.web.multipart,,12,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,13,
-org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,
-org.springframework.web.util,,,163,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,138,25
-org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,
-play.mvc,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,
-ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
-ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
-ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48
-ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
-ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
-ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
-ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
-retrofit2,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
+package,sink,source,summary,sink:bean-validation,sink:create-file,sink:groovy,sink:header-splitting,sink:information-leak,sink:intent-start,sink:jdbc-url,sink:jexl,sink:jndi-injection,sink:ldap,sink:logging,sink:mvel,sink:ognl-injection,sink:open-url,sink:pending-intent-sent,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:set-hostname-verifier,sink:sql,sink:url-open-stream,sink:url-redirect,sink:write-file,sink:xpath,sink:xslt,sink:xss,source:android-external-storage-dir,source:android-widget,source:contentprovider,source:remote,summary:taint,summary:value
+android.app,16,,103,,,,,,7,,,,,,,,,9,,,,,,,,,,,,,,,,,,,18,85
+android.content,24,31,108,,,,,,16,,,,,,,,,,,,,,,,,8,,,,,,,4,,27,,31,77
+android.database,59,,30,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,,,,30,
+android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15
+android.os,,2,122,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,41,81
+android.util,6,16,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,16,,
+android.webkit,3,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,2,,
+android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,1,
+androidx.slice,2,5,88,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,5,,27,61
+cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.fasterxml.jackson.databind,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
+com.google.common.base,4,,85,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,,,62,23
+com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17
+com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551
+com.google.common.flogger,29,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,,
+com.google.common.io,6,,73,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,72,1
+com.opensymphony.xwork2.ognl,3,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,
+com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7,
+com.unboundid.ldap.sdk,17,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,,
+com.zaxxer.hikari,2,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
+groovy.lang,26,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+groovy.util,5,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+jakarta.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,,
+jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
+jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,
+jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
+jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
+java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+java.io,37,,39,,15,,,,,,,,,,,,,,,,,,,,,,,,22,,,,,,,,39,
+java.lang,13,,58,,,,,,,,,,,8,,,,,4,,,1,,,,,,,,,,,,,,,46,12
+java.net,10,3,7,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,3,7,
+java.nio,15,,6,,13,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,6,
+java.sql,11,,,,,,,,,4,,,,,,,,,,,,,,,,7,,,,,,,,,,,,
+java.util,44,,438,,,,,,,,,,,34,,,,,,5,2,,1,2,,,,,,,,,,,,,24,414
+javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,,
+javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
+javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
+javax.management.remote,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,
+javax.naming,7,,,,,,,,,,,6,1,,,,,,,,,,,,,,,,,,,,,,,,,
+javax.net.ssl,2,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,
+javax.script,1,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,
+javax.servlet,4,21,2,,,,3,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,2,
+javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
+javax.ws.rs.client,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,
+javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
+javax.ws.rs.core,3,,149,,,,1,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
+javax.xml.transform,1,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,6,
+javax.xml.xpath,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,
+jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10
+kotlin.jvm.internal,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
+net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,,
+ognl,6,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,
+okhttp3,2,,47,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,22,25
+org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
+org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
+org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
+org.apache.commons.io,104,,561,,89,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,547,14
+org.apache.commons.jexl2,15,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.jexl3,15,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.lang3,,,424,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,293,131
+org.apache.commons.logging,6,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.ognl,6,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52
+org.apache.directory.ldap.client.api,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.apache.hc.core5.http,1,2,39,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,2,39,
+org.apache.hc.core5.net,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,
+org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6
+org.apache.http,27,3,70,,,,,,,,,,,,,,25,,,,,,,,,,,,,,,2,,,,3,62,8
+org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,57,
+org.apache.log4j,11,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.logging.log4j,359,,8,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,,4,4
+org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.apache.shiro.jndi,1,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.codehaus.groovy.control,1,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,,,
+org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,
+org.jboss.logging,324,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,,
+org.jdbi.v3.core,6,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
+org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38
+org.mvel2,16,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,,
+org.scijava.log,13,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,,
+org.slf4j,55,,6,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,,2,4
+org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30
+org.springframework.boot.jdbc,1,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
+org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+org.springframework.http,14,,70,,,,,,,,,,,,,,14,,,,,,,,,,,,,,,,,,,,60,10
+org.springframework.jdbc.core,10,,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,
+org.springframework.jdbc.datasource,4,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,,
+org.springframework.jndi,1,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.ldap,47,,,,,,,,,,,33,14,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,
+org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32
+org.springframework.util,,,139,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,87,52
+org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,
+org.springframework.web.client,13,3,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,3,,
+org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,
+org.springframework.web.multipart,,12,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,13,
+org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,
+org.springframework.web.util,,,163,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,138,25
+org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,
+play.mvc,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,
+ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
+ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
+ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48
+ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
+ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
+ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
+ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
+retrofit2,1,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,

java/documentation/library-coverage/coverage.rst

@@ -7,7 +7,7 @@ Java framework & library support
    :widths: auto
 
    Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE‑022` :sub:`Path injection`,`CWE‑036` :sub:`Path traversal`,`CWE‑079` :sub:`Cross-site scripting`,`CWE‑089` :sub:`SQL injection`,`CWE‑090` :sub:`LDAP injection`,`CWE‑094` :sub:`Code injection`,`CWE‑319` :sub:`Cleartext transmission`
-   Android,``android.*``,46,424,108,,,3,67,,,
+   Android,``android.*``,52,424,108,,,3,67,,,
    `Apache Commons Collections <https://commons.apache.org/proper/commons-collections/>`_,"``org.apache.commons.collections``, ``org.apache.commons.collections4``",,1600,,,,,,,,
    `Apache Commons IO <https://commons.apache.org/proper/commons-io/>`_,``org.apache.commons.io``,,561,104,89,,,,,,15
    `Apache Commons Lang <https://commons.apache.org/proper/commons-lang/>`_,``org.apache.commons.lang3``,,424,,,,,,,,
@@ -19,5 +19,5 @@ Java framework & library support
    Java extensions,"``javax.*``, ``jakarta.*``",63,609,32,,,4,,1,1,2
    `Spring <https://spring.io/>`_,``org.springframework.*``,29,476,101,,,,19,14,,29
    Others,"``androidx.slice``, ``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``groovy.lang``, ``groovy.util``, ``jodd.json``, ``kotlin.jvm.internal``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.logging.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.hibernate``, ``org.jboss.logging``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.mvel2``, ``org.scijava.log``, ``org.slf4j``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",65,395,932,,,,14,18,,3
-   Totals,,211,6410,1474,117,6,10,107,33,1,84
+   Totals,,217,6410,1474,117,6,10,107,33,1,84
 

java/kotlin-extractor/src/main/kotlin/utils/JvmNames.kt

@@ -55,7 +55,7 @@ private val specialFunctions = mapOf(
 
 private val specialFunctionShortNames = specialFunctions.keys.map { it.functionName }.toSet()
 
-fun getSpecialJvmName(f: IrFunction): String? {
+private fun getSpecialJvmName(f: IrFunction): String? {
     if (specialFunctionShortNames.contains(f.name) && f is IrSimpleFunction) {
         f.allOverridden(true).forEach { overriddenFunc ->
             overriddenFunc.parentClassOrNull?.fqNameWhenAvailable?.let { parentFqName ->
@@ -87,4 +87,4 @@ fun getJvmName(container: IrAnnotationContainer): String? {
         }
     }
     return (container as? IrFunction)?.let { getSpecialJvmName(container) }
-}
+}

java/kotlin-extractor/src/main/kotlin/utils/TypeSubstitution.kt

@@ -37,7 +37,7 @@ fun IrType.substituteTypeArguments(params: List<IrTypeParameter>, arguments: Lis
         else -> this
     }
 
-fun IrSimpleType.substituteTypeArguments(substitutionMap: Map<IrTypeParameterSymbol, IrTypeArgument>): IrSimpleType {
+private fun IrSimpleType.substituteTypeArguments(substitutionMap: Map<IrTypeParameterSymbol, IrTypeArgument>): IrSimpleType {
     if (substitutionMap.isEmpty()) return this
 
     val newArguments = arguments.map {
@@ -100,7 +100,7 @@ private fun subProjectedType(substitutionMap: Map<IrTypeParameterSymbol, IrTypeA
         }
     } ?: makeTypeProjection(t.substituteTypeArguments(substitutionMap), outerVariance)
 
-fun IrTypeArgument.upperBound(context: IrPluginContext) =
+private fun IrTypeArgument.upperBound(context: IrPluginContext) =
     when(this) {
         is IrStarProjection -> context.irBuiltIns.anyNType
         is IrTypeProjection -> when(this.variance) {
@@ -111,7 +111,7 @@ fun IrTypeArgument.upperBound(context: IrPluginContext) =
         else -> context.irBuiltIns.anyNType
     }
 
-fun IrTypeArgument.lowerBound(context: IrPluginContext) =
+private fun IrTypeArgument.lowerBound(context: IrPluginContext) =
     when(this) {
         is IrStarProjection -> context.irBuiltIns.nothingType
         is IrTypeProjection -> when(this.variance) {
@@ -200,7 +200,7 @@ fun IrTypeArgument.withQuestionMark(b: Boolean): IrTypeArgument =
 
 typealias TypeSubstitution = (IrType, KotlinUsesExtractor.TypeContext, IrPluginContext) -> IrType
 
-fun matchingTypeParameters(l: IrTypeParameter?, r: IrTypeParameter): Boolean {
+private fun matchingTypeParameters(l: IrTypeParameter?, r: IrTypeParameter): Boolean {
     if (l === r)
         return true
     if (l == null)

java/ql/src/change-notes/2022-06-29-move-contextual-queries.md

@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+* Contextual queries and the query libraries they depend on have been moved to the `codeql/java-all` package.

javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll

@@ -106,6 +106,10 @@ module ClientSideUrlRedirect {
       ) and
       xss = true
       or
+      // A call to `navigation.navigate`
+      this = DataFlow::globalVarRef("navigation").getAMethodCall("navigate").getArgument(0) and
+      xss = true
+      or
       // An assignment to `location`
       exists(Assignment assgn | isLocation(assgn.getTarget()) and astNode = assgn.getRhs()) and
       xss = true

javascript/ql/src/Declarations/DeclBeforeUse.ql

@@ -10,7 +10,7 @@
  */
 
 import javascript
-private import Declarations
+private import Declarations.Declarations
 
 from VarAccess acc, VarDecl decl, Variable var, StmtContainer sc
 where

javascript/ql/src/Declarations/RedeclaredVariable.ql

@@ -10,7 +10,7 @@
  */
 
 import javascript
-private import Declarations
+private import Declarations.Declarations
 
 from Variable v, TopLevel tl, VarDecl decl, VarDecl redecl
 where

javascript/ql/src/change-notes/2022-06-29-move-contextual-queries.md

@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+* Contextual queries and the query libraries they depend on have been moved to the `codeql/javascript-all` package.

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected

@@ -1026,6 +1026,10 @@ nodes
 | tst.js:476:20:476:22 | url |
 | tst.js:486:22:486:24 | url |
 | tst.js:486:22:486:24 | url |
+| tst.js:491:23:491:35 | location.hash |
+| tst.js:491:23:491:35 | location.hash |
+| tst.js:491:23:491:45 | locatio ... bstr(1) |
+| tst.js:491:23:491:45 | locatio ... bstr(1) |
 | typeahead.js:20:13:20:45 | target |
 | typeahead.js:20:22:20:45 | documen ... .search |
 | typeahead.js:20:22:20:45 | documen ... .search |
@@ -2081,6 +2085,10 @@ edges
 | tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) |
 | tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) |
 | tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url |
+| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) |
+| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) |
+| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) |
+| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) |
 | typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target |
 | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target |
 | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target |
@@ -2354,6 +2362,7 @@ edges
 | tst.js:475:25:475:27 | url | tst.js:471:13:471:36 | documen ... .search | tst.js:475:25:475:27 | url | Cross-site scripting vulnerability due to $@. | tst.js:471:13:471:36 | documen ... .search | user-provided value |
 | tst.js:476:20:476:22 | url | tst.js:471:13:471:36 | documen ... .search | tst.js:476:20:476:22 | url | Cross-site scripting vulnerability due to $@. | tst.js:471:13:471:36 | documen ... .search | user-provided value |
 | tst.js:486:22:486:24 | url | tst.js:471:13:471:36 | documen ... .search | tst.js:486:22:486:24 | url | Cross-site scripting vulnerability due to $@. | tst.js:471:13:471:36 | documen ... .search | user-provided value |
+| tst.js:491:23:491:45 | locatio ... bstr(1) | tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | Cross-site scripting vulnerability due to $@. | tst.js:491:23:491:35 | location.hash | user-provided value |
 | typeahead.js:25:18:25:20 | val | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:25:18:25:20 | val | Cross-site scripting vulnerability due to $@. | typeahead.js:20:22:20:45 | documen ... .search | user-provided value |
 | v-html.vue:2:8:2:23 | v-html=tainted | v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | Cross-site scripting vulnerability due to $@. | v-html.vue:6:42:6:58 | document.location | user-provided value |
 | various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:4:4:4:31 | "<div>" ... </div>" | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value |

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected

@@ -1038,6 +1038,10 @@ nodes
 | tst.js:476:20:476:22 | url |
 | tst.js:486:22:486:24 | url |
 | tst.js:486:22:486:24 | url |
+| tst.js:491:23:491:35 | location.hash |
+| tst.js:491:23:491:35 | location.hash |
+| tst.js:491:23:491:45 | locatio ... bstr(1) |
+| tst.js:491:23:491:45 | locatio ... bstr(1) |
 | typeahead.js:9:28:9:30 | loc |
 | typeahead.js:9:28:9:30 | loc |
 | typeahead.js:9:28:9:30 | loc |
@@ -2143,6 +2147,10 @@ edges
 | tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) |
 | tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) |
 | tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url |
+| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) |
+| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) |
+| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) |
+| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) |
 | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
 | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |
 | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc |

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst.js

@@ -487,4 +487,6 @@ function urlStuff() {
   }
 
   window.open(location.hash.substr(1)); // OK - any JavaScript is executed in another context
-}
+
+  navigation.navigate(location.hash.substr(1)); // NOT OK
+}

python/ql/lib/analysis/DefinitionTracking.qll

@@ -14,10 +14,13 @@ class Definition extends TLocalDefinition {
   /** Gets a textual representation of this element. */
   string toString() { result = "Definition " + this.getAstNode().getLocation().toString() }
 
+  /** Gets the AST Node associated with this element */
   AstNode getAstNode() { this = TLocalDefinition(result) }
 
+  /** Gets the Module associated with this element */
   Module getModule() { result = this.getAstNode().getScope().getEnclosingModule() }
 
+  /** Gets the source location of the AST Node associated with this element */
   Location getLocation() { result = this.getAstNode().getLocation() }
 }
 

python/ql/lib/semmle/python/RegexTreeView.qll

@@ -1000,11 +1000,22 @@ class RegExpBackRef extends RegExpTerm, TRegExpBackRef {
 
   /** Gets the capture group this back reference refers to. */
   RegExpGroup getGroup() {
-    result.getLiteral() = this.getLiteral() and
-    (
-      result.getNumber() = this.getNumber() or
-      result.getName() = this.getName()
-    )
+    this.hasLiteralAndNumber(result.getLiteral(), result.getNumber()) or
+    this.hasLiteralAndName(result.getLiteral(), result.getName())
+  }
+
+  /** Join-order helper for `getGroup`. */
+  pragma[nomagic]
+  private predicate hasLiteralAndNumber(RegExpLiteral literal, int number) {
+    literal = this.getLiteral() and
+    number = this.getNumber()
+  }
+
+  /** Join-order helper for `getGroup`. */
+  pragma[nomagic]
+  private predicate hasLiteralAndName(RegExpLiteral literal, string name) {
+    literal = this.getLiteral() and
+    name = this.getName()
   }
 
   override RegExpTerm getChild(int i) { none() }

python/ql/lib/semmle/python/pointsto/MRO.qll

@@ -344,12 +344,12 @@ private class ClassListList extends TClassListList {
     )
   }
 
-  private predicate legalMergeCandidate(ClassObjectInternal cls, ClassListList remaining) {
-    cls = this.getAHead() and remaining = this
+  private predicate legalMergeCandidate(ClassObjectInternal cls, ClassListList remainingList) {
+    cls = this.getAHead() and remainingList = this
     or
-    this.legalMergeCandidate(cls, ConsList(Empty(), remaining))
+    this.legalMergeCandidate(cls, ConsList(Empty(), remainingList))
     or
-    this.legalMergeCandidateNonEmpty(cls, remaining, Empty())
+    this.legalMergeCandidateNonEmpty(cls, remainingList, Empty())
   }
 
   pragma[noinline]
@@ -386,10 +386,10 @@ private class ClassListList extends TClassListList {
 
 private ClassList flatten_list(ClassListList list, int n) {
   need_flattening(list) and
-  exists(ClassList head, ClassListList tail | list = ConsList(head, tail) |
+  exists(ClassList head, ClassListList tail | pragma[only_bind_out](list) = ConsList(head, tail) |
     n = head.length() and result = tail.flatten()
     or
-    result = Cons(head.getItem(n), flatten_list(list, n + 1))
+    result = Cons(head.getItem(n), flatten_list(pragma[only_bind_out](list), n + 1))
   )
 }
 
@@ -419,7 +419,9 @@ private ClassListList list_of_linearization_of_bases_plus_bases(ClassObjectInter
   result = ConsList(bases(cls), EmptyList()) and n = Types::base_count(cls) and n > 1
   or
   exists(ClassListList partial |
-    partial = list_of_linearization_of_bases_plus_bases(cls, n + 1) and
+    partial =
+      list_of_linearization_of_bases_plus_bases(pragma[only_bind_into](cls),
+        pragma[only_bind_into](n + 1)) and
     result = ConsList(Mro::newStyleMro(Types::getBase(cls, n)), partial)
   )
 }

python/ql/src/analysis/Consistency.ql

@@ -5,7 +5,7 @@
  */
 
 import python
-import DefinitionTracking
+import analysis.DefinitionTracking
 
 predicate uniqueness_error(int number, string what, string problem) {
   what in [

python/ql/src/analysis/Definitions.ql

@@ -6,7 +6,7 @@
  */
 
 import python
-import DefinitionTracking
+import analysis.DefinitionTracking
 
 from NiceLocationExpr use, Definition defn, string kind
 where defn = definitionOf(use, kind)

python/ql/src/analysis/LocalDefinitions.ql

@@ -8,7 +8,7 @@
  */
 
 import python
-import DefinitionTracking
+import analysis.DefinitionTracking
 
 external string selectedSourceFile();
 

python/ql/src/analysis/LocalReferences.ql

@@ -8,7 +8,7 @@
  */
 
 import python
-import DefinitionTracking
+import analysis.DefinitionTracking
 
 external string selectedSourceFile();
 

python/ql/src/analysis/RatioOfDefinitions.ql

@@ -3,7 +3,7 @@
  */
 
 import python
-import DefinitionTracking
+import analysis.DefinitionTracking
 
 predicate want_to_have_definition(Expr e) {
   /* not builtin object like len, tuple, etc. */

python/ql/src/change-notes/2022-06-29-move-contextual-queries.md

@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+* Contextual queries and the query libraries they depend on have been moved to the `codeql/python-all` package.

ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll

@@ -330,12 +330,13 @@ class ActiveRecordInstance extends DataFlow::Node {
   ActiveRecordModelClass getClass() { result = instantiation.getClass() }
 }
 
-// A call whose receiver may be an active record model object
-private class ActiveRecordInstanceMethodCall extends DataFlow::CallNode {
+/** A call whose receiver may be an active record model object */
+class ActiveRecordInstanceMethodCall extends DataFlow::CallNode {
   private ActiveRecordInstance instance;
 
   ActiveRecordInstanceMethodCall() { this.getReceiver() = instance }
 
+  /** Gets the `ActiveRecordInstance` that is the receiver of this call. */
   ActiveRecordInstance getInstance() { result = instance }
 }
 

ruby/ql/src/change-notes/2022-06-29-move-contextual-queries.md

@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+* Contextual queries and the query libraries they depend on have been moved to the `codeql/ruby-all` package.

swift/extractor/SwiftExtractor.cpp

@@ -7,6 +7,7 @@
 #include <memory>
 #include <unistd.h>
 #include <unordered_set>
+#include <queue>
 
 #include <swift/AST/SourceFile.h>
 #include <swift/Basic/FileTypes.h>
@@ -51,6 +52,18 @@ static void archiveFile(const SwiftExtractorConfiguration& config, swift::Source
   }
 }
 
+static std::string getTrapFilename(swift::ModuleDecl& module, swift::SourceFile* primaryFile) {
+  if (primaryFile) {
+    return primaryFile->getFilename().str();
+  }
+  // Several modules with different name might come from .pcm (clang module) files
+  // In this case we want to differentiate them
+  std::string filename = module.getModuleFilename().str();
+  filename += "-";
+  filename += module.getName().str();
+  return filename;
+}
+
 static void extractDeclarations(const SwiftExtractorConfiguration& config,
                                 llvm::ArrayRef<swift::Decl*> topLevelDecls,
                                 swift::CompilerInstance& compiler,
@@ -60,7 +73,8 @@ static void extractDeclarations(const SwiftExtractorConfiguration& config,
   // the same input file(s)
   // We are using PID to avoid concurrent access
   // TODO: find a more robust approach to avoid collisions?
-  llvm::StringRef filename = primaryFile ? primaryFile->getFilename() : module.getModuleFilename();
+  auto name = getTrapFilename(module, primaryFile);
+  llvm::StringRef filename(name);
   std::string tempTrapName = filename.str() + '.' + std::to_string(getpid()) + ".trap";
   llvm::SmallString<PATH_MAX> tempTrapPath(config.tempTrapDir);
   llvm::sys::path::append(tempTrapPath, tempTrapName);
@@ -150,7 +164,31 @@ void codeql::extractSwiftFiles(const SwiftExtractorConfiguration& config,
     }
   }
 
+  // getASTContext().getLoadedModules() does not provide all the modules available within the
+  // program.
+  // We need to iterate over all the imported modules (recursively) to see the whole "universe."
+  std::unordered_set<swift::ModuleDecl*> allModules;
+  std::queue<swift::ModuleDecl*> worklist;
   for (auto& [_, module] : compiler.getASTContext().getLoadedModules()) {
+    worklist.push(module);
+    allModules.insert(module);
+  }
+
+  while (!worklist.empty()) {
+    auto module = worklist.front();
+    worklist.pop();
+    llvm::SmallVector<swift::ImportedModule> importedModules;
+    // TODO: we may need more than just Exported ones
+    module->getImportedModules(importedModules, swift::ModuleDecl::ImportFilterKind::Exported);
+    for (auto& imported : importedModules) {
+      if (allModules.count(imported.importedModule) == 0) {
+        worklist.push(imported.importedModule);
+        allModules.insert(imported.importedModule);
+      }
+    }
+  }
+
+  for (auto& module : allModules) {
     // We only extract system and builtin modules here as the other "user" modules can be built
     // during the build process and then re-used at a later stage. In this case, we extract the
     // user code twice: once during the module build in a form of a source file, and then as

swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll

@@ -946,6 +946,37 @@ module Decls {
     }
   }
 
+  /**
+   * The control-flow of a type declaration. This is necessary to skip past local type
+   * declarations that occur inside bodies like in:
+   * ```swift
+   * func foo() -> Int {
+   *   let x = 42
+   *   class C {}
+   *   return x
+   * }
+   * ```
+   */
+  private class TypeDeclTree extends AstLeafTree {
+    override TypeDecl ast;
+  }
+
+  /**
+   * The control-flow of a function declaration. This is necessary to skip past local function
+   * declarations that occur inside bodies like in:
+   * ```swift
+   * func foo() -> Int {
+   *   let x = 42
+   *   func bar() { ... }
+   *   return x
+   * }
+   * ```
+   */
+  private class AbstractFunctionDeclTree extends AstLeafTree {
+    override AbstractFunctionDecl ast;
+  }
+
+  /** The control-flow of a function declaration body. */
   class FuncDeclTree extends StandardPreOrderTree, TFuncDeclElement {
     AbstractFunctionDecl ast;
 

swift/ql/lib/codeql/swift/elements/expr/ArithmeticOperation.qll

@@ -0,0 +1,112 @@
+private import codeql.swift.elements.expr.Expr
+private import codeql.swift.elements.expr.BinaryExpr
+private import codeql.swift.elements.expr.PrefixUnaryExpr
+private import codeql.swift.elements.expr.DotSyntaxCallExpr
+
+/**
+ * An arithmetic operation, such as:
+ * ```
+ * a + b
+ * ```
+ */
+class ArithmeticOperation extends Expr {
+  ArithmeticOperation() {
+    this instanceof BinaryArithmeticOperation or
+    this instanceof UnaryArithmeticOperation
+  }
+
+  /**
+   * Gets an operand of this arithmetic operation.
+   */
+  Expr getAnOperand() {
+    result = this.(BinaryArithmeticOperation).getAnOperand()
+    or
+    result = this.(UnaryArithmeticOperation).getOperand()
+  }
+}
+
+/**
+ * A binary arithmetic operation, such as:
+ * ```
+ * a + b
+ * ```
+ */
+class BinaryArithmeticOperation extends BinaryExpr {
+  BinaryArithmeticOperation() {
+    this instanceof AddExpr or
+    this instanceof SubExpr or
+    this instanceof MulExpr or
+    this instanceof DivExpr or
+    this instanceof RemExpr
+  }
+}
+
+/**
+ * An add expression.
+ * ```
+ * a + b
+ * ```
+ */
+class AddExpr extends BinaryExpr {
+  AddExpr() { this.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = "+(_:_:)" }
+}
+
+/**
+ * A subtract expression.
+ * ```
+ * a - b
+ * ```
+ */
+class SubExpr extends BinaryExpr {
+  SubExpr() { this.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = "-(_:_:)" }
+}
+
+/**
+ * A multiply expression.
+ * ```
+ * a * b
+ * ```
+ */
+class MulExpr extends BinaryExpr {
+  MulExpr() { this.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = "*(_:_:)" }
+}
+
+/**
+ * A divide expression.
+ * ```
+ * a / b
+ * ```
+ */
+class DivExpr extends BinaryExpr {
+  DivExpr() { this.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = "/(_:_:)" }
+}
+
+/**
+ * A remainder expression.
+ * ```
+ * a % b
+ * ```
+ */
+class RemExpr extends BinaryExpr {
+  RemExpr() { this.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = "%(_:_:)" }
+}
+
+/**
+ * A unary arithmetic operation, such as:
+ * ```
+ * -a
+ * ```
+ */
+class UnaryArithmeticOperation extends PrefixUnaryExpr {
+  UnaryArithmeticOperation() { this instanceof UnaryMinusExpr }
+}
+
+/**
+ * A unary minus expression.
+ * ```
+ * -a
+ * ```
+ */
+class UnaryMinusExpr extends PrefixUnaryExpr {
+  UnaryMinusExpr() { this.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = "-(_:)" }
+}

swift/ql/lib/codeql/swift/elements/expr/LogicalOperation.qll

@@ -6,31 +6,19 @@ private import codeql.swift.elements.expr.DeclRefExpr
 private import codeql.swift.elements.decl.ConcreteFuncDecl
 
 private predicate unaryHasName(PrefixUnaryExpr e, string name) {
-  e.getFunction()
-      .(DotSyntaxCallExpr)
-      .getFunction()
-      .(DeclRefExpr)
-      .getDecl()
-      .(ConcreteFuncDecl)
-      .getName() = name
+  e.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = name
 }
 
 private predicate binaryHasName(BinaryExpr e, string name) {
-  e.getFunction()
-      .(DotSyntaxCallExpr)
-      .getFunction()
-      .(DeclRefExpr)
-      .getDecl()
-      .(ConcreteFuncDecl)
-      .getName() = name
+  e.getFunction().(DotSyntaxCallExpr).getStaticTarget().getName() = name
 }
 
 class LogicalAndExpr extends BinaryExpr {
-  LogicalAndExpr() { binaryHasName(this, "&&") }
+  LogicalAndExpr() { binaryHasName(this, "&&(_:_:)") }
 }
 
 class LogicalOrExpr extends BinaryExpr {
-  LogicalOrExpr() { binaryHasName(this, "||") }
+  LogicalOrExpr() { binaryHasName(this, "||(_:_:)") }
 }
 
 class BinaryLogicalOperation extends BinaryExpr {
@@ -41,7 +29,7 @@ class BinaryLogicalOperation extends BinaryExpr {
 }
 
 class NotExpr extends PrefixUnaryExpr {
-  NotExpr() { unaryHasName(this, "!") }
+  NotExpr() { unaryHasName(this, "!(_:)") }
 }
 
 class UnaryLogicalOperation extends PrefixUnaryExpr {

swift/ql/lib/swift.qll

@@ -1,5 +1,6 @@
 /** Top-level import for the Swift language pack */
 
 import codeql.swift.elements
+import codeql.swift.elements.expr.ArithmeticOperation
 import codeql.swift.elements.expr.LogicalOperation
 import codeql.swift.elements.decl.MethodDecl

swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql

@@ -63,8 +63,8 @@ class StringLengthConflationConfiguration extends DataFlow::Configuration {
       c.getAMember() = f and // TODO: will this even work if its defined in a parent class?
       call.getFunction().(ApplyExpr).getStaticTarget() = f and
       f.getName() = methodName and
-      f.getParam(arg).getName() = paramName and
-      call.getArgument(arg).getExpr() = node.asExpr() and
+      f.getParam(pragma[only_bind_into](arg)).getName() = paramName and
+      call.getArgument(pragma[only_bind_into](arg)).getExpr() = node.asExpr() and
       flowstate = "String" // `String` length flowing into `NSString`
     )
     or
@@ -74,8 +74,8 @@ class StringLengthConflationConfiguration extends DataFlow::Configuration {
       funcName = "NSMakeRange(_:_:)" and
       paramName = ["loc", "len"] and
       call.getStaticTarget().getName() = funcName and
-      call.getStaticTarget().getParam(arg).getName() = paramName and
-      call.getArgument(arg).getExpr() = node.asExpr() and
+      call.getStaticTarget().getParam(pragma[only_bind_into](arg)).getName() = paramName and
+      call.getArgument(pragma[only_bind_into](arg)).getExpr() = node.asExpr() and
       flowstate = "String" // `String` length flowing into `NSString`
     )
   }

swift/ql/test/extractor-tests/generated/type/InOutType/in_out.swift

@@ -8,5 +8,5 @@ struct S {
   mutating func bar() {}
 }
 
-var s: S
+var s: S = S()
 s.bar()

swift/ql/test/library-tests/controlflow/graph/Cfg.expected

@@ -414,7 +414,13 @@ cfg.swift:
 #   51| enter createClosure2(x:)
 #-----|  -> createClosure2(x:)
 
+#   51| exit createClosure2(x:)
+
+#   51| exit createClosure2(x:) (normal)
+#-----|  -> exit createClosure2(x:)
+
 #   51| x
+#-----|  -> f(y:)
 
 #   52| enter f(y:)
 #-----|  -> f(y:)
@@ -424,6 +430,9 @@ cfg.swift:
 #   52| exit f(y:) (normal)
 #-----|  -> exit f(y:)
 
+#   52| f(y:)
+#-----|  -> f(y:)
+
 #   52| f(y:)
 #-----|  -> y
 
@@ -451,6 +460,12 @@ cfg.swift:
 #   53| y
 #-----|  -> ... call to +(_:_:) ...
 
+#   55| return ...
+#-----| return -> exit createClosure2(x:) (normal)
+
+#   55| f(y:)
+#-----|  -> return ...
+
 #   58| createClosure3(x:)
 #-----|  -> x
 
@@ -722,6 +737,11 @@ cfg.swift:
 #   81| enter testInOut()
 #-----|  -> testInOut()
 
+#   81| exit testInOut()
+
+#   81| exit testInOut() (normal)
+#-----|  -> exit testInOut()
+
 #   81| testInOut()
 #-----|  -> temp
 
@@ -732,10 +752,14 @@ cfg.swift:
 #-----| match -> 10
 
 #   82| temp
+#-----|  -> add(a:)
 
 #   82| 10
 #-----|  -> var ... = ...
 
+#   84| add(a:)
+#-----|  -> addOptional(a:)
+
 #   84| add(a:)
 #-----|  -> a
 
@@ -777,6 +801,9 @@ cfg.swift:
 #   85| 1
 #-----|  -> ... call to +(_:_:) ...
 
+#   88| addOptional(a:)
+#-----|  -> add(a:)
+
 #   88| addOptional(a:)
 #-----|  -> a
 
@@ -800,6 +827,78 @@ cfg.swift:
 #   89| nil
 #-----|  ->  ... = ...
 
+#   92| add(a:)
+#-----|  -> temp
+
+#   92| call to add(a:)
+#-----|  -> tempOptional
+
+#   92| &...
+#-----|  -> call to add(a:)
+
+#   92| temp
+#-----|  -> &...
+
+#   93| var ... = ...
+#-----|  -> tempOptional
+
+#   93| tempOptional
+#-----| match -> ... as ...
+
+#   93| tempOptional
+#-----|  -> addOptional(a:)
+
+#   93| ... as ...
+#-----| match -> 10
+
+#   93| (Int?) ...
+#-----|  -> var ... = ...
+
+#   93| 10
+#-----|  -> (Int?) ...
+
+#   94| addOptional(a:)
+#-----|  -> tempOptional
+
+#   94| call to addOptional(a:)
+#-----|  -> +(_:_:)
+
+#   94| &...
+#-----|  -> call to addOptional(a:)
+
+#   94| tempOptional
+#-----|  -> &...
+
+#   95| return ...
+#-----| return -> exit testInOut() (normal)
+
+#   95| (Int) ...
+#-----|  -> tempOptional
+
+#   95| temp
+#-----|  -> (Int) ...
+
+#   95| ... call to +(_:_:) ...
+#-----|  -> return ...
+
+#   95| +(_:_:)
+#-----|  -> Int.Type
+
+#   95| Int.Type
+#-----|  -> call to +(_:_:)
+
+#   95| call to +(_:_:)
+#-----|  -> temp
+
+#   95| (Int?) ...
+#-----|  -> ...!
+
+#   95| tempOptional
+#-----|  -> (Int?) ...
+
+#   95| ...!
+#-----|  -> ... call to +(_:_:) ...
+
 #   98| deinit
 #-----|  -> { ... }
 
@@ -1670,11 +1769,17 @@ cfg.swift:
 #-----|  -> 2
 
 #  185| ... call to <=(_:_:) ...
-#-----|  -> { ... }
+#-----| false -> [false] ... call to &&(_:_:) ...
+#-----| true -> { ... }
 
 #  185| ... call to &&(_:_:) ...
 #-----| exception -> exit m1(x:) (normal)
-#-----|  -> { ... }
+#-----| false -> [false] ... call to &&(_:_:) ...
+#-----| true -> { ... }
+
+#  185| [false] ... call to &&(_:_:) ...
+#-----| exception -> exit m1(x:) (normal)
+#-----| false -> [false] ... call to &&(_:_:) ...
 
 #  185| ... call to &&(_:_:) ...
 #-----| exception -> exit m1(x:) (normal)
@@ -1682,7 +1787,11 @@ cfg.swift:
 #-----| false -> print(_:separator:terminator:)
 
 #  185| StmtCondition
-#-----|  -> &&(_:_:)
+#-----|  -> <=(_:_:)
+
+#  185| [false] ... call to &&(_:_:) ...
+#-----| exception -> exit m1(x:) (normal)
+#-----| false -> print(_:separator:terminator:)
 
 #  185| <=(_:_:)
 #-----|  -> Int.Type
@@ -1696,29 +1805,59 @@ cfg.swift:
 #  185| 2
 #-----|  -> ... call to <=(_:_:) ...
 
-#  185| &&(_:_:)
-#-----|  -> Bool.Type
+#  185| x
+#-----|  -> 0
 
-#  185| Bool.Type
-#-----|  -> call to &&(_:_:)
+#  185| ... call to >(_:_:) ...
+#-----|  -> return ...
 
-#  185| call to &&(_:_:)
-#-----|  -> <=(_:_:)
-
-#  185| { ... }
+#  185| return ...
 #-----|  -> ... call to &&(_:_:) ...
 
-#  185| &&(_:_:)
-#-----|  -> Bool.Type
+#  185| { ... }
+#-----|  -> >(_:_:)
 
-#  185| Bool.Type
-#-----|  -> call to &&(_:_:)
+#  185| >(_:_:)
+#-----|  -> Int.Type
 
-#  185| call to &&(_:_:)
-#-----|  -> &&(_:_:)
+#  185| Int.Type
+#-----|  -> call to >(_:_:)
+
+#  185| call to >(_:_:)
+#-----|  -> x
+
+#  185| 0
+#-----|  -> ... call to >(_:_:) ...
+
+#  185| call to ...
+#-----|  -> return ...
+
+#  185| return ...
+#-----|  -> ... call to &&(_:_:) ...
 
 #  185| { ... }
-#-----|  -> ... call to &&(_:_:) ...
+#-----|  -> ==(_:_:)
+
+#  185| (...)
+#-----|  -> call to ...
+
+#  185| x
+#-----|  -> 5
+
+#  185| ... call to ==(_:_:) ...
+#-----|  -> (...)
+
+#  185| ==(_:_:)
+#-----|  -> Int.Type
+
+#  185| Int.Type
+#-----|  -> call to ==(_:_:)
+
+#  185| call to ==(_:_:)
+#-----|  -> x
+
+#  185| 5
+#-----|  -> ... call to ==(_:_:) ...
 
 #  186| print(_:separator:terminator:)
 #-----|  -> x is 1
@@ -2058,48 +2197,14 @@ cfg.swift:
 #  224| if ... then { ... }
 #-----|  -> StmtCondition
 
-#  224| !(_:)
-#-----|  -> Bool.Type
-
-#  224| Bool.Type
-#-----|  -> call to !(_:)
-
-#  224| call to !(_:)
+#  224| StmtCondition
 #-----|  -> true
 
-#  224| StmtCondition
-#-----|  -> !(_:)
-
-#  224| call to ...
+#  224| [false] call to ...
 #-----| false -> exit constant_condition() (normal)
-#-----| true -> print(_:separator:terminator:)
 
 #  224| true
-#-----|  -> call to ...
-
-#  225| print(_:separator:terminator:)
-#-----|  -> Impossible
-
-#  225| call to print(_:separator:terminator:)
-#-----|  -> exit constant_condition() (normal)
-
-#  225| default separator
-#-----|  -> default terminator
-
-#  225| default terminator
-#-----|  -> call to print(_:separator:terminator:)
-
-#  225| (Any) ...
-#-----|  -> [...]
-
-#  225| Impossible
-#-----|  -> (Any) ...
-
-#  225| [...]
-#-----|  -> default separator
-
-#  225| [...]
-#-----|  -> [...]
+#-----| true -> [false] call to ...
 
 #  229| empty_else(b:)
 #-----|  -> b
@@ -2197,7 +2302,7 @@ cfg.swift:
 #-----|  -> StmtCondition
 
 #  238| StmtCondition
-#-----|  -> ||(_:_:)
+#-----|  -> b1
 
 #  238| [false] (...)
 #-----| false -> exit disjunct(b1:b2:) (normal)
@@ -2206,24 +2311,26 @@ cfg.swift:
 #-----| true -> print(_:separator:terminator:)
 
 #  238| b1
-#-----|  -> { ... }
+#-----| true -> [true] ... call to ||(_:_:) ...
+#-----| false -> { ... }
 
 #  238| ... call to ||(_:_:) ...
 #-----| exception -> exit disjunct(b1:b2:) (normal)
 #-----| false -> [false] (...)
 #-----| true -> [true] (...)
 
-#  238| Bool.Type
-#-----|  -> call to ||(_:_:)
+#  238| [true] ... call to ||(_:_:) ...
+#-----| exception -> exit disjunct(b1:b2:) (normal)
+#-----| true -> [true] (...)
 
-#  238| call to ||(_:_:)
-#-----|  -> b1
+#  238| b2
+#-----|  -> return ...
 
-#  238| ||(_:_:)
-#-----|  -> Bool.Type
+#  238| return ...
+#-----|  -> ... call to ||(_:_:) ...
 
 #  238| { ... }
-#-----|  -> ... call to ||(_:_:) ...
+#-----|  -> b2
 
 #  239| print(_:separator:terminator:)
 #-----|  -> b1 or b2
@@ -5131,292 +5238,468 @@ cfg.swift:
 #  405| y
 #-----|  -> (...)
 
-#  409| (unnamed function decl)
+#  408| enter localDeclarations()
+#-----|  -> localDeclarations()
 
-#  409| enter (unnamed function decl)
+#  408| exit localDeclarations()
+
+#  408| exit localDeclarations() (normal)
+#-----|  -> exit localDeclarations()
+
+#  408| localDeclarations()
+#-----|  -> MyLocalClass
+
+#  409| MyLocalClass
+#-----|  -> MyLocalStruct
+
+#  409| deinit
+#-----|  -> { ... }
+
+#  409| enter deinit
+#-----|  -> deinit
+
+#  409| exit deinit
+
+#  409| exit deinit (normal)
+#-----|  -> exit deinit
+
+#  409| { ... }
+#-----|  -> exit deinit (normal)
+
+#  410| (unnamed function decl)
+
+#  410| enter (unnamed function decl)
 #-----|  -> (unnamed function decl)
 
-#  409| enter get
+#  410| enter get
 #-----|  -> get
 
-#  409| enter set
+#  410| enter set
 #-----|  -> set
 
-#  409| exit (unnamed function decl)
+#  410| exit (unnamed function decl)
 
-#  409| exit (unnamed function decl) (normal)
+#  410| exit (unnamed function decl) (normal)
 #-----|  -> exit (unnamed function decl)
 
-#  409| exit get
+#  410| exit get
 
-#  409| exit get (normal)
+#  410| exit get (normal)
 #-----|  -> exit get
 
-#  409| exit set
+#  410| exit set
 
-#  409| exit set (normal)
+#  410| exit set (normal)
 #-----|  -> exit set
 
-#  409| get
+#  410| get
 
-#  409| set
+#  410| set
 #-----|  -> value
 
-#  409| value
+#  410| value
 
-#  409| yield ...
+#  410| yield ...
 #-----|  -> exit (unnamed function decl) (normal)
 
-#  413| (unnamed function decl)
+#  411| enter init
+#-----|  -> init
 
-#  413| enter (unnamed function decl)
+#  411| exit init
+
+#  411| exit init (normal)
+#-----|  -> exit init
+
+#  411| init
+#-----|  -> self
+
+#  412| .x
+#-----|  -> 10
+
+#  412| self
+#-----|  -> .x
+
+#  412|  ... = ...
+#-----|  -> return
+
+#  412| 10
+#-----|  ->  ... = ...
+
+#  413| return
+#-----| return -> exit init (normal)
+
+#  416| MyLocalStruct
+#-----|  -> MyLocalEnum
+
+#  417| (unnamed function decl)
+
+#  417| enter (unnamed function decl)
 #-----|  -> (unnamed function decl)
 
-#  413| enter get
+#  417| enter get
 #-----|  -> get
 
-#  413| enter set
+#  417| enter set
 #-----|  -> set
 
-#  413| exit (unnamed function decl)
+#  417| exit (unnamed function decl)
 
-#  413| exit (unnamed function decl) (normal)
+#  417| exit (unnamed function decl) (normal)
 #-----|  -> exit (unnamed function decl)
 
-#  413| exit get
+#  417| exit get
 
-#  413| exit get (normal)
+#  417| exit get (normal)
 #-----|  -> exit get
 
-#  413| exit set
+#  417| exit set
 
-#  413| exit set (normal)
+#  417| exit set (normal)
 #-----|  -> exit set
 
-#  413| get
+#  417| get
 
-#  413| set
+#  417| set
 #-----|  -> value
 
-#  413| value
+#  417| value
 
-#  413| yield ...
+#  417| yield ...
 #-----|  -> exit (unnamed function decl) (normal)
 
-#  414| (unnamed function decl)
+#  418| enter init
+#-----|  -> init
 
-#  414| enter (unnamed function decl)
+#  418| exit init
+
+#  418| exit init (normal)
+#-----|  -> exit init
+
+#  418| init
+#-----|  -> self
+
+#  419| .x
+#-----|  -> 10
+
+#  419| self
+#-----|  -> .x
+
+#  419|  ... = ...
+#-----|  -> return
+
+#  419| 10
+#-----|  ->  ... = ...
+
+#  420| return
+#-----| return -> exit init (normal)
+
+#  423| MyLocalEnum
+#-----|  -> myLocalVar
+
+#  428| var ... = ...
+#-----|  -> myLocalVar
+
+#  428| myLocalVar
+#-----| match -> ... as ...
+
+#  428| myLocalVar
+#-----|  -> 0
+
+#  428| ... as ...
+#-----| match -> var ... = ...
+
+#  442| return ...
+#-----| return -> exit localDeclarations() (normal)
+
+#  442| 0
+#-----|  -> return ...
+
+#  446| (unnamed function decl)
+
+#  446| enter (unnamed function decl)
 #-----|  -> (unnamed function decl)
 
-#  414| enter get
+#  446| enter get
 #-----|  -> get
 
-#  414| enter set
+#  446| enter set
 #-----|  -> set
 
-#  414| exit (unnamed function decl)
+#  446| exit (unnamed function decl)
 
-#  414| exit (unnamed function decl) (normal)
+#  446| exit (unnamed function decl) (normal)
 #-----|  -> exit (unnamed function decl)
 
-#  414| exit get
+#  446| exit get
 
-#  414| exit get (normal)
+#  446| exit get (normal)
 #-----|  -> exit get
 
-#  414| exit set
+#  446| exit set
 
-#  414| exit set (normal)
+#  446| exit set (normal)
 #-----|  -> exit set
 
-#  414| get
+#  446| get
 
-#  414| set
+#  446| set
 #-----|  -> value
 
-#  414| value
+#  446| value
 
-#  414| yield ...
+#  446| yield ...
 #-----|  -> exit (unnamed function decl) (normal)
 
-#  415| (unnamed function decl)
+#  450| (unnamed function decl)
 
-#  415| enter (unnamed function decl)
+#  450| enter (unnamed function decl)
 #-----|  -> (unnamed function decl)
 
-#  415| enter get
+#  450| enter get
 #-----|  -> get
 
-#  415| enter set
+#  450| enter set
 #-----|  -> set
 
-#  415| exit (unnamed function decl)
+#  450| exit (unnamed function decl)
 
-#  415| exit (unnamed function decl) (normal)
+#  450| exit (unnamed function decl) (normal)
 #-----|  -> exit (unnamed function decl)
 
-#  415| exit get
+#  450| exit get
 
-#  415| exit get (normal)
+#  450| exit get (normal)
 #-----|  -> exit get
 
-#  415| exit set
+#  450| exit set
 
-#  415| exit set (normal)
+#  450| exit set (normal)
 #-----|  -> exit set
 
-#  415| get
+#  450| get
 
-#  415| set
+#  450| set
 #-----|  -> value
 
-#  415| value
+#  450| value
 
-#  415| yield ...
+#  450| yield ...
 #-----|  -> exit (unnamed function decl) (normal)
 
-#  418| enter test(a:)
+#  451| (unnamed function decl)
+
+#  451| enter (unnamed function decl)
+#-----|  -> (unnamed function decl)
+
+#  451| enter get
+#-----|  -> get
+
+#  451| enter set
+#-----|  -> set
+
+#  451| exit (unnamed function decl)
+
+#  451| exit (unnamed function decl) (normal)
+#-----|  -> exit (unnamed function decl)
+
+#  451| exit get
+
+#  451| exit get (normal)
+#-----|  -> exit get
+
+#  451| exit set
+
+#  451| exit set (normal)
+#-----|  -> exit set
+
+#  451| get
+
+#  451| set
+#-----|  -> value
+
+#  451| value
+
+#  451| yield ...
+#-----|  -> exit (unnamed function decl) (normal)
+
+#  452| (unnamed function decl)
+
+#  452| enter (unnamed function decl)
+#-----|  -> (unnamed function decl)
+
+#  452| enter get
+#-----|  -> get
+
+#  452| enter set
+#-----|  -> set
+
+#  452| exit (unnamed function decl)
+
+#  452| exit (unnamed function decl) (normal)
+#-----|  -> exit (unnamed function decl)
+
+#  452| exit get
+
+#  452| exit get (normal)
+#-----|  -> exit get
+
+#  452| exit set
+
+#  452| exit set (normal)
+#-----|  -> exit set
+
+#  452| get
+
+#  452| set
+#-----|  -> value
+
+#  452| value
+
+#  452| yield ...
+#-----|  -> exit (unnamed function decl) (normal)
+
+#  455| enter test(a:)
 #-----|  -> test(a:)
 
-#  418| exit test(a:)
+#  455| exit test(a:)
 
-#  418| exit test(a:) (normal)
+#  455| exit test(a:) (normal)
 #-----|  -> exit test(a:)
 
-#  418| test(a:)
+#  455| test(a:)
 #-----|  -> a
 
-#  418| a
+#  455| a
 #-----|  -> kpGet_b_x
 
-#  419| var ... = ...
+#  456| var ... = ...
 #-----|  -> kpGet_b_x
 
-#  419| kpGet_b_x
+#  456| kpGet_b_x
 #-----| match -> #keyPath(...)
 
-#  419| kpGet_b_x
+#  456| kpGet_b_x
 #-----|  -> kpGet_bs_0_x
 
-#  419| #keyPath(...)
+#  456| #keyPath(...)
 #-----|  -> var ... = ...
 
-#  420| var ... = ...
+#  457| var ... = ...
 #-----|  -> kpGet_bs_0_x
 
-#  420| kpGet_bs_0_x
+#  457| kpGet_bs_0_x
 #-----| match -> #keyPath(...)
 
-#  420| kpGet_bs_0_x
+#  457| kpGet_bs_0_x
 #-----|  -> kpGet_mayB_force_x
 
-#  420| #keyPath(...)
+#  457| #keyPath(...)
 #-----|  -> var ... = ...
 
-#  421| var ... = ...
+#  458| var ... = ...
 #-----|  -> kpGet_mayB_force_x
 
-#  421| kpGet_mayB_force_x
+#  458| kpGet_mayB_force_x
 #-----| match -> #keyPath(...)
 
-#  421| kpGet_mayB_force_x
+#  458| kpGet_mayB_force_x
 #-----|  -> kpGet_mayB_x
 
-#  421| #keyPath(...)
+#  458| #keyPath(...)
 #-----|  -> var ... = ...
 
-#  422| var ... = ...
+#  459| var ... = ...
 #-----|  -> kpGet_mayB_x
 
-#  422| kpGet_mayB_x
+#  459| kpGet_mayB_x
 #-----| match -> #keyPath(...)
 
-#  422| kpGet_mayB_x
+#  459| kpGet_mayB_x
 #-----|  -> apply_kpGet_b_x
 
-#  422| #keyPath(...)
+#  459| #keyPath(...)
 #-----|  -> var ... = ...
 
-#  424| var ... = ...
+#  461| var ... = ...
 #-----|  -> apply_kpGet_b_x
 
-#  424| apply_kpGet_b_x
+#  461| apply_kpGet_b_x
 #-----| match -> a
 
-#  424| apply_kpGet_b_x
+#  461| apply_kpGet_b_x
 #-----|  -> apply_kpGet_bs_0_x
 
-#  424| a
+#  461| a
 #-----|  -> kpGet_b_x
 
-#  424| \...[...]
+#  461| \...[...]
 #-----|  -> var ... = ...
 
-#  424| (WritableKeyPath<A, Int>) ...
+#  461| (WritableKeyPath<A, Int>) ...
 #-----|  -> \...[...]
 
-#  424| kpGet_b_x
+#  461| kpGet_b_x
 #-----|  -> (WritableKeyPath<A, Int>) ...
 
-#  425| var ... = ...
+#  462| var ... = ...
 #-----|  -> apply_kpGet_bs_0_x
 
-#  425| apply_kpGet_bs_0_x
+#  462| apply_kpGet_bs_0_x
 #-----| match -> a
 
-#  425| apply_kpGet_bs_0_x
+#  462| apply_kpGet_bs_0_x
 #-----|  -> apply_kpGet_mayB_force_x
 
-#  425| a
+#  462| a
 #-----|  -> kpGet_bs_0_x
 
-#  425| \...[...]
+#  462| \...[...]
 #-----|  -> var ... = ...
 
-#  425| (WritableKeyPath<A, Int>) ...
+#  462| (WritableKeyPath<A, Int>) ...
 #-----|  -> \...[...]
 
-#  425| kpGet_bs_0_x
+#  462| kpGet_bs_0_x
 #-----|  -> (WritableKeyPath<A, Int>) ...
 
-#  426| var ... = ...
+#  463| var ... = ...
 #-----|  -> apply_kpGet_mayB_force_x
 
-#  426| apply_kpGet_mayB_force_x
+#  463| apply_kpGet_mayB_force_x
 #-----| match -> a
 
-#  426| apply_kpGet_mayB_force_x
+#  463| apply_kpGet_mayB_force_x
 #-----|  -> apply_kpGet_mayB_x
 
-#  426| a
+#  463| a
 #-----|  -> kpGet_mayB_force_x
 
-#  426| \...[...]
+#  463| \...[...]
 #-----|  -> var ... = ...
 
-#  426| (WritableKeyPath<A, Int>) ...
+#  463| (WritableKeyPath<A, Int>) ...
 #-----|  -> \...[...]
 
-#  426| kpGet_mayB_force_x
+#  463| kpGet_mayB_force_x
 #-----|  -> (WritableKeyPath<A, Int>) ...
 
-#  427| var ... = ...
+#  464| var ... = ...
 #-----|  -> apply_kpGet_mayB_x
 
-#  427| apply_kpGet_mayB_x
+#  464| apply_kpGet_mayB_x
 #-----| match -> a
 
-#  427| apply_kpGet_mayB_x
+#  464| apply_kpGet_mayB_x
 #-----|  -> exit test(a:) (normal)
 
-#  427| a
+#  464| a
 #-----|  -> kpGet_mayB_x
 
-#  427| \...[...]
+#  464| \...[...]
 #-----|  -> var ... = ...
 
-#  427| (KeyPath<A, Int?>) ...
+#  464| (KeyPath<A, Int?>) ...
 #-----|  -> \...[...]
 
-#  427| kpGet_mayB_x
+#  464| kpGet_mayB_x
 #-----|  -> (KeyPath<A, Int?>) ...

swift/ql/test/library-tests/controlflow/graph/cfg.swift

@@ -405,6 +405,43 @@ func dictionaryLiteral(x: Int, y: Int) -> [String: Int] {
   return ["x": x, "y": y]
 }
 
+func localDeclarations() -> Int {
+  class MyLocalClass {
+    var x: Int
+    init() {
+      x = 10
+    }
+  }
+
+  struct MyLocalStruct {
+    var x: Int
+    init() {
+      x = 10
+    }
+  }
+
+  enum MyLocalEnum {
+    case A
+    case B
+  }
+
+  var myLocalVar : Int;
+
+  // Error: declaration is only valid at file scope
+  // extension Int {
+  //   func myExtensionMethod() -> Int {
+  //     return self
+  //   }
+  // }
+
+  // protocol 'MyProtocol' cannot be nested inside another declaration
+  //   protocol MyProtocol {
+  //     func myMethod()
+  //   }
+
+  return 0
+}
+
 struct B {
   var x : Int
 }

swift/ql/test/library-tests/elements/expr/arithmeticoperation/arithmeticoperation.expected

@@ -0,0 +1,6 @@
+| arithmeticoperation.swift:6:6:6:10 | ... call to +(_:_:) ... | AddExpr, BinaryArithmeticOperation |
+| arithmeticoperation.swift:7:6:7:10 | ... call to -(_:_:) ... | BinaryArithmeticOperation, SubExpr |
+| arithmeticoperation.swift:8:6:8:10 | ... call to *(_:_:) ... | BinaryArithmeticOperation, MulExpr |
+| arithmeticoperation.swift:9:6:9:10 | ... call to /(_:_:) ... | BinaryArithmeticOperation, DivExpr |
+| arithmeticoperation.swift:10:6:10:10 | ... call to %(_:_:) ... | BinaryArithmeticOperation, RemExpr |
+| arithmeticoperation.swift:11:6:11:7 | call to ... | UnaryArithmeticOperation, UnaryMinusExpr |

swift/ql/test/library-tests/elements/expr/arithmeticoperation/arithmeticoperation.ql

@@ -0,0 +1,22 @@
+import swift
+
+string describe(ArithmeticOperation e) {
+  e instanceof BinaryArithmeticOperation and result = "BinaryArithmeticOperation"
+  or
+  e instanceof AddExpr and result = "AddExpr"
+  or
+  e instanceof SubExpr and result = "SubExpr"
+  or
+  e instanceof MulExpr and result = "MulExpr"
+  or
+  e instanceof DivExpr and result = "DivExpr"
+  or
+  e instanceof RemExpr and result = "RemExpr"
+  or
+  e instanceof UnaryArithmeticOperation and result = "UnaryArithmeticOperation"
+  or
+  e instanceof UnaryMinusExpr and result = "UnaryMinusExpr"
+}
+
+from ArithmeticOperation e
+select e, concat(describe(e), ", ")

swift/ql/test/library-tests/elements/expr/arithmeticoperation/arithmeticoperation.swift

@@ -0,0 +1,12 @@
+
+func test(c: Bool, x: Int, y: Int, z: Int) {
+	var v = 0
+
+	// arithmetic operations
+	v = x + y;
+	v = x - 1;
+	v = 2 * y;
+	v = 3 / 4;
+	v = x % y;
+	v = -x;
+}

swift/ql/test/library-tests/elements/expr/logicaloperation/logicaloperation.expected

@@ -0,0 +1,6 @@
+| logicaloperation.swift:4:6:4:11 | ... call to &&(_:_:) ... | BinaryLogicalExpr, LogicalAndExpr |
+| logicaloperation.swift:5:6:5:11 | ... call to \|\|(_:_:) ... | BinaryLogicalExpr, LogicalOrExpr |
+| logicaloperation.swift:6:6:6:7 | call to ... | NotExpr, UnaryLogicalOperation |
+| logicaloperation.swift:7:6:7:21 | call to ... | NotExpr, UnaryLogicalOperation |
+| logicaloperation.swift:7:8:7:20 | ... call to \|\|(_:_:) ... | BinaryLogicalExpr, LogicalOrExpr |
+| logicaloperation.swift:7:9:7:14 | ... call to &&(_:_:) ... | BinaryLogicalExpr, LogicalAndExpr |

swift/ql/test/library-tests/elements/expr/logicaloperation/logicaloperation.ql

@@ -0,0 +1,16 @@
+import swift
+
+string describe(LogicalOperation e) {
+  e instanceof BinaryLogicalOperation and result = "BinaryLogicalExpr"
+  or
+  e instanceof LogicalAndExpr and result = "LogicalAndExpr"
+  or
+  e instanceof LogicalOrExpr and result = "LogicalOrExpr"
+  or
+  e instanceof UnaryLogicalOperation and result = "UnaryLogicalOperation"
+  or
+  e instanceof NotExpr and result = "NotExpr"
+}
+
+from LogicalOperation e
+select e, concat(describe(e), ", ")

swift/ql/test/library-tests/elements/expr/logicaloperation/logicaloperation.swift

@@ -0,0 +1,8 @@
+
+func test(a: Bool, b: Bool, c: Bool) {
+	// logical operations
+	if (a && b) {}
+	if (a || b) {}
+	if (!a) {}
+	if (!((a && b) || c)) {}
+}