Merge branch 'main' into java/update-mad-decls-after-triage-2023-06-08T08-51-47

2025-12-17 01:03:14 +01:00 · 2023-06-08 12:00:07 +02:00
parent bda938c544 cc45db7c76
commit c6f10519fa
247 changed files with 2303 additions and 2701 deletions
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -11,7 +11,7 @@ Go:
  - change-notes/**/*go.*

 Java:
-  - any: [ 'java/**/*', '!java/kotlin-extractor/**/*', '!java/kotlin-explorer/**/*', '!java/ql/test/kotlin/**/*' ]
+  - any: [ 'java/**/*', '!java/kotlin-extractor/**/*', '!java/ql/test/kotlin/**/*' ]
  - change-notes/**/*java.*

 JS:
@@ -20,7 +20,6 @@ JS:

 Kotlin:
  - java/kotlin-extractor/**/*
-  - java/kotlin-explorer/**/*
  - java/ql/test/kotlin/**/*

 Python:
--- a/1
+++ b/1
@@ -8,7 +8,6 @@
 /swift/ @github/codeql-swift
 /misc/codegen/ @github/codeql-swift
 /java/kotlin-extractor/ @github/codeql-kotlin
-/java/kotlin-explorer/ @github/codeql-kotlin

 # ML-powered queries
 /javascript/ql/experimental/adaptivethreatmodeling/ @github/codeql-ml-powered-queries-reviewers
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll
@@ -210,9 +210,6 @@ class Instruction extends Construction::TStageInstruction {
   */
  final Language::AST getAst() { result = Construction::getInstructionAst(this) }

-  /** DEPRECATED: Alias for getAst */
-  deprecated Language::AST getAST() { result = this.getAst() }
-
  /**
   * Gets the location of the source code for this instruction.
   */
@@ -463,9 +460,6 @@ class VariableInstruction extends Instruction {
   * Gets the AST variable that this instruction's IR variable refers to, if one exists.
   */
  final Language::Variable getAstVariable() { result = var.(IRUserVariable).getVariable() }
-
-  /** DEPRECATED: Alias for getAstVariable */
-  deprecated Language::Variable getASTVariable() { result = this.getAstVariable() }
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll
@@ -422,12 +422,6 @@ private module Cached {
    )
  }

-  /** DEPRECATED: Alias for getInstructionAst */
-  cached
-  deprecated Language::AST getInstructionAST(Instruction instr) {
-    result = getInstructionAst(instr)
-  }
-
  cached
  Language::LanguageType getInstructionResultType(Instruction instr) {
    result = instr.(RawIR::Instruction).getResultLanguageType()
@@ -993,9 +987,6 @@ predicate canReuseSsaForMemoryResult(Instruction instruction) {
  // We don't support reusing SSA for any location that could create a `Chi` instruction.
 }

-/** DEPRECATED: Alias for canReuseSsaForMemoryResult */
-deprecated predicate canReuseSSAForMemoryResult = canReuseSsaForMemoryResult/1;
-
 /**
 * Expose some of the internal predicates to PrintSSA.qll. We do this by publicly importing those modules in the
 * `DebugSsa` module, which is then imported by PrintSSA.
@@ -1005,9 +996,6 @@ module DebugSsa {
  import DefUse
 }

-/** DEPRECATED: Alias for DebugSsa */
-deprecated module DebugSSA = DebugSsa;
-
 import CachedForDebugging

 cached
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll
@@ -73,9 +73,6 @@ module UnaliasedSsaInstructions {
  }
 }

-/** DEPRECATED: Alias for UnaliasedSsaInstructions */
-deprecated module UnaliasedSSAInstructions = UnaliasedSsaInstructions;
-
 /**
 * Provides wrappers for the constructors of each branch of `TInstruction` that is used by the
 * aliased SSA stage.
@@ -107,6 +104,3 @@ module AliasedSsaInstructions {
    result = TAliasedSsaUnreachedInstruction(irFunc)
  }
 }
-
-/** DEPRECATED: Alias for AliasedSsaInstructions */
-deprecated module AliasedSSAInstructions = AliasedSsaInstructions;
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll
@@ -210,9 +210,6 @@ class Instruction extends Construction::TStageInstruction {
   */
  final Language::AST getAst() { result = Construction::getInstructionAst(this) }

-  /** DEPRECATED: Alias for getAst */
-  deprecated Language::AST getAST() { result = this.getAst() }
-
  /**
   * Gets the location of the source code for this instruction.
   */
@@ -463,9 +460,6 @@ class VariableInstruction extends Instruction {
   * Gets the AST variable that this instruction's IR variable refers to, if one exists.
   */
  final Language::Variable getAstVariable() { result = var.(IRUserVariable).getVariable() }
-
-  /** DEPRECATED: Alias for getAstVariable */
-  deprecated Language::Variable getASTVariable() { result = this.getAstVariable() }
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll
@@ -210,9 +210,6 @@ class Instruction extends Construction::TStageInstruction {
   */
  final Language::AST getAst() { result = Construction::getInstructionAst(this) }

-  /** DEPRECATED: Alias for getAst */
-  deprecated Language::AST getAST() { result = this.getAst() }
-
  /**
   * Gets the location of the source code for this instruction.
   */
@@ -463,9 +460,6 @@ class VariableInstruction extends Instruction {
   * Gets the AST variable that this instruction's IR variable refers to, if one exists.
   */
  final Language::Variable getAstVariable() { result = var.(IRUserVariable).getVariable() }
-
-  /** DEPRECATED: Alias for getAstVariable */
-  deprecated Language::Variable getASTVariable() { result = this.getAstVariable() }
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
@@ -422,12 +422,6 @@ private module Cached {
    )
  }

-  /** DEPRECATED: Alias for getInstructionAst */
-  cached
-  deprecated Language::AST getInstructionAST(Instruction instr) {
-    result = getInstructionAst(instr)
-  }
-
  cached
  Language::LanguageType getInstructionResultType(Instruction instr) {
    result = instr.(RawIR::Instruction).getResultLanguageType()
@@ -993,9 +987,6 @@ predicate canReuseSsaForMemoryResult(Instruction instruction) {
  // We don't support reusing SSA for any location that could create a `Chi` instruction.
 }

-/** DEPRECATED: Alias for canReuseSsaForMemoryResult */
-deprecated predicate canReuseSSAForMemoryResult = canReuseSsaForMemoryResult/1;
-
 /**
 * Expose some of the internal predicates to PrintSSA.qll. We do this by publicly importing those modules in the
 * `DebugSsa` module, which is then imported by PrintSSA.
@@ -1005,9 +996,6 @@ module DebugSsa {
  import DefUse
 }

-/** DEPRECATED: Alias for DebugSsa */
-deprecated module DebugSSA = DebugSsa;
-
 import CachedForDebugging

 cached
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll
@@ -46,9 +46,6 @@ predicate canReuseSsaForVariable(IRAutomaticVariable var) {
  not allocationEscapes(var)
 }

-/** DEPRECATED: Alias for canReuseSsaForVariable */
-deprecated predicate canReuseSSAForVariable = canReuseSsaForVariable/1;
-
 private newtype TMemoryLocation = MkMemoryLocation(Allocation var) { isVariableModeled(var) }

 private MemoryLocation getMemoryLocation(Allocation var) { result.getAllocation() = var }
@@ -80,9 +77,6 @@ class MemoryLocation extends TMemoryLocation {

 predicate canReuseSsaForOldResult(Instruction instr) { none() }

-/** DEPRECATED: Alias for canReuseSsaForOldResult */
-deprecated predicate canReuseSSAForOldResult = canReuseSsaForOldResult/1;
-
 /**
 * Represents a set of `MemoryLocation`s that cannot overlap with
 * `MemoryLocation`s outside of the set. The `VirtualVariable` will be
--- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql
@@ -179,6 +179,24 @@ predicate isSinkImpl(
  pointerAddInstructionHasBounds(pai, sink1, sink2, delta)
 }

+/**
+ * Yields any instruction that is control-flow reachable from `instr`.
+ */
+bindingset[instr, result]
+pragma[inline_late]
+Instruction getASuccessor(Instruction instr) {
+  exists(IRBlock b, int instrIndex, int resultIndex |
+    result.getBlock() = b and
+    instr.getBlock() = b and
+    b.getInstruction(instrIndex) = instr and
+    b.getInstruction(resultIndex) = result
+  |
+    resultIndex >= instrIndex
+  )
+  or
+  instr.getBlock().getASuccessor+() = result.getBlock()
+}
+
 /**
 * Holds if `sink` is a sink for `InvalidPointerToDerefConfig` and `i` is a `StoreInstruction` that
 * writes to an address that non-strictly upper-bounds `sink`, or `i` is a `LoadInstruction` that
@@ -186,8 +204,9 @@ predicate isSinkImpl(
 */
 pragma[inline]
 predicate isInvalidPointerDerefSink(DataFlow::Node sink, Instruction i, string operation, int delta) {
-  exists(AddressOperand addr |
-    bounded1(addr.getDef(), sink.asInstruction(), delta) and
+  exists(AddressOperand addr, Instruction s |
+    s = sink.asInstruction() and
+    bounded1(addr.getDef(), s, delta) and
    delta >= 0 and
    i.getAnOperand() = addr
  |
@@ -247,7 +266,8 @@ newtype TMergedPathNode =
  TPathNodeSink(Instruction i) {
    exists(DataFlow::Node n |
      InvalidPointerToDerefFlow::flowTo(n) and
-      isInvalidPointerDerefSink(n, i, _, _)
+      isInvalidPointerDerefSink(n, i, _, _) and
+      i = getASuccessor(n.asInstruction())
    )
  }

@@ -377,15 +397,19 @@ predicate hasFlowPath(
 }

 from
-  MergedPathNode source, MergedPathNode sink, int k2, int k3, string kstr,
-  InvalidPointerToDerefFlow::PathNode source3, PointerArithmeticInstruction pai, string operation,
-  Expr offset, DataFlow::Node n
+  MergedPathNode source, MergedPathNode sink, int k, string kstr, PointerArithmeticInstruction pai,
+  string operation, Expr offset, DataFlow::Node n
 where
-  hasFlowPath(source, sink, source3, pai, operation, k3) and
-  invalidPointerToDerefSource(pai, source3.getNode(), k2) and
+  k =
+    min(int k2, int k3, InvalidPointerToDerefFlow::PathNode source3 |
+      hasFlowPath(source, sink, source3, pai, operation, k3) and
+      invalidPointerToDerefSource(pai, source3.getNode(), k2)
+    |
+      k2 + k3
+    ) and
  offset = pai.getRight().getUnconvertedResultExpression() and
  n = source.asPathNode1().getNode() and
-  if (k2 + k3) = 0 then kstr = "" else kstr = " + " + (k2 + k3)
+  if k = 0 then kstr = "" else kstr = " + " + k
 select sink, source, sink,
  "This " + operation + " might be out of bounds, as the pointer might be equal to $@ + $@" + kstr +
    ".", n, n.toString(), offset, offset.toString()
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/InvalidPointerDeref.expected
@@ -663,8 +663,6 @@ edges
 | test.cpp:326:15:326:23 | ... + ... | test.cpp:342:8:342:17 | * ... |
 | test.cpp:338:8:338:15 | * ... | test.cpp:342:8:342:17 | * ... |
 | test.cpp:341:8:341:17 | * ... | test.cpp:342:8:342:17 | * ... |
-| test.cpp:342:8:342:17 | * ... | test.cpp:333:5:333:21 | Store: ... = ... |
-| test.cpp:342:8:342:17 | * ... | test.cpp:341:5:341:21 | Store: ... = ... |
 | test.cpp:347:14:347:27 | new[] | test.cpp:348:15:348:16 | xs |
 | test.cpp:348:15:348:16 | xs | test.cpp:350:16:350:19 | ... ++ |
 | test.cpp:348:15:348:16 | xs | test.cpp:350:16:350:19 | ... ++ |
@@ -732,6 +730,29 @@ edges
 | test.cpp:368:5:368:10 | ... += ... | test.cpp:372:16:372:16 | p |
 | test.cpp:371:7:371:7 | p | test.cpp:372:15:372:16 | Load: * ... |
 | test.cpp:372:16:372:16 | p | test.cpp:372:15:372:16 | Load: * ... |
+| test.cpp:377:14:377:27 | new[] | test.cpp:378:15:378:16 | xs |
+| test.cpp:378:15:378:16 | xs | test.cpp:378:15:378:23 | ... + ... |
+| test.cpp:378:15:378:16 | xs | test.cpp:378:15:378:23 | ... + ... |
+| test.cpp:378:15:378:16 | xs | test.cpp:378:15:378:23 | ... + ... |
+| test.cpp:378:15:378:16 | xs | test.cpp:378:15:378:23 | ... + ... |
+| test.cpp:378:15:378:16 | xs | test.cpp:381:5:381:7 | end |
+| test.cpp:378:15:378:16 | xs | test.cpp:381:5:381:9 | ... ++ |
+| test.cpp:378:15:378:16 | xs | test.cpp:381:5:381:9 | ... ++ |
+| test.cpp:378:15:378:16 | xs | test.cpp:384:14:384:16 | end |
+| test.cpp:378:15:378:23 | ... + ... | test.cpp:378:15:378:23 | ... + ... |
+| test.cpp:378:15:378:23 | ... + ... | test.cpp:378:15:378:23 | ... + ... |
+| test.cpp:378:15:378:23 | ... + ... | test.cpp:381:5:381:7 | end |
+| test.cpp:378:15:378:23 | ... + ... | test.cpp:381:5:381:7 | end |
+| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | Load: * ... |
+| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | Load: * ... |
+| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | Load: * ... |
+| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | Load: * ... |
+| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:14:384:16 | end |
+| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:14:384:16 | end |
+| test.cpp:381:5:381:7 | end | test.cpp:384:13:384:16 | Load: * ... |
+| test.cpp:381:5:381:9 | ... ++ | test.cpp:384:14:384:16 | end |
+| test.cpp:381:5:381:9 | ... ++ | test.cpp:384:14:384:16 | end |
+| test.cpp:384:14:384:16 | end | test.cpp:384:13:384:16 | Load: * ... |
 nodes
 | test.cpp:4:15:4:20 | call to malloc | semmle.label | call to malloc |
 | test.cpp:5:15:5:15 | p | semmle.label | p |
@@ -1031,9 +1052,7 @@ nodes
 | test.cpp:326:15:326:16 | xs | semmle.label | xs |
 | test.cpp:326:15:326:23 | ... + ... | semmle.label | ... + ... |
 | test.cpp:326:15:326:23 | ... + ... | semmle.label | ... + ... |
-| test.cpp:333:5:333:21 | Store: ... = ... | semmle.label | Store: ... = ... |
 | test.cpp:338:8:338:15 | * ... | semmle.label | * ... |
-| test.cpp:341:5:341:21 | Store: ... = ... | semmle.label | Store: ... = ... |
 | test.cpp:341:8:341:17 | * ... | semmle.label | * ... |
 | test.cpp:342:8:342:17 | * ... | semmle.label | * ... |
 | test.cpp:347:14:347:27 | new[] | semmle.label | new[] |
@@ -1066,6 +1085,17 @@ nodes
 | test.cpp:371:7:371:7 | p | semmle.label | p |
 | test.cpp:372:15:372:16 | Load: * ... | semmle.label | Load: * ... |
 | test.cpp:372:16:372:16 | p | semmle.label | p |
+| test.cpp:377:14:377:27 | new[] | semmle.label | new[] |
+| test.cpp:378:15:378:16 | xs | semmle.label | xs |
+| test.cpp:378:15:378:23 | ... + ... | semmle.label | ... + ... |
+| test.cpp:378:15:378:23 | ... + ... | semmle.label | ... + ... |
+| test.cpp:378:15:378:23 | ... + ... | semmle.label | ... + ... |
+| test.cpp:378:15:378:23 | ... + ... | semmle.label | ... + ... |
+| test.cpp:381:5:381:7 | end | semmle.label | end |
+| test.cpp:381:5:381:9 | ... ++ | semmle.label | ... ++ |
+| test.cpp:381:5:381:9 | ... ++ | semmle.label | ... ++ |
+| test.cpp:384:13:384:16 | Load: * ... | semmle.label | Load: * ... |
+| test.cpp:384:14:384:16 | end | semmle.label | end |
 subpaths
 #select
 | test.cpp:6:14:6:15 | Load: * ... | test.cpp:4:15:4:20 | call to malloc | test.cpp:6:14:6:15 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:4:15:4:20 | call to malloc | call to malloc | test.cpp:5:19:5:22 | size | size |
@@ -1088,9 +1118,8 @@ subpaths
 | test.cpp:264:13:264:14 | Load: * ... | test.cpp:260:13:260:24 | new[] | test.cpp:264:13:264:14 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:260:13:260:24 | new[] | new[] | test.cpp:261:19:261:21 | len | len |
 | test.cpp:274:5:274:10 | Store: ... = ... | test.cpp:270:13:270:24 | new[] | test.cpp:274:5:274:10 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:270:13:270:24 | new[] | new[] | test.cpp:271:19:271:21 | len | len |
 | test.cpp:308:5:308:29 | Store: ... = ... | test.cpp:304:15:304:26 | new[] | test.cpp:308:5:308:29 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:304:15:304:26 | new[] | new[] | test.cpp:308:8:308:10 | ... + ... | ... + ... |
-| test.cpp:333:5:333:21 | Store: ... = ... | test.cpp:325:14:325:27 | new[] | test.cpp:333:5:333:21 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:325:14:325:27 | new[] | new[] | test.cpp:326:20:326:23 | size | size |
-| test.cpp:341:5:341:21 | Store: ... = ... | test.cpp:325:14:325:27 | new[] | test.cpp:341:5:341:21 | Store: ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:325:14:325:27 | new[] | new[] | test.cpp:326:20:326:23 | size | size |
 | test.cpp:350:15:350:19 | Load: * ... | test.cpp:347:14:347:27 | new[] | test.cpp:350:15:350:19 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:347:14:347:27 | new[] | new[] | test.cpp:348:20:348:23 | size | size |
 | test.cpp:358:14:358:26 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:358:14:358:26 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size |
 | test.cpp:359:14:359:32 | Load: * ... | test.cpp:355:14:355:27 | new[] | test.cpp:359:14:359:32 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 2. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size |
 | test.cpp:372:15:372:16 | Load: * ... | test.cpp:363:14:363:27 | new[] | test.cpp:372:15:372:16 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:363:14:363:27 | new[] | new[] | test.cpp:365:19:365:22 | size | size |
+| test.cpp:384:13:384:16 | Load: * ... | test.cpp:377:14:377:27 | new[] | test.cpp:384:13:384:16 | Load: * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:377:14:377:27 | new[] | new[] | test.cpp:378:20:378:23 | size | size |
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/pointer-deref/test.cpp
@@ -330,7 +330,7 @@ void test23(unsigned size, int val) {
    if(*current - xs < 1)
      return;

-    *--(*current) = 0; // GOOD [FALSE POSITIVE]
+    *--(*current) = 0; // GOOD
    return;
  }

@@ -338,7 +338,7 @@ void test23(unsigned size, int val) {
    if(*current - xs < 2)
      return;

-    *--(*current) = 0; // GOOD [FALSE POSITIVE]
+    *--(*current) = 0; // GOOD
    *--(*current) = 0; // GOOD
  }
 }
@@ -372,3 +372,14 @@ void test26(unsigned size) {
    int val = *p; // GOOD [FALSE POSITIVE]
  }
 }
+
+void test27(unsigned size, bool b) {
+  char *xs = new char[size];
+  char *end = xs + size;
+
+  if (b) {
+    end++;
+  }
+
+  int val = *end; // BAD
+}
--- a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs
@@ -33,7 +33,9 @@ namespace Semmle.Extraction.CSharp.Standalone
            CSharp.Extractor.Analyse(stopwatch, analyser, options,
                references => GetResolvedReferencesStandalone(referencePaths, references),
                (analyser, syntaxTrees) => CSharp.Extractor.ReadSyntaxTrees(sources, analyser, null, null, syntaxTrees),
-                (syntaxTrees, references) => CSharpCompilation.Create("csharp.dll", syntaxTrees, references),
+                (syntaxTrees, references) => CSharpCompilation.Create(
+                    "csharp.dll", syntaxTrees, references, new CSharpCompilationOptions(OutputKind.ConsoleApplication, allowUnsafe: true)
+                    ),
                (compilation, options) => analyser.Initialize(compilation, options),
                () => { },
                _ => { },
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs
@@ -243,7 +243,12 @@ namespace Semmle.Extraction.CSharp.Entities
            if (methodKind == MethodKind.ExplicitInterfaceImplementation)
            {
                // Retrieve the original method kind
-                methodKind = methodDecl.ExplicitInterfaceImplementations.Select(m => m.MethodKind).FirstOrDefault();
+                if (methodDecl.ExplicitInterfaceImplementations.IsEmpty)
+                {
+                    throw new InternalError(methodDecl, "Couldn't get the original method kind for an explicit interface implementation");
+                }
+
+                methodKind = methodDecl.ExplicitInterfaceImplementations.Select(m => m.MethodKind).First();
            }

            switch (methodKind)
--- a/csharp/ql/lib/change-notes/2023-06-02-delete-deps.md
+++ b/csharp/ql/lib/change-notes/2023-06-02-delete-deps.md
@@ -0,0 +1,8 @@
+---
+category: minorAnalysis
+---
+* Deleted the deprecated `WebConfigXML`, `ConfigurationXMLElement`, `LocationXMLElement`, `SystemWebXMLElement`, `SystemWebServerXMLElement`, `CustomErrorsXMLElement`, and `HttpRuntimeXMLElement` classes from `WebConfig.qll`. The non-deprecated names with PascalCased Xml suffixes should be used instead.
+* Deleted the deprecated `Record` class from both `Types.qll` and `Type.qll`.
+* Deleted the deprecated `StructuralComparisonConfiguration` class from `StructuralComparison.qll`, use `sameGvn` instead.
+* Deleted the deprecated `isParameterOf` predicate from the `ParameterNode` class.
+* Deleted the deprecated `SafeExternalAPICallable`, `ExternalAPIDataNode`, `UntrustedDataToExternalAPIConfig`, `UntrustedExternalAPIDataNode`, and `ExternalAPIUsedWithUntrustedData` classes from `ExternalAPIsQuery.qll`. The non-deprecated names with PascalCased Api suffixes should be used instead.
--- a/csharp/ql/lib/semmle/code/asp/WebConfig.qll
+++ b/csharp/ql/lib/semmle/code/asp/WebConfig.qll
@@ -18,9 +18,6 @@ class WebConfigReleaseTransformXml extends XmlFile {
  WebConfigReleaseTransformXml() { this.getName().matches("%Web.Release.config") }
 }

-/** DEPRECATED: Alias for WebConfigXml */
-deprecated class WebConfigXML = WebConfigXml;
-
 /** A `<configuration>` tag in an ASP.NET configuration file. */
 class ConfigurationXmlElement extends XmlElement {
  ConfigurationXmlElement() { this.getName().toLowerCase() = "configuration" }
@@ -31,9 +28,6 @@ class CompilationXmlElement extends XmlElement {
  CompilationXmlElement() { this.getName().toLowerCase() = "compilation" }
 }

-/** DEPRECATED: Alias for ConfigurationXmlElement */
-deprecated class ConfigurationXMLElement = ConfigurationXmlElement;
-
 /** A `<location>` tag in an ASP.NET configuration file. */
 class LocationXmlElement extends XmlElement {
  LocationXmlElement() {
@@ -42,9 +36,6 @@ class LocationXmlElement extends XmlElement {
  }
 }

-/** DEPRECATED: Alias for LocationXmlElement */
-deprecated class LocationXMLElement = LocationXmlElement;
-
 /** A `<system.web>` tag in an ASP.NET configuration file. */
 class SystemWebXmlElement extends XmlElement {
  SystemWebXmlElement() {
@@ -57,9 +48,6 @@ class SystemWebXmlElement extends XmlElement {
  }
 }

-/** DEPRECATED: Alias for SystemWebXmlElement */
-deprecated class SystemWebXMLElement = SystemWebXmlElement;
-
 /** A `<system.webServer>` tag in an ASP.NET configuration file. */
 class SystemWebServerXmlElement extends XmlElement {
  SystemWebServerXmlElement() {
@@ -72,9 +60,6 @@ class SystemWebServerXmlElement extends XmlElement {
  }
 }

-/** DEPRECATED: Alias for SystemWebServerXmlElement */
-deprecated class SystemWebServerXMLElement = SystemWebServerXmlElement;
-
 /** A `<customErrors>` tag in an ASP.NET configuration file. */
 class CustomErrorsXmlElement extends XmlElement {
  CustomErrorsXmlElement() {
@@ -83,9 +68,6 @@ class CustomErrorsXmlElement extends XmlElement {
  }
 }

-/** DEPRECATED: Alias for CustomErrorsXmlElement */
-deprecated class CustomErrorsXMLElement = CustomErrorsXmlElement;
-
 /** A `<httpRuntime>` tag in an ASP.NET configuration file. */
 class HttpRuntimeXmlElement extends XmlElement {
  HttpRuntimeXmlElement() {
@@ -94,9 +76,6 @@ class HttpRuntimeXmlElement extends XmlElement {
  }
 }

-/** DEPRECATED: Alias for HttpRuntimeXmlElement */
-deprecated class HttpRuntimeXMLElement = HttpRuntimeXmlElement;
-
 /** A `<forms>` tag under `<system.web><authentication>` in an ASP.NET configuration file. */
 class FormsElement extends XmlElement {
  FormsElement() {
--- a/csharp/ql/lib/semmle/code/cil/Types.qll
+++ b/csharp/ql/lib/semmle/code/cil/Types.qll
@@ -60,11 +60,6 @@ class Class extends ValueOrRefType {
  Class() { this.isClass() }
 }

-/** A `record`. */
-deprecated class Record extends Class {
-  Record() { this.isRecord() }
-}
-
 /** An `interface`. */
 class Interface extends ValueOrRefType {
  Interface() { this.isInterface() }
--- a/csharp/ql/lib/semmle/code/csharp/Type.qll
+++ b/csharp/ql/lib/semmle/code/csharp/Type.qll
@@ -780,16 +780,6 @@ class Class extends RefType, @class_type {
  override string getAPrimaryQlClass() { result = "Class" }
 }

-/**
- * DEPRECATED: Use `RecordClass` instead.
- */
-deprecated class Record extends Class {
-  Record() { this.isRecord() }
-
-  /** Gets the clone method of this record. */
-  RecordCloneMethod getCloneMethod() { result = this.getAMember() }
-}
-
 /**
 * A `record`, for example
 *
--- a/csharp/ql/lib/semmle/code/csharp/commons/StructuralComparison.qll
+++ b/csharp/ql/lib/semmle/code/csharp/commons/StructuralComparison.qll
@@ -200,45 +200,3 @@ predicate sameGvn(ControlFlowElement x, ControlFlowElement y) {
  pragma[only_bind_into](toGvn(pragma[only_bind_out](x))) =
    pragma[only_bind_into](toGvn(pragma[only_bind_out](y)))
 }
-
-/**
- * DEPRECATED: Use `sameGvn` instead.
- *
- * A configuration for performing structural comparisons of program elements
- * (expressions and statements).
- *
- * The predicate `candidate()` must be overridden, in order to identify the
- * elements for which to perform structural comparison.
- *
- * Each use of the library is identified by a unique string value.
- */
-abstract deprecated class StructuralComparisonConfiguration extends string {
-  bindingset[this]
-  StructuralComparisonConfiguration() { any() }
-
-  /**
-   * Holds if elements `x` and `y` are candidates for testing structural
-   * equality.
-   *
-   * Subclasses are expected to override this predicate to identify the
-   * top-level elements which they want to compare. Care should be
-   * taken to avoid identifying too many pairs of elements, as in general
-   * there are very many structurally equal subtrees in a program, and
-   * in order to keep the computation feasible we must focus attention.
-   *
-   * Note that this relation is not expected to be symmetric -- it's
-   * fine to include a pair `(x, y)` but not `(y, x)`.
-   * In fact, not including the symmetrically implied fact will save
-   * half the computation time on the structural comparison.
-   */
-  abstract predicate candidate(ControlFlowElement x, ControlFlowElement y);
-
-  /**
-   * Holds if elements `x` and `y` structurally equal. `x` and `y` must be
-   * flagged as candidates for structural equality, that is,
-   * `candidate(x, y)` must hold.
-   */
-  predicate same(ControlFlowElement x, ControlFlowElement y) {
-    this.candidate(x, y) and sameGvn(x, y)
-  }
-}
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll
@@ -106,16 +106,6 @@ class ParameterNode extends Node instanceof ParameterNodeImpl {
      result = c.asCallable().getParameter(ppos.getPosition())
    )
  }
-
-  /**
-   * DEPRECATED
-   *
-   * Holds if this node is the parameter of callable `c` at the specified
-   * (zero-based) position.
-   */
-  deprecated predicate isParameterOf(DataFlowCallable c, int i) {
-    super.isParameterOf(c, any(ParameterPosition pos | i = pos.getPosition()))
-  }
 }

 /** A definition, viewed as a node in a data flow graph. */
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
@@ -14,9 +14,6 @@ private import semmle.code.csharp.dataflow.FlowSummary
 */
 abstract class SafeExternalApiCallable extends Callable { }

-/** DEPRECATED: Alias for SafeExternalApiCallable */
-deprecated class SafeExternalAPICallable = SafeExternalApiCallable;
-
 private class SummarizedCallableSafe extends SafeExternalApiCallable instanceof SummarizedCallable {
 }

@@ -87,9 +84,6 @@ class ExternalApiDataNode extends DataFlow::Node {
  }
 }

-/** DEPRECATED: Alias for ExternalApiDataNode */
-deprecated class ExternalAPIDataNode = ExternalApiDataNode;
-
 /**
 * DEPRECATED: Use `RemoteSourceToExternalApi` instead.
 *
@@ -113,9 +107,6 @@ private module RemoteSourceToExternalApiConfig implements DataFlow::ConfigSig {
 /** A module for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */
 module RemoteSourceToExternalApi = TaintTracking::Global<RemoteSourceToExternalApiConfig>;

-/** DEPRECATED: Alias for UntrustedDataToExternalApiConfig */
-deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiConfig;
-
 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalApiDataNode extends ExternalApiDataNode {
  UntrustedExternalApiDataNode() { RemoteSourceToExternalApi::flow(_, this) }
@@ -124,9 +115,6 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
  DataFlow::Node getAnUntrustedSource() { RemoteSourceToExternalApi::flow(result, this) }
 }

-/** DEPRECATED: Alias for UntrustedExternalApiDataNode */
-deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
-
 /** An external API which is used with untrusted data. */
 private newtype TExternalApi =
  /** An untrusted API method `m` where untrusted data is passed at `index`. */
@@ -161,6 +149,3 @@ class ExternalApiUsedWithUntrustedData extends TExternalApi {
    )
  }
 }
-
-/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
-deprecated class ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
@@ -149,9 +149,6 @@ class LdapEncodeSanitizer extends Sanitizer {
  }
 }

-/** DEPRECATED: Alias for LdapEncodeSanitizer */
-deprecated class LDAPEncodeSanitizer = LdapEncodeSanitizer;
-
 private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { }

 private class GuidSanitizer extends Sanitizer, GuidSanitizedExpr { }
--- a/Hiding/ExposeRepresentation.ql
+++ b/Hiding/ExposeRepresentation.ql
@@ -78,4 +78,4 @@ where
  exposesByStore(c, f, why, whyText)
 select c,
  "'" + c.getName() + "' exposes the internal representation stored in field '" + f.getName() +
-    "'. The value may be modified $@.", why.getLocation(), whyText
+    "'. The value may be modified $@.", why, whyText
--- a/csharp/ql/src/Complexity/ComplexCondition.ql
+++ b/csharp/ql/src/Complexity/ComplexCondition.ql
@@ -26,4 +26,4 @@ where
  operators =
    count(BinaryLogicalOperation op | logicalParent*(op, e) and nontrivialLogicalOperator(op)) and
  operators > 3
-select e.getLocation(), "Complex condition: too many logical operations in this expression."
+select e, "Complex condition: too many logical operations in this expression."
--- a/csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll
+++ b/csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll
@@ -73,9 +73,6 @@ module UnaliasedSsaInstructions {
  }
 }

-/** DEPRECATED: Alias for UnaliasedSsaInstructions */
-deprecated module UnaliasedSSAInstructions = UnaliasedSsaInstructions;
-
 /**
 * Provides wrappers for the constructors of each branch of `TInstruction` that is used by the
 * aliased SSA stage.
@@ -107,6 +104,3 @@ module AliasedSsaInstructions {
    result = TAliasedSsaUnreachedInstruction(irFunc)
  }
 }
-
-/** DEPRECATED: Alias for AliasedSsaInstructions */
-deprecated module AliasedSSAInstructions = AliasedSsaInstructions;
--- a/csharp/ql/src/experimental/ir/implementation/internal/TOperand.qll
+++ b/csharp/ql/src/experimental/ir/implementation/internal/TOperand.qll
@@ -59,20 +59,12 @@ private module Shared {

  class TNonSsaMemoryOperand = Internal::TNonSsaMemoryOperand;

-  /** DEPRECATED: Alias for TNonSsaMemoryOperand */
-  deprecated class TNonSSAMemoryOperand = TNonSsaMemoryOperand;
-
  /**
   * Returns the non-Phi memory operand with the specified parameters.
   */
  TNonSsaMemoryOperand nonSsaMemoryOperand(TRawInstruction useInstr, MemoryOperandTag tag) {
    result = Internal::TNonSsaMemoryOperand(useInstr, tag)
  }
-
-  /** DEPRECATED: Alias for nonSsaMemoryOperand */
-  deprecated TNonSSAMemoryOperand nonSSAMemoryOperand(TRawInstruction useInstr, MemoryOperandTag tag) {
-    result = nonSsaMemoryOperand(useInstr, tag)
-  }
 }

 /**
@@ -156,6 +148,3 @@ module UnaliasedSsaOperands {
   */
  TChiOperand chiOperand(Unaliased::Instruction useInstr, ChiOperandTag tag) { none() }
 }
-
-/** DEPRECATED: Alias for UnaliasedSsaOperands */
-deprecated module UnaliasedSSAOperands = UnaliasedSsaOperands;
--- a/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll
+++ b/csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll
@@ -210,9 +210,6 @@ class Instruction extends Construction::TStageInstruction {
   */
  final Language::AST getAst() { result = Construction::getInstructionAst(this) }

-  /** DEPRECATED: Alias for getAst */
-  deprecated Language::AST getAST() { result = this.getAst() }
-
  /**
   * Gets the location of the source code for this instruction.
   */
@@ -463,9 +460,6 @@ class VariableInstruction extends Instruction {
   * Gets the AST variable that this instruction's IR variable refers to, if one exists.
   */
  final Language::Variable getAstVariable() { result = var.(IRUserVariable).getVariable() }
-
-  /** DEPRECATED: Alias for getAstVariable */
-  deprecated Language::Variable getASTVariable() { result = this.getAstVariable() }
 }

 /**
--- a/csharp/ql/src/experimental/ir/implementation/raw/internal/IRConstruction.qll
+++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/IRConstruction.qll
@@ -378,12 +378,6 @@ private module Cached {
    result = getInstructionTranslatedElement(instruction).getAst()
  }

-  /** DEPRECATED: Alias for getInstructionAst */
-  cached
-  deprecated Language::AST getInstructionAST(Instruction instruction) {
-    result = getInstructionAst(instruction)
-  }
-
  cached
  CSharpType getInstructionResultType(Instruction instruction) {
    getInstructionTranslatedElement(instruction)
--- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedCondition.qll
+++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedCondition.qll
@@ -17,9 +17,6 @@ abstract class TranslatedCondition extends ConditionBase {

  final override Language::AST getAst() { result = expr }

-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
-
  final Expr getExpr() { result = expr }

  final override Callable getFunction() { result = expr.getEnclosingCallable() }
--- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedDeclaration.qll
+++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedDeclaration.qll
@@ -30,9 +30,6 @@ abstract class TranslatedLocalDeclaration extends TranslatedElement, TTranslated
  final override string toString() { result = expr.toString() }

  final override Language::AST getAst() { result = expr }
-
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
 }

 /**
--- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll
+++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll
@@ -366,9 +366,6 @@ abstract class TranslatedElement extends TTranslatedElement {
   */
  abstract Language::AST getAst();

-  /** DEPRECATED: Alias for getAst */
-  deprecated Language::AST getAST() { result = this.getAst() }
-
  /**
   * Get the first instruction to be executed in the evaluation of this element.
   */
--- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedExpr.qll
+++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedExpr.qll
@@ -63,9 +63,6 @@ abstract class TranslatedExpr extends TranslatedExprBase {

  final override Language::AST getAst() { result = expr }

-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
-
  final override Callable getFunction() { result = expr.getEnclosingCallable() }

  /**
--- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedFunction.qll
+++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedFunction.qll
@@ -30,9 +30,6 @@ class TranslatedFunction extends TranslatedElement, TTranslatedFunction {

  final override Language::AST getAst() { result = callable }

-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
-
  /**
   * Gets the function being translated.
   */
@@ -287,9 +284,6 @@ class TranslatedParameter extends TranslatedElement, TTranslatedParameter {

  final override Language::AST getAst() { result = param }

-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
-
  final override Callable getFunction() { result = param.getCallable() }

  final override Instruction getFirstInstruction() {
--- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedInitialization.qll
+++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedInitialization.qll
@@ -52,9 +52,6 @@ abstract class TranslatedInitialization extends TranslatedElement, TTranslatedIn

  final override Language::AST getAst() { result = expr }

-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
-
  /**
   * Gets the expression that is doing the initialization.
   */
@@ -210,9 +207,6 @@ abstract class TranslatedElementInitialization extends TranslatedElement {

  final override Language::AST getAst() { result = initList }

-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
-
  final override Callable getFunction() { result = initList.getEnclosingCallable() }

  final override Instruction getFirstInstruction() {
@@ -319,9 +313,6 @@ abstract class TranslatedConstructorCallFromConstructor extends TranslatedElemen

  final override Language::AST getAst() { result = call }

-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
-
  final override TranslatedElement getChild(int id) {
    id = 0 and result = this.getConstructorCall()
  }
--- a/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll
+++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll
@@ -26,9 +26,6 @@ abstract class TranslatedStmt extends TranslatedElement, TTranslatedStmt {

  final override Language::AST getAst() { result = stmt }

-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
-
  final override Callable getFunction() { result = stmt.getEnclosingCallable() }
 }

--- a/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedElement.qll
+++ b/csharp/ql/src/experimental/ir/implementation/raw/internal/desugar/internal/TranslatedCompilerGeneratedElement.qll
@@ -20,7 +20,4 @@ abstract class TranslatedCompilerGeneratedElement extends TranslatedElement,
  final override Callable getFunction() { result = generatedBy.getEnclosingCallable() }

  final override Language::AST getAst() { result = generatedBy }
-
-  /** DEPRECATED: Alias for getAst */
-  deprecated override Language::AST getAST() { result = this.getAst() }
 }
--- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll
+++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll
@@ -210,9 +210,6 @@ class Instruction extends Construction::TStageInstruction {
   */
  final Language::AST getAst() { result = Construction::getInstructionAst(this) }

-  /** DEPRECATED: Alias for getAst */
-  deprecated Language::AST getAST() { result = this.getAst() }
-
  /**
   * Gets the location of the source code for this instruction.
   */
@@ -463,9 +460,6 @@ class VariableInstruction extends Instruction {
   * Gets the AST variable that this instruction's IR variable refers to, if one exists.
   */
  final Language::Variable getAstVariable() { result = var.(IRUserVariable).getVariable() }
-
-  /** DEPRECATED: Alias for getAstVariable */
-  deprecated Language::Variable getASTVariable() { result = this.getAstVariable() }
 }

 /**
--- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
+++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
@@ -422,12 +422,6 @@ private module Cached {
    )
  }

-  /** DEPRECATED: Alias for getInstructionAst */
-  cached
-  deprecated Language::AST getInstructionAST(Instruction instr) {
-    result = getInstructionAst(instr)
-  }
-
  cached
  Language::LanguageType getInstructionResultType(Instruction instr) {
    result = instr.(RawIR::Instruction).getResultLanguageType()
@@ -993,9 +987,6 @@ predicate canReuseSsaForMemoryResult(Instruction instruction) {
  // We don't support reusing SSA for any location that could create a `Chi` instruction.
 }

-/** DEPRECATED: Alias for canReuseSsaForMemoryResult */
-deprecated predicate canReuseSSAForMemoryResult = canReuseSsaForMemoryResult/1;
-
 /**
 * Expose some of the internal predicates to PrintSSA.qll. We do this by publicly importing those modules in the
 * `DebugSsa` module, which is then imported by PrintSSA.
@@ -1005,9 +996,6 @@ module DebugSsa {
  import DefUse
 }

-/** DEPRECATED: Alias for DebugSsa */
-deprecated module DebugSSA = DebugSsa;
-
 import CachedForDebugging

 cached
--- a/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll
+++ b/csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll
@@ -46,9 +46,6 @@ predicate canReuseSsaForVariable(IRAutomaticVariable var) {
  not allocationEscapes(var)
 }

-/** DEPRECATED: Alias for canReuseSsaForVariable */
-deprecated predicate canReuseSSAForVariable = canReuseSsaForVariable/1;
-
 private newtype TMemoryLocation = MkMemoryLocation(Allocation var) { isVariableModeled(var) }

 private MemoryLocation getMemoryLocation(Allocation var) { result.getAllocation() = var }
@@ -80,9 +77,6 @@ class MemoryLocation extends TMemoryLocation {

 predicate canReuseSsaForOldResult(Instruction instr) { none() }

-/** DEPRECATED: Alias for canReuseSsaForOldResult */
-deprecated predicate canReuseSSAForOldResult = canReuseSsaForOldResult/1;
-
 /**
 * Represents a set of `MemoryLocation`s that cannot overlap with
 * `MemoryLocation`s outside of the set. The `VirtualVariable` will be
--- a/Hiding/ExposeRepresentation/ExposeRepresentation.expected
+++ b/Hiding/ExposeRepresentation/ExposeRepresentation.expected
@@ -1,2 +1,2 @@
-| ExposeRepresentation.cs:8:21:8:23 | Set | 'Set' exposes the internal representation stored in field 'rarray'. The value may be modified $@. | ExposeRepresentation.cs:16:9:16:9 | ExposeRepresentation.cs:16:9:16:9 | through the variable a |
-| ExposeRepresentationBad.cs:18:22:18:24 | Get | 'Get' exposes the internal representation stored in field 'rarray'. The value may be modified $@. | ExposeRepresentationBad.cs:24:23:24:29 | ExposeRepresentationBad.cs:24:23:24:29 | after this call to Get |
+| ExposeRepresentation.cs:8:21:8:23 | Set | 'Set' exposes the internal representation stored in field 'rarray'. The value may be modified $@. | ExposeRepresentation.cs:16:9:16:9 | access to local variable a | through the variable a |
+| ExposeRepresentationBad.cs:18:22:18:24 | Get | 'Get' exposes the internal representation stored in field 'rarray'. The value may be modified $@. | ExposeRepresentationBad.cs:24:23:24:29 | call to method Get | after this call to Get |
--- a/docs/codeql/reusables/supported-versions-compilers.rst
+++ b/docs/codeql/reusables/supported-versions-compilers.rst
@@ -25,7 +25,7 @@
   Python [8]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11",Not applicable,``.py``
   Ruby [9]_,"up to 3.2",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``"
   Swift [10]_,"Swift 5.4-5.7","Swift compiler","``.swift``"
-   TypeScript [11]_,"2.6-5.0",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``"
+   TypeScript [11]_,"2.6-5.1",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``"

 .. container:: footnote-group

--- a/go/extractor/cli/go-autobuilder/go-autobuilder.go
+++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go
@@ -910,6 +910,17 @@ func getVersionWhenGoModVersionSupported(v versionInfo) (msg, version string) {

 // Check the versions of Go found in the environment and in the `go.mod` file, and return a
 // version to install. If the version is the empty string then no installation is required.
+// We never return a version of Go that is outside of the supported range.
+//
+// +-----------------------+-----------------------+-----------------------+-----------------------------------------------------+------------------------------------------------+
+// | Found in go.mod >     | *None*                | *Below min supported* | *In supported range*                                | *Above max supported                           |
+// | Installed \/          |                       |                       |                                                     |                                                |
+// |-----------------------|-----------------------|-----------------------|-----------------------------------------------------|------------------------------------------------|
+// | *None*                | Install max supported | Install min supported | Install version from go.mod                         | Install max supported                          |
+// | *Below min supported* | Install max supported | Install min supported | Install version from go.mod                         | Install max supported                          |
+// | *In supported range*  | No action             | No action             | Install version from go.mod if newer than installed | Install max supported if newer than installed  |
+// | *Above max supported* | Install max supported | Install min supported | Install version from go.mod                         | No action                                      |
+// +-----------------------+-----------------------+-----------------------+-----------------------------------------------------+------------------------------------------------+
 func getVersionToInstall(v versionInfo) (msg, version string) {
 	if !v.goModVersionFound {
 		return getVersionWhenGoModVersionNotFound(v)
--- a/java/documentation/library-coverage/coverage.csv
+++ b/java/documentation/library-coverage/coverage.csv
@@ -12,10 +12,11 @@ androidx.core.app,6,,95,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,12,83
 androidx.fragment.app,11,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 androidx.slice,2,5,88,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,5,,27,61
 cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.alibaba.druid.sql,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.fasterxml.jackson.databind,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
+com.fasterxml.jackson.databind,2,,6,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,6,
 com.google.common.base,4,,87,,,,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,63,24
 com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17
 com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551
@@ -23,6 +24,7 @@ com.google.common.flogger,29,,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,
 com.google.common.io,8,,73,,1,,,,,,,,,,,,,,7,,,,,,,,,,,,,,,,,,,72,1
 com.google.gson,,,39,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,14
 com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,
+com.jcraft.jsch,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,1,
 com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,
 com.opensymphony.xwork2.ognl,3,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,
 com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7,
@@ -41,7 +43,7 @@ io.netty.bootstrap,3,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,
 io.netty.buffer,,,207,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,77
 io.netty.channel,9,2,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,2,,
 io.netty.handler.codec,4,13,259,,,,,,,,,,,,,,,,1,,,,,,,,,3,,,,,,,,,13,143,116
-io.netty.handler.ssl,2,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,
+io.netty.handler.ssl,4,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,
 io.netty.handler.stream,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
 io.netty.resolver,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 io.netty.util,2,,23,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,21,2
@@ -52,10 +54,10 @@ jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
 jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,94,55
 java.awt,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3
 java.beans,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-java.io,44,,45,,22,,,,,,,,,,,,,,22,,,,,,,,,,,,,,,,,,,43,2
+java.io,49,,45,,22,,,,,,,,,,,,,,27,,,,,,,,,,,,,,,,,,,43,2
 java.lang,18,,92,,,,,,,,,,,,,8,,,5,,,4,,,1,,,,,,,,,,,,,56,36
 java.net,13,3,20,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,3,20,
-java.nio,38,,31,,3,,,,,,,,,,,,,,35,,,,,,,,,,,,,,,,,,,31,
+java.nio,47,,35,,3,,,,,,,,,,,,,,44,,,,,,,,,,,,,,,,,,,35,
 java.sql,13,,3,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,2,1
 java.util,44,,484,,,,,,,,,,,,,34,,,,,,,5,2,,1,2,,,,,,,,,,,44,440
 javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
@@ -75,10 +77,11 @@ javax.ws.rs.core,3,,149,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,2,,,,,,94,55
 javax.xml.transform,2,,6,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,1,,,,6,
 javax.xml.xpath,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,
 jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10
-kotlin,16,,1843,,,,,,,,,,,,,,,,14,,,,,,,,,2,,,,,,,,,,1836,7
+kotlin,16,,1847,,,,,,,,,,,,,,,,14,,,,,,,,,2,,,,,,,,,,1836,11
 net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,
 ognl,6,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,
-okhttp3,4,,47,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,22,25
+okhttp3,4,,48,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,23,25
+org.antlr.runtime,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
 org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
 org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
 org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
@@ -119,8 +122,10 @@ org.codehaus.cargo.container.installer,3,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,,,,,,,,,,
 org.codehaus.groovy.control,1,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
 org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,
 org.eclipse.jetty.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
+org.fusesource.leveldbjni,1,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,
 org.geogebra.web.full.main,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,
 org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,
+org.influxdb,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
 org.jboss.logging,324,,,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,
 org.jdbi.v3.core,6,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,
 org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,
@@ -134,6 +139,7 @@ org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30
 org.springframework.boot.jdbc,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
 org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
 org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+org.springframework.core.io,2,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,
 org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
 org.springframework.http,14,,71,,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,,61,10
 org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,
@@ -153,6 +159,7 @@ org.springframework.web.util,,,165,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,140,25
 org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,2,
 org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,
+org.yaml.snakeyaml,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
 play.libs.ws,2,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
 play.mvc,,13,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,24,
 ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
--- a/java/documentation/library-coverage/coverage.rst
+++ b/java/documentation/library-coverage/coverage.rst
@@ -18,10 +18,10 @@ Java framework & library support
   `Google Guava <https://guava.dev/>`_,``com.google.common.*``,,730,41,7,,,,,
   JBoss Logging,``org.jboss.logging``,,,324,,,,,,
   `JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,
-   Java Standard Library,``java.*``,3,679,170,62,,9,,,17
+   Java Standard Library,``java.*``,3,683,184,76,,9,,,17
   Java extensions,"``javax.*``, ``jakarta.*``",63,611,34,2,4,,1,1,2
-   Kotlin Standard Library,``kotlin*``,,1843,16,14,,,,,2
-   `Spring <https://spring.io/>`_,``org.springframework.*``,29,483,113,3,,28,14,,34
-   Others,"``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",98,890,520,60,,18,18,,193
-   Totals,,255,9182,1973,242,10,122,33,1,382
+   Kotlin Standard Library,``kotlin*``,,1847,16,14,,,,,2
+   `Spring <https://spring.io/>`_,``org.springframework.*``,29,483,115,4,,28,14,,35
+   Others,"``cn.hutool.core.codec``, ``com.alibaba.druid.sql``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.thoughtworks.xstream``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jodd.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.hibernate``, ``org.influxdb``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",98,894,528,66,,18,18,,195
+   Totals,,255,9194,1997,263,10,122,33,1,385

--- a/java/kotlin-explorer/.gitignore
+++ b/java/kotlin-explorer/.gitignore
@@ -1,10 +0,0 @@
-.classpath
-.gradle
-.idea
-.project
-.settings
-bin/
-build/
-gradle/
-gradlew
-gradlew.bat
--- a/java/kotlin-explorer/README
+++ b/java/kotlin-explorer/README
@@ -1,9 +0,0 @@
-
-This shows what is encoded in the kotlin.Metadata section shown in the
-output of `javap -v SomeKotlinClass`.
-
-It is not currently able to extract the information from .class files
-itself; the values are hard coded in src/main/kotlin/Explorer.kt
-
-Run `gradle run` in this directory to run it.
-
--- a/java/kotlin-explorer/build.gradle
+++ b/java/kotlin-explorer/build.gradle
@@ -1,28 +0,0 @@
-plugins {
-    id 'org.jetbrains.kotlin.jvm' version "${kotlinVersion}"
-    id 'org.jetbrains.dokka' version '1.4.32'
-    id "com.vanniktech.maven.publish" version '0.15.1'
-    id 'application'
-}
-
-group 'com.github.codeql'
-version '0.0.1'
-
-dependencies {
-    implementation "org.jetbrains.kotlin:kotlin-stdlib"
-    implementation "org.jetbrains.kotlinx:kotlinx-metadata-jvm:0.3.0"
-}
-
-repositories {
-    mavenCentral()
-}
-
-tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile).configureEach {
-    kotlinOptions {
-        jvmTarget = "1.8"
-    }
-}
-
-application {
-    mainClass = 'com.github.codeql.ExplorerKt'
-}
--- a/java/kotlin-explorer/gradle.properties
+++ b/java/kotlin-explorer/gradle.properties
@@ -1,7 +0,0 @@
-kotlin.code.style=official
-kotlinVersion=1.5.21
-
-GROUP=com.github.codeql
-VERSION_NAME=0.0.1
-POM_DESCRIPTION=CodeQL Kotlin explorer
-
--- a/java/kotlin-explorer/settings.gradle
+++ b/java/kotlin-explorer/settings.gradle
@@ -1,8 +0,0 @@
-pluginManagement {
-    repositories {
-        mavenCentral()
-        gradlePluginPortal()
-    }
-}
-
-rootProject.name = 'codeql-kotlin-explorer'
--- a/java/kotlin-explorer/src/main/kotlin/Explorer.kt
+++ b/java/kotlin-explorer/src/main/kotlin/Explorer.kt
@@ -1,217 +0,0 @@
-package com.github.codeql
-import kotlinx.metadata.internal.metadata.jvm.deserialization.JvmMetadataVersion
-import kotlinx.metadata.jvm.*
-import kotlinx.metadata.*
-
-fun main(args : Array<String>) {
-    /*
-    Values from `javap -v` on TestKt.class from:
-
-    class MyClass {}
-
-    class MyParamClass<T> {}
-
-    fun f(x: MyClass, y: MyClass?,
-          l1: MyParamClass<MyClass>,
-          l2: MyParamClass<MyClass?>,
-          l3: MyParamClass<MyClass>?,
-          l4: MyParamClass<MyClass?>?) {
-    }
-    */
-    val kind = 2
-    val metadataVersion = intArrayOf(1, 5, 1)
-    val data1 = arrayOf("\u0000\u0018\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\u001aX\u0010\u0000\u001a\u00020\u00012\u0006\u0010\u0002\u001a\u00020\u00032\b\u0010\u0004\u001a\u0004\u0018\u00010\u00032\u000c\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00030\u00062\u000e\u0010\u0007\u001a\n\u0012\u0006\u0012\u0004\u0018\u00010\u00030\u00062\u000e\u0010\b\u001a\n\u0012\u0004\u0012\u00020\u0003\u0018\u00010\u00062\u0010\u0010\t\u001a\u000c\u0012\u0006\u0012\u0004\u0018\u00010\u0003\u0018\u00010\u0006")
-    val data2 = arrayOf("f","","x","LMyClass;","y","l1","LMyParamClass;","l2","l3","l4")
-    val extraString = null
-    val packageName = null
-    val extraInt = 48
-    val kch = KotlinClassHeader(kind, metadataVersion, data1, data2, extraString, packageName, extraInt)
-
-    val md = KotlinClassMetadata.read(kch)
-    when (md) {
-        is KotlinClassMetadata.Class -> println("Metadata for Class not yet supported")
-        is KotlinClassMetadata.FileFacade -> {
-            println("Metadata for FileFacade:")
-            val kmp = md.toKmPackage()
-            kmp.accept(MyPackageVisitor(0))
-        }
-        is KotlinClassMetadata.SyntheticClass -> println("Metadata for SyntheticClass not yet supported")
-        is KotlinClassMetadata.MultiFileClassFacade -> println("Metadata for MultiFileClassFacade not yet supported")
-        is KotlinClassMetadata.MultiFileClassPart -> println("Metadata for MultiFileClassPart not yet supported")
-        is KotlinClassMetadata.Unknown -> println("Unknown kind")
-        else -> println("Unexpected kind")
-    }
-}
-
-fun pr(indent: Int, s: String) {
-    println("    ".repeat(indent) + s)
-}
-
-class MyPackageVisitor(val indent: Int): KmPackageVisitor() {
-    override fun visitFunction(flags: Flags, name: String): KmFunctionVisitor? {
-        pr(indent, "=> Function; flags:$flags, name:$name")
-        return MyFunctionVisitor(indent + 1)
-    }
-
-    override fun visitProperty(flags: Flags, name: String, getterFlags: Flags, setterFlags: Flags): KmPropertyVisitor? {
-        pr(indent, "=> Properties not yet handled")
-        return null
-    }
-
-    override fun visitTypeAlias(flags: Flags, name: String): KmTypeAliasVisitor? {
-        pr(indent, "=> Type aliases not yet handled")
-        return null
-    }
-
-    override fun visitExtensions(type: KmExtensionType): KmPackageExtensionVisitor? {
-        pr(indent, "=> Package extensions; type:$type")
-        when (type) {
-            JvmPackageExtensionVisitor.TYPE -> return MyJvmPackageExtensionVisitor(indent + 1)
-            else -> {
-                pr(indent, "- Not yet handled")
-                return null
-            }
-        }
-    }
-}
-
-class MyFunctionVisitor(val indent: Int): KmFunctionVisitor() {
-    override fun visitTypeParameter(flags: Flags, name: String, id: Int, variance: KmVariance): KmTypeParameterVisitor? {
-        pr(indent, "=> Type parameter; flags:$flags, name:$name, id:$id, variance:$variance")
-        pr(indent, "    -> Not yet handled")
-        return null
-    }
-    override fun visitReceiverParameterType(flags: Flags): KmTypeVisitor? {
-        pr(indent, "=> Receiver parameter type; flags:$flags")
-        pr(indent, "    -> Not yet handled")
-        return null
-    }
-
-    override fun visitValueParameter(flags: Flags, name: String): KmValueParameterVisitor? {
-        pr(indent, "=> Value parameter; flags:$flags, name:$name")
-        return MyValueParameterVisitor(indent + 1)
-    }
-
-    override fun visitReturnType(flags: Flags): KmTypeVisitor? {
-        pr(indent, "=> Return type; flags:$flags")
-        return MyTypeVisitor(indent + 1)
-    }
-
-    override fun visitVersionRequirement(): KmVersionRequirementVisitor? {
-        pr(indent, "=> VersionRequirement not yet handled")
-        return null
-    }
-
-    override fun visitContract(): KmContractVisitor? {
-        pr(indent, "=> Contract not yet handled")
-        return null
-    }
-
-    override fun visitExtensions(type: KmExtensionType): KmFunctionExtensionVisitor? {
-        pr(indent, "=> Function extensions; type:$type")
-        when (type) {
-            JvmFunctionExtensionVisitor.TYPE -> return MyJvmFunctionExtensionVisitor(indent + 1)
-            else -> {
-                pr(indent, "- Not yet handled")
-                return null
-            }
-        }
-    }
-}
-
-class MyValueParameterVisitor(val indent: Int): KmValueParameterVisitor() {
-    override fun visitType(flags: Flags): KmTypeVisitor? {
-        pr(indent, "=> Type; flags:$flags")
-        return MyTypeVisitor(indent + 1)
-    }
-
-    override fun visitVarargElementType(flags: Flags): KmTypeVisitor? {
-        pr(indent, "=> VarargElementType not yet handled")
-        return null
-    }
-
-    override fun visitExtensions(type: KmExtensionType): KmValueParameterExtensionVisitor? {
-        pr(indent, "=> Value parameter extensions; type:$type; not yet handled")
-        return null
-    }
-}
-
-class MyTypeVisitor(val indent: Int): KmTypeVisitor() {
-    override fun visitClass(name: ClassName) {
-        pr(indent, "=> Class; name:$name")
-    }
-
-    override fun visitTypeAlias(name: ClassName) {
-        pr(indent, "=> Type alias; name:$name")
-    }
-
-    override fun visitTypeParameter(id: Int) {
-        pr(indent, "=> Type parameter; id:$id")
-    }
-
-    override fun visitArgument(flags: Flags, variance: KmVariance): KmTypeVisitor? {
-        pr(indent, "=> Argument; flags:$flags, variance:$variance")
-        return MyTypeVisitor(indent + 1)
-    }
-
-    override fun visitStarProjection() {
-        pr(indent, "=> Star projection")
-    }
-
-    override fun visitAbbreviatedType(flags: Flags): KmTypeVisitor? {
-        pr(indent, "=> AbbreviatedType not yet handled")
-        return null
-    }
-
-    override fun visitOuterType(flags: Flags): KmTypeVisitor? {
-        pr(indent, "=> OuterType not yet handled")
-        return null
-    }
-
-    override fun visitFlexibleTypeUpperBound(flags: Flags, typeFlexibilityId: String?): KmTypeVisitor? {
-        pr(indent, "=> FlexibleTypeUpperBound not yet handled")
-        return null
-    }
-
-    override fun visitExtensions(type: KmExtensionType): KmTypeExtensionVisitor? {
-        pr(indent, "=> Type extensions; type:$type")
-        when (type) {
-            JvmTypeExtensionVisitor.TYPE -> return MyJvmTypeExtensionVisitor(indent + 1)
-            else -> {
-                pr(indent, "- Not yet handled")
-                return null
-            }
-        }
-    }
-}
-
-class MyJvmTypeExtensionVisitor(val indent: Int): JvmTypeExtensionVisitor() {
-    override fun visit(isRaw: Boolean) {
-        pr(indent, "=> isRaw:$isRaw")
-    }
-
-    override fun visitAnnotation(annotation: KmAnnotation) {
-        pr(indent, "=> Annotation; annotation:$annotation")
-    }
-}
-
-class MyJvmPackageExtensionVisitor(val indent: Int): JvmPackageExtensionVisitor() {
-    override fun visitLocalDelegatedProperty(flags: Flags, name: String, getterFlags: Flags, setterFlags: Flags): KmPropertyVisitor? {
-        pr(indent, "=> Local delegate not yet handled")
-        return null
-    }
-
-    override fun visitModuleName(name: String) {
-        pr(indent, "=> Module name; name:$name")
-    }
-}
-
-class MyJvmFunctionExtensionVisitor(val indent: Int): JvmFunctionExtensionVisitor() {
-    override fun visit(signature: JvmMethodSignature?) {
-        pr(indent, "=> signature:$signature")
-    }
-
-    override fun visitLambdaClassOriginName(internalName: String) {
-        pr(indent, "=> LambdaClassOriginName; internalName:$internalName")
-    }
-}
--- a/java/kotlin-extractor/kotlin_plugin_versions.py
+++ b/java/kotlin-extractor/kotlin_plugin_versions.py
@@ -24,7 +24,6 @@ def version_string_to_tuple(version):
 # Version number used by CI.
 ci_version = '1.8.10'

-# Version numbers in the list need to be in semantically increasing order
 many_versions = [ '1.4.32', '1.5.0', '1.5.10', '1.5.20', '1.5.30', '1.6.0', '1.6.20', '1.7.0', '1.7.20', '1.8.0', '1.9.0-Beta' ]

 many_versions_tuples = [version_string_to_tuple(v) for v in many_versions]
@@ -42,18 +41,13 @@ def get_single_version(fakeVersionOutput = None):
    if m is None:
        raise Exception('Cannot detect version of kotlinc (got ' + str(versionOutput) + ')')
    current_version = version_string_to_tuple(m.group(1))
-    matching_minor_versions = [ version for version in many_versions_tuples if version[0:2] == current_version[0:2] ]
-    if len(matching_minor_versions) == 0:
-        raise Exception(f'Cannot find a matching minor version for kotlinc version {current_version} (got {versionOutput}; know about {str(many_versions)})')

-    matching_minor_versions.sort(reverse = True)
+    many_versions_tuples.sort(reverse = True)

-    for version in matching_minor_versions:
+    for version in many_versions_tuples:
        if version[0:3] <= current_version[0:3]:
            return version_tuple_to_string(version)

-    return version_tuple_to_string(matching_minor_versions[-1])
-
    raise Exception(f'No suitable kotlinc version found for {current_version} (got {versionOutput}; know about {str(many_versions)})')

 def get_latest_url():
--- a/java/ql/lib/change-notes/2023-05-19-path-injection-sinks-mad.md
+++ b/java/ql/lib/change-notes/2023-05-19-path-injection-sinks-mad.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Path creation sinks modeled in `PathCreation.qll` have been added to the models-as-data sink kind `path-injection`.
--- a/java/ql/lib/change-notes/2023-06-01-new-models.md
+++ b/java/ql/lib/change-notes/2023-06-01-new-models.md
@@ -0,0 +1,7 @@
+---
+category: minorAnalysis
+---
+* Added models for the following packages:
+
+  * java.lang
+  * java.nio.file
--- a/java/ql/lib/change-notes/2023-06-02-delete-deps.md
+++ b/java/ql/lib/change-notes/2023-06-02-delete-deps.md
@@ -0,0 +1,6 @@
+---
+category: minorAnalysis
+---
+* Deleted the deprecated `getRHS` predicate from the `LValue` class, use `getRhs` instead.
+* Deleted the deprecated `getCFGNode` predicate from the `SsaVariable` class, use `getCfgNode` instead.
+* Deleted many deprecated predicates and classes with uppercase `XML`, `JSON`, `URL`, `API`, etc. in their names. Use the PascalCased versions instead.
--- a/java/ql/lib/change-notes/2023-06-06-kotlin-use-with-flow.md
+++ b/java/ql/lib/change-notes/2023-06-06-kotlin-use-with-flow.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added flow through the block arguments of `kotlin.io.use` and `kotlin.with`.
--- a/java/ql/lib/change-notes/2023-06-06-new-models.md
+++ b/java/ql/lib/change-notes/2023-06-06-new-models.md
@@ -0,0 +1,15 @@
+---
+category: minorAnalysis
+---
+* Added models for the following packages:
+
+  * com.alibaba.druid.sql
+  * com.fasterxml.jackson.databind
+  * com.jcraft.jsch
+  * io.netty.handler.ssl
+  * okhttp3
+  * org.antlr.runtime
+  * org.fusesource.leveldbjni
+  * org.influxdb
+  * org.springframework.core.io
+  * org.yaml.snakeyaml
--- a/java/ql/lib/ext/com.alibaba.druid.sql.model.yml
+++ b/java/ql/lib/ext/com.alibaba.druid.sql.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["com.alibaba.druid.sql", "SQLUtils", False, "toMySqlString", "(SQLObject)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
--- a/java/ql/lib/ext/com.fasterxml.jackson.databind.model.yml
+++ b/java/ql/lib/ext/com.fasterxml.jackson.databind.model.yml
@@ -9,3 +9,9 @@ extensions:
      - ["com.fasterxml.jackson.databind", "ObjectMapper", True, "valueToTree", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"]
      - ["com.fasterxml.jackson.databind", "ObjectMapper", True, "valueToTree", "", "", "Argument[0].MapValue.Element", "ReturnValue", "taint", "manual"]
      - ["com.fasterxml.jackson.databind", "ObjectReader", False, "createParser", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.fasterxml.jackson.databind", "ObjectMapper", True, "readValue", "(File,Class)", "", "Argument[0]", "path-injection", "ai-manual"]
+      - ["com.fasterxml.jackson.databind", "ObjectMapper", True, "writeValue", "(File,Object)", "", "Argument[0]", "path-injection", "ai-manual"]
--- a/java/ql/lib/ext/com.google.gson.model.yml
+++ b/java/ql/lib/ext/com.google.gson.model.yml
@@ -26,7 +26,12 @@ extensions:
      - ["com.google.gson", "JsonElement", True, "getAsJsonPrimitive", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
      - ["com.google.gson", "JsonElement", True, "getAsString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
      - ["com.google.gson", "JsonElement", True, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
-      - ["com.google.gson", "JsonArray", True, "add", "", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
+      - ["com.google.gson", "JsonArray", True, "add", "(Boolean)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"]
+      - ["com.google.gson", "JsonArray", True, "add", "(Character)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"]
+      - ["com.google.gson", "JsonArray", True, "add", "(JsonElement)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
+      - ["com.google.gson", "JsonArray", True, "add", "(Number)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"]
+      - ["com.google.gson", "JsonArray", True, "add", "(String)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"]
+      - ["com.google.gson", "JsonArray", True, "addAll", "(JsonArray)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
      - ["com.google.gson", "JsonArray", True, "asList", "", "", "Argument[this].Element", "ReturnValue.Element", "value", "manual"]
      - ["com.google.gson", "JsonArray", True, "get", "", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
      - ["com.google.gson", "JsonArray", True, "set", "", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
--- a/java/ql/lib/ext/com.jcraft.jsch.model.yml
+++ b/java/ql/lib/ext/com.jcraft.jsch.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.jcraft.jsch", "JSch", True, "getSession", "(String,String,int)", "", "Argument[1]", "request-forgery", "ai-manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["com.jcraft.jsch", "ChannelSftp", True, "realpath", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
--- a/java/ql/lib/ext/io.netty.handler.ssl.model.yml
+++ b/java/ql/lib/ext/io.netty.handler.ssl.model.yml
@@ -5,3 +5,5 @@ extensions:
    data:
      - ["io.netty.handler.ssl", "OpenSslServerContext", False, "OpenSslServerContext", "(File,File)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["io.netty.handler.ssl", "SslContextBuilder", False, "forServer", "(File,File)", "", "Argument[0]", "path-injection", "ai-manual"]
+      - ["io.netty.handler.ssl", "SslContextBuilder", False, "trustManager", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
+      - ["io.netty.handler.ssl", "SslContextBuilder", False, "trustManager", "(InputStream)", "", "Argument[0]", "path-injection", "ai-manual"]
--- a/java/ql/lib/ext/java.io.model.yml
+++ b/java/ql/lib/ext/java.io.model.yml
@@ -3,6 +3,10 @@ extensions:
      pack: codeql/java-all
      extensible: sinkModel
    data:
+      - ["java.io", "File", False, "File", "(File,String)", "", "Argument[1]", "path-injection", "manual"] # old PathCreation
+      - ["java.io", "File", False, "File", "(String)", "", "Argument[0]", "path-injection", "manual"] # old PathCreation
+      - ["java.io", "File", False, "File", "(String,String)", "", "Argument[0..1]", "path-injection", "manual"] # old PathCreation
+      - ["java.io", "File", False, "File", "(URI)", "", "Argument[0]", "path-injection", "manual"] # old PathCreation
      - ["java.io", "File", True, "createNewFile", "()", "", "Argument[undefined]", "path-injection", "ai-manual"]
      - ["java.io", "File", True, "createTempFile", "(String,String,File)", "", "Argument[2]", "path-injection", "ai-manual"]
      - ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
@@ -12,6 +16,7 @@ extensions:
      - ["java.io", "FileOutputStream", False, "write", "", "", "Argument[0]", "file-content-store", "manual"]
      - ["java.io", "FileReader", True, "FileReader", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.io", "FileReader", True, "FileReader", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
+      - ["java.io", "FileReader", True, "FileReader", "(String,Charset)", "", "Argument[0]", "path-injection", "manual"]
      - ["java.io", "FileSystem", True, "createDirectory", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.io", "FileWriter", False, "FileWriter", "", "", "Argument[0]", "path-injection", "manual"]
      - ["java.io", "PrintStream", False, "PrintStream", "(File)", "", "Argument[0]", "path-injection", "manual"]
--- a/java/ql/lib/ext/java.lang.model.yml
+++ b/java/ql/lib/ext/java.lang.model.yml
@@ -8,6 +8,9 @@ extensions:
      - ["java.lang", "ClassLoader", True, "getSystemResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.lang", "ClassLoader", True, "getSystemResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.lang", "Module", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
+      # These are potential vulnerabilities, but not for command-injection. No query for this kind of vulnerability currently exists.
+      # - ["java.lang", "Runtime", False, "load", "(String)", "", "Argument[0]", "command-injection", "ai-manual"]
+      # - ["java.lang", "Runtime", False, "loadLibrary", "(String)", "", "Argument[0]", "command-injection", "ai-manual"]
      # These are modeled in plain CodeQL. TODO: migrate them.
      # - ["java.lang", "ProcessBuilder", False, "command", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"]
      # - ["java.lang", "ProcessBuilder", False, "directory", "(File)", "", "Argument[0]", "command-injection", "ai-manual"]
--- a/java/ql/lib/ext/java.nio.file.model.yml
+++ b/java/ql/lib/ext/java.nio.file.model.yml
@@ -18,6 +18,7 @@ extensions:
      - ["java.nio.file", "Files", False, "delete", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.nio.file", "Files", False, "deleteIfExists", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.nio.file", "Files", False, "deleteIfExists", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
+      - ["java.nio.file", "Files", False, "getFileStore", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] # the FileStore class is unlikely to be used for later sanitization
      - ["java.nio.file", "Files", False, "lines", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.nio.file", "Files", False, "lines", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.nio.file", "Files", False, "move", "", "", "Argument[1]", "path-injection", "manual"]
@@ -26,6 +27,7 @@ extensions:
      - ["java.nio.file", "Files", False, "newBufferedWriter", "", "", "Argument[0]", "path-injection", "manual"]
      - ["java.nio.file", "Files", False, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.nio.file", "Files", False, "newOutputStream", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["java.nio.file", "Files", False, "probeContentType", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] # accesses the file based on user input, but only reads its content type from it
      - ["java.nio.file", "Files", False, "readAllBytes", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.nio.file", "Files", False, "readAllLines", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.nio.file", "Files", False, "readAllLines", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
@@ -40,14 +42,25 @@ extensions:
      - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.nio.file", "Files", True, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.nio.file", "Files", True, "newOutputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"]
+      - ["java.nio.file", "FileSystem", False, "getPath", "", "", "Argument[0..1]", "path-injection", "manual"] # old PathCreation
      - ["java.nio.file", "FileSystems", False, "newFileSystem", "(URI,Map)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.nio.file", "FileSystems", False, "newFileSystem", "(URI,Map)", "", "Argument[0]", "request-forgery", "ai-manual"]
+      - ["java.nio.file", "Path", False, "of", "(String,String[])", "", "Argument[0..1]", "path-injection", "manual"] # old PathCreation
+      - ["java.nio.file", "Path", False, "of", "(URI)", "", "Argument[0]", "path-injection", "manual"] # old PathCreation
+      - ["java.nio.file", "Path", False, "resolve", "(String)", "", "Argument[0]", "path-injection", "manual"] # old PathCreation
+      - ["java.nio.file", "Path", False, "resolveSibling", "(String)", "", "Argument[0]", "path-injection", "manual"] # old PathCreation
+      - ["java.nio.file", "Paths", False, "get", "(String,String[])", "", "Argument[0..1]", "path-injection", "manual"] # old PathCreation
+      - ["java.nio.file", "Paths", False, "get", "(URI)", "", "Argument[0]", "path-injection", "manual"] # old PathCreation
      - ["java.nio.file", "SecureDirectoryStream", True, "deleteDirectory", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["java.nio.file", "SecureDirectoryStream", True, "deleteFile", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
  - addsTo:
      pack: codeql/java-all
      extensible: summaryModel
    data:
+      - ["java.nio.file", "Files", False, "find", "(Path,int,BiPredicate,FileVisitOption[])", "", "Argument[0]", "ReturnValue.Element", "taint", "ai-manual"]
+      - ["java.nio.file", "Files", False, "find", "(Path,int,BiPredicate,FileVisitOption[])", "", "Argument[2]", "ReturnValue.Element", "taint", "ai-manual"]
+      - ["java.nio.file", "Files", False, "list", "(Path)", "", "Argument[0]", "ReturnValue.Element", "taint", "ai-manual"]
+      - ["java.nio.file", "Files", False, "readSymbolicLink", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] # this can be used to enumerate a file system
      - ["java.nio.file", "Files", True, "newBufferedReader", "(Path,Charset)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
      - ["java.nio.file", "Files", True, "newBufferedReader", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
      - ["java.nio.file", "Files", True, "newByteChannel", "(Path,OpenOption[])", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
--- a/java/ql/lib/ext/kotlin.io.model.yml
+++ b/java/ql/lib/ext/kotlin.io.model.yml
@@ -11,6 +11,8 @@ extensions:
      pack: codeql/java-all
      extensible: summaryModel
    data:
+      - ["kotlin.io", "CloseableKt", False, "use", "", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["kotlin.io", "CloseableKt", False, "use", "", "", "Argument[1].ReturnValue", "ReturnValue", "value", "manual"]
      - ["kotlin.io", "FilesKt", False, "normalize", "(File)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
      - ["kotlin.io", "FilesKt", False, "relativeTo", "(File,File)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
      - ["kotlin.io", "FilesKt", False, "relativeTo", "(File,File)", "", "Argument[1]", "ReturnValue", "taint", "ai-manual"]
--- a/java/ql/lib/ext/kotlin.model.yml
+++ b/java/ql/lib/ext/kotlin.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["kotlin", "StandardKt", False, "with", "", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"]
+      - ["kotlin", "StandardKt", False, "with", "", "", "Argument[1].ReturnValue", "ReturnValue", "value", "manual"]
--- a/java/ql/lib/ext/okhttp3.model.yml
+++ b/java/ql/lib/ext/okhttp3.model.yml
@@ -59,5 +59,6 @@ extensions:
      - ["okhttp3", "HttpUrl$Builder", False, "setQueryParameter", "", "", "Argument[this]", "ReturnValue", "value", "manual"]
      - ["okhttp3", "HttpUrl$Builder", False, "setQueryParameter", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
      - ["okhttp3", "HttpUrl$Builder", False, "username", "", "", "Argument[this]", "ReturnValue", "value", "manual"]
-      - ["okhttp3", "Request$Builder", False, "get", "()", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] # this creates a GET request
-      - ["okhttp3", "Request$Builder", False, "url", "(String)", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"]
+      - ["okhttp3", "Request$Builder", False, "get", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"] # this creates a GET request
+      - ["okhttp3", "Request$Builder", False, "url", "(String)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
+      - ["okhttp3", "Request$Builder", True, "build", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
--- a/java/ql/lib/ext/org.antlr.runtime.model.yml
+++ b/java/ql/lib/ext/org.antlr.runtime.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.antlr.runtime", "ANTLRFileStream", True, "ANTLRFileStream", "(String,String)", "", "Argument[0]", "path-injection", "ai-manual"]
--- a/java/ql/lib/ext/org.fusesource.leveldbjni.model.yml
+++ b/java/ql/lib/ext/org.fusesource.leveldbjni.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.fusesource.leveldbjni", "JniDBFactory", True, "open", "(File,Options)", "", "Argument[0]", "path-injection", "ai-manual"]
--- a/java/ql/lib/ext/org.influxdb.model.yml
+++ b/java/ql/lib/ext/org.influxdb.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.influxdb", "InfluxDBFactory", False, "connect", "(String,String,String,Builder)", "", "Argument[0]", "request-forgery", "ai-manual"]
--- a/java/ql/lib/ext/org.springframework.core.io.model.yml
+++ b/java/ql/lib/ext/org.springframework.core.io.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.springframework.core.io", "ResourceLoader", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
+      - ["org.springframework.core.io", "ResourceLoader", True, "getResource", "(String)", "", "Argument[0]", "request-forgery", "manual"]
--- a/java/ql/lib/ext/org.yaml.snakeyaml.model.yml
+++ b/java/ql/lib/ext/org.yaml.snakeyaml.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.yaml.snakeyaml", "Yaml", True, "load", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
--- a/java/ql/lib/semmle/code/java/Expr.qll
+++ b/java/ql/lib/semmle/code/java/Expr.qll
@@ -1809,9 +1809,6 @@ class LValue extends VarAccess {
   * are source expressions of the assignment.
   */
  Expr getRhs() { exists(Assignment e | e.getDest() = this and e.getSource() = result) }
-
-  /** DEPRECATED: Alias for getRhs */
-  deprecated Expr getRHS() { result = this.getRhs() }
 }

 /**
--- a/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll
+++ b/java/ql/lib/semmle/code/java/controlflow/internal/Preconditions.qll
@@ -6,15 +6,6 @@

 import java

-/**
- * DEPRECATED: Use `conditionCheckMethodArgument` instead.
- * Holds if `m` is a non-overridable method that checks that its first argument
- * is equal to `checkTrue` and throws otherwise.
- */
-deprecated predicate conditionCheckMethod(Method m, boolean checkTrue) {
-  conditionCheckMethodArgument(m, 0, checkTrue)
-}
-
 /**
 * Holds if `m` is a non-overridable method that checks that its zero-indexed `argument`
 * is equal to `checkTrue` and throws otherwise.
--- a/java/ql/lib/semmle/code/java/dataflow/SSA.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/SSA.qll
@@ -931,9 +931,6 @@ class SsaVariable extends TSsaVariable {
    this = TSsaUntracked(_, result)
  }

-  /** DEPRECATED: Alias for getCfgNode */
-  deprecated ControlFlowNode getCFGNode() { result = this.getCfgNode() }
-
  /** Gets a textual representation of this SSA variable. */
  string toString() { none() }

--- a/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/BaseSSA.qll
@@ -483,9 +483,6 @@ class BaseSsaVariable extends TBaseSsaVariable {
    this = TSsaEntryDef(_, result)
  }

-  /** DEPRECATED: Alias for getCfgNode */
-  deprecated ControlFlowNode getCFGNode() { result = this.getCfgNode() }
-
  string toString() { none() }

  Location getLocation() { result = this.getCfgNode().getLocation() }
--- a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
+++ b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
@@ -456,9 +456,6 @@ class ArbitraryXmlEntryPoint extends ReflectivelyConstructedClass {
  }
 }

-/** DEPRECATED: Alias for ArbitraryXmlEntryPoint */
-deprecated class ArbitraryXMLEntryPoint = ArbitraryXmlEntryPoint;
-
 /** A Selenium PageObject, created by a call to PageFactory.initElements(..). */
 class SeleniumPageObjectEntryPoint extends ReflectivelyConstructedClass instanceof SeleniumPageObject
 { }
--- a/java/ql/lib/semmle/code/java/frameworks/Networking.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Networking.qll
@@ -38,9 +38,6 @@ class UrlConnectionGetInputStreamMethod extends Method {
  }
 }

-/** DEPRECATED: Alias for UrlConnectionGetInputStreamMethod */
-deprecated class URLConnectionGetInputStreamMethod = UrlConnectionGetInputStreamMethod;
-
 /** The method `java.net.Socket::getInputStream`. */
 class SocketGetInputStreamMethod extends Method {
  SocketGetInputStreamMethod() {
--- a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
@@ -128,9 +128,6 @@ class HttpServletRequestGetRequestUrlMethod extends Method {
  }
 }

-/** DEPRECATED: Alias for HttpServletRequestGetRequestUrlMethod */
-deprecated class HttpServletRequestGetRequestURLMethod = HttpServletRequestGetRequestUrlMethod;
-
 /**
 * The method `getRequestURI()` declared in `javax.servlet.http.HttpServletRequest`.
 */
@@ -339,9 +336,6 @@ class ServletWebXmlListenerType extends RefType {
  }
 }

-/** DEPRECATED: Alias for ServletWebXmlListenerType */
-deprecated class ServletWebXMLListenerType = ServletWebXmlListenerType;
-
 /** Holds if `m` is a request handler method (for example `doGet` or `doPost`). */
 predicate isServletRequestMethod(Method m) {
  m.getDeclaringType() instanceof ServletClass and
--- a/java/ql/lib/semmle/code/java/frameworks/UnboundId.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/UnboundId.qll
@@ -29,9 +29,6 @@ class TypeUnboundIdLdapConnection extends Class {
  }
 }

-/** DEPRECATED: Alias for TypeUnboundIdLdapConnection */
-deprecated class TypeUnboundIdLDAPConnection = TypeUnboundIdLdapConnection;
-
 /*--- Methods ---*/
 /** A method with the name `setBaseDN` declared in `com.unboundid.ldap.sdk.SearchRequest`. */
 class MethodUnboundIdSearchRequestSetBaseDN extends Method {
@@ -103,9 +100,6 @@ class MethodUnboundIdLdapConnectionSearch extends Method {
  }
 }

-/** DEPRECATED: Alias for MethodUnboundIdLdapConnectionSearch */
-deprecated class MethodUnboundIdLDAPConnectionSearch = MethodUnboundIdLdapConnectionSearch;
-
 /** A method with the name `asyncSearch` declared in `com.unboundid.ldap.sdk.LDAPConnection`. */
 class MethodUnboundIdLdapConnectionAsyncSearch extends Method {
  MethodUnboundIdLdapConnectionAsyncSearch() {
@@ -114,10 +108,6 @@ class MethodUnboundIdLdapConnectionAsyncSearch extends Method {
  }
 }

-/** DEPRECATED: Alias for MethodUnboundIdLdapConnectionAsyncSearch */
-deprecated class MethodUnboundIdLDAPConnectionAsyncSearch =
-  MethodUnboundIdLdapConnectionAsyncSearch;
-
 /** A method with the name `searchForEntry` declared in `com.unboundid.ldap.sdk.LDAPConnection`. */
 class MethodUnboundIdLdapConnectionSearchForEntry extends Method {
  MethodUnboundIdLdapConnectionSearchForEntry() {
@@ -125,7 +115,3 @@ class MethodUnboundIdLdapConnectionSearchForEntry extends Method {
    this.hasName("searchForEntry")
  }
 }
-
-/** DEPRECATED: Alias for MethodUnboundIdLdapConnectionSearchForEntry */
-deprecated class MethodUnboundIdLDAPConnectionSearchForEntry =
-  MethodUnboundIdLdapConnectionSearchForEntry;
--- a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll
@@ -20,9 +20,6 @@ class JacksonJsonIgnoreAnnotation extends NonReflectiveAnnotation {
  }
 }

-/** DEPRECATED: Alias for JacksonJsonIgnoreAnnotation */
-deprecated class JacksonJSONIgnoreAnnotation = JacksonJsonIgnoreAnnotation;
-
 /** A type whose values may be serialized using the Jackson JSON framework. */
 abstract class JacksonSerializableType extends Type { }

--- a/java/ql/lib/semmle/code/java/frameworks/javaee/PersistenceXML.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/PersistenceXML.qll
@@ -26,9 +26,6 @@ class PersistenceXmlFile extends XmlFile {
  }
 }

-/** DEPRECATED: Alias for PersistenceXmlFile */
-deprecated class PersistenceXMLFile = PersistenceXmlFile;
-
 /** The root `persistence` XML element in a `persistence.xml` file. */
 class PersistenceXmlRoot extends XmlElement {
  PersistenceXmlRoot() {
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBJarXML.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBJarXML.qll
@@ -35,9 +35,6 @@ class EjbJarXmlFile extends XmlFile {
  }
 }

-/** DEPRECATED: Alias for EjbJarXmlFile */
-deprecated class EjbJarXMLFile = EjbJarXmlFile;
-
 /** The root `ejb-jar` XML element in an `ejb-jar.xml` file. */
 class EjbJarRootElement extends XmlElement {
  EjbJarRootElement() {
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFFacesContextXML.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFFacesContextXML.qll
@@ -16,9 +16,6 @@ class FacesConfigXmlFile extends XmlFile {
  }
 }

-/** DEPRECATED: Alias for FacesConfigXmlFile */
-deprecated class FacesConfigXMLFile = FacesConfigXmlFile;
-
 /**
 * An XML element in a `FacesConfigXMLFile`.
 */
@@ -31,9 +28,6 @@ class FacesConfigXmlElement extends XmlElement {
  string getValue() { result = this.allCharactersString().trim() }
 }

-/** DEPRECATED: Alias for FacesConfigXmlElement */
-deprecated class FacesConfigXMLElement = FacesConfigXmlElement;
-
 /**
 * An element in a JSF config file that declares a managed bean.
 */
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll
@@ -100,9 +100,6 @@ class SpringBeanXmlAutowiredSetterMethod extends Method {
  }
 }

-/** DEPRECATED: Alias for SpringBeanXmlAutowiredSetterMethod */
-deprecated class SpringBeanXMLAutowiredSetterMethod = SpringBeanXmlAutowiredSetterMethod;
-
 /**
 * A callable that is annotated with `@Autowired`.
 *
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringCamel.qll
@@ -13,9 +13,6 @@ class SpringCamelXmlElement extends SpringXmlElement {
  SpringCamelXmlElement() { this.getNamespace().getUri() = "http://camel.apache.org/schema/spring" }
 }

-/** DEPRECATED: Alias for SpringCamelXmlElement */
-deprecated class SpringCamelXMLElement = SpringCamelXmlElement;
-
 /**
 * An element in a Spring beans file that defines an Apache Camel context.
 *
@@ -25,9 +22,6 @@ class SpringCamelXmlContext extends SpringCamelXmlElement {
  SpringCamelXmlContext() { this.getName() = "camelContext" }
 }

-/** DEPRECATED: Alias for SpringCamelXmlContext */
-deprecated class SpringCamelXMLContext = SpringCamelXmlContext;
-
 /**
 * An element in a Spring beans file that defines an Apache Camel route context.
 *
@@ -38,9 +32,6 @@ class SpringCamelXmlRouteContext extends SpringCamelXmlElement {
  SpringCamelXmlRouteContext() { this.getName() = "routeContext" }
 }

-/** DEPRECATED: Alias for SpringCamelXmlRouteContext */
-deprecated class SpringCamelXMLRouteContext = SpringCamelXmlRouteContext;
-
 /**
 * An element in a Spring beans files that defines an Apache Camel route.
 *
@@ -58,9 +49,6 @@ class SpringCamelXmlRoute extends SpringCamelXmlElement {
  }
 }

-/** DEPRECATED: Alias for SpringCamelXmlRoute */
-deprecated class SpringCamelXMLRoute = SpringCamelXmlRoute;
-
 /**
 * An element in a Spring bean file that is logically contained in an Apache Camel route.
 */
@@ -71,9 +59,6 @@ class SpringCamelXmlRouteElement extends SpringCamelXmlElement {
  }
 }

-/** DEPRECATED: Alias for SpringCamelXmlRouteElement */
-deprecated class SpringCamelXMLRouteElement = SpringCamelXmlRouteElement;
-
 /**
 * A reference to a Spring bean in an Apache Camel route defined in a Spring beans file.
 *
@@ -98,9 +83,6 @@ class SpringCamelXmlBeanRef extends SpringCamelXmlRouteElement {
  RefType getBeanType() { result.getQualifiedName() = this.getAttribute("beanType").getValue() }
 }

-/** DEPRECATED: Alias for SpringCamelXmlBeanRef */
-deprecated class SpringCamelXMLBeanRef = SpringCamelXmlBeanRef;
-
 /**
 * A declaration of a target in an Apache Camel route defined in a Spring beans file.
 *
@@ -120,9 +102,6 @@ class SpringCamelXmlToElement extends SpringCamelXmlRouteElement {
  deprecated string getURI() { result = this.getUri() }
 }

-/** DEPRECATED: Alias for SpringCamelXmlToElement */
-deprecated class SpringCamelXMLToElement = SpringCamelXmlToElement;
-
 /**
 * A declaration of a Apache Camel "method" expression defined in a Spring beans file.
 *
@@ -147,6 +126,3 @@ class SpringCamelXmlMethodElement extends SpringCamelXmlElement {
   */
  RefType getBeanType() { result.getQualifiedName() = this.getAttribute("beanType").getValue() }
 }
-
-/** DEPRECATED: Alias for SpringCamelXmlMethodElement */
-deprecated class SpringCamelXMLMethodElement = SpringCamelXmlMethodElement;
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringComponentScan.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringComponentScan.qll
@@ -23,9 +23,6 @@ class SpringXmlComponentScan extends SpringXmlElement {
  string getAProfileExpr() { result = this.getSpringBeanFile().getAProfileExpr() }
 }

-/** DEPRECATED: Alias for SpringXmlComponentScan */
-deprecated class SpringXMLComponentScan = SpringXmlComponentScan;
-
 /**
 * An annotation of a class that configures which packages are considered to be "base" packages
 * when performing the Spring component scan.
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringFlex.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringFlex.qll
@@ -57,11 +57,6 @@ class SpringRemotingDestinationClass extends Class {
   */
  SpringRemotingDestination getRemotingDestinationXml() { this = result.getSpringBean().getClass() }

-  /** DEPRECATED: Alias for getRemotingDestinationXml */
-  deprecated SpringRemotingDestination getRemotingDestinationXML() {
-    result = this.getRemotingDestinationXml()
-  }
-
  /**
   * Holds if the class is operating on an "include" or "exclude" basis.
   *
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringXMLElement.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringXMLElement.qll
@@ -37,6 +37,3 @@ class SpringXmlElement extends XmlElement {

  string getContentString() { result = this.allCharactersString() }
 }
-
-/** DEPRECATED: Alias for SpringXmlElement */
-deprecated class SpringXMLElement = SpringXmlElement;
--- a/java/ql/lib/semmle/code/java/frameworks/struts/StrutsConventions.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/struts/StrutsConventions.qll
@@ -77,9 +77,6 @@ StrutsXmlFile getRootXmlFile(RefType refType) {
  )
 }

-/** DEPRECATED: Alias for getRootXmlFile */
-deprecated StrutsXMLFile getRootXMLFile(RefType refType) { result = getRootXmlFile(refType) }
-
 /**
 * Gets the suffix used for automatically identifying actions when using the convention plugin.
 *
--- a/java/ql/lib/semmle/code/java/frameworks/struts/StrutsXML.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/struts/StrutsXML.qll
@@ -5,9 +5,6 @@ import java
 */
 predicate isStrutsXmlIncluded() { exists(StrutsXmlFile strutsXml) }

-/** DEPRECATED: Alias for isStrutsXmlIncluded */
-deprecated predicate isStrutsXMLIncluded = isStrutsXmlIncluded/0;
-
 /**
 * A struts 2 configuration file.
 */
@@ -51,9 +48,6 @@ abstract class StrutsXmlFile extends XmlFile {
  }
 }

-/** DEPRECATED: Alias for StrutsXmlFile */
-deprecated class StrutsXMLFile = StrutsXmlFile;
-
 /**
 * A Struts 2 "root" configuration XML file directly read by struts.
 *
@@ -66,9 +60,6 @@ class StrutsRootXmlFile extends StrutsXmlFile {
  }
 }

-/** DEPRECATED: Alias for StrutsRootXmlFile */
-deprecated class StrutsRootXMLFile = StrutsRootXmlFile;
-
 /**
 * A Struts 2 configuration XML file included, directly or indirectly, by a root Struts configuration.
 */
@@ -76,9 +67,6 @@ class StrutsIncludedXmlFile extends StrutsXmlFile {
  StrutsIncludedXmlFile() { exists(StrutsXmlInclude include | this = include.getIncludedFile()) }
 }

-/** DEPRECATED: Alias for StrutsIncludedXmlFile */
-deprecated class StrutsIncludedXMLFile = StrutsIncludedXmlFile;
-
 /**
 * A Folder which has one or more Struts 2 root configurations.
 */
@@ -116,9 +104,6 @@ class StrutsXmlElement extends XmlElement {
  string getValue() { result = this.allCharactersString().trim() }
 }

-/** DEPRECATED: Alias for StrutsXmlElement */
-deprecated class StrutsXMLElement = StrutsXmlElement;
-
 /**
 * A `<include>` element within a `struts.xml` file.
 *
@@ -141,9 +126,6 @@ class StrutsXmlInclude extends StrutsXmlElement {
  }
 }

-/** DEPRECATED: Alias for StrutsXmlInclude */
-deprecated class StrutsXMLInclude = StrutsXmlInclude;
-
 /**
 * Escape a string for use as the matcher in a string.match(..) call.
 */
@@ -192,9 +174,6 @@ class StrutsXmlAction extends StrutsXmlElement {
  }
 }

-/** DEPRECATED: Alias for StrutsXmlAction */
-deprecated class StrutsXMLAction = StrutsXmlAction;
-
 /**
 * A `<constant>` property, representing a configuration parameter to struts.
 */
@@ -205,6 +184,3 @@ class StrutsXmlConstant extends StrutsXmlElement {

  string getConstantValue() { result = this.getAttribute("value").getValue() }
 }
-
-/** DEPRECATED: Alias for StrutsXmlConstant */
-deprecated class StrutsXMLConstant = StrutsXmlConstant;
--- a/java/ql/lib/semmle/code/java/security/Encryption.qll
+++ b/java/ql/lib/semmle/code/java/security/Encryption.qll
@@ -25,9 +25,6 @@ class HttpsUrlConnection extends RefType {
  HttpsUrlConnection() { this.hasQualifiedName("javax.net.ssl", "HttpsURLConnection") }
 }

-/** DEPRECATED: Alias for HttpsUrlConnection */
-deprecated class HttpsURLConnection = HttpsUrlConnection;
-
 class SslSocketFactory extends RefType {
  SslSocketFactory() { this.hasQualifiedName("javax.net.ssl", "SSLSocketFactory") }
 }
--- a/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll
+++ b/java/ql/lib/semmle/code/java/security/ExternalAPIs.qll
@@ -12,9 +12,6 @@ import semmle.code.java.dataflow.TaintTracking
 */
 abstract class SafeExternalApiMethod extends Method { }

-/** DEPRECATED: Alias for SafeExternalApiMethod */
-deprecated class SafeExternalAPIMethod = SafeExternalApiMethod;
-
 /** The default set of "safe" external APIs. */
 private class DefaultSafeExternalApiMethod extends SafeExternalApiMethod {
  DefaultSafeExternalApiMethod() {
@@ -95,9 +92,6 @@ class ExternalApiDataNode extends DataFlow::Node {
  string getMethodDescription() { result = this.getMethod().getQualifiedName() }
 }

-/** DEPRECATED: Alias for ExternalApiDataNode */
-deprecated class ExternalAPIDataNode = ExternalApiDataNode;
-
 /**
 * DEPRECATED: Use `UntrustedDataToExternalApiFlow` instead.
 *
@@ -125,9 +119,6 @@ module UntrustedDataToExternalApiConfig implements DataFlow::ConfigSig {
 */
 module UntrustedDataToExternalApiFlow = TaintTracking::Global<UntrustedDataToExternalApiConfig>;

-/** DEPRECATED: Alias for UntrustedDataToExternalApiConfig */
-deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiConfig;
-
 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalApiDataNode extends ExternalApiDataNode {
  UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
@@ -136,9 +127,6 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
  DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
 }

-/** DEPRECATED: Alias for UntrustedExternalApiDataNode */
-deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
-
 /** An external API which is used with untrusted data. */
 private newtype TExternalApi =
  /** An untrusted API method `m` where untrusted data is passed at `index`. */
@@ -172,6 +160,3 @@ class ExternalApiUsedWithUntrustedData extends TExternalApi {
    )
  }
 }
-
-/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
-deprecated class ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;
--- a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll
@@ -5,7 +5,6 @@ import semmle.code.java.frameworks.Networking
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.FlowSources
 private import semmle.code.java.dataflow.ExternalFlow
-import semmle.code.java.security.PathCreation
 import semmle.code.java.security.PathSanitizer

 /**
@@ -55,11 +54,7 @@ private class TaintPreservingUriCtorParam extends Parameter {
 module TaintedPathConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }

-  predicate isSink(DataFlow::Node sink) {
-    sink.asExpr() = any(PathCreation p).getAnInput()
-    or
-    sinkNode(sink, "path-injection")
-  }
+  predicate isSink(DataFlow::Node sink) { sinkNode(sink, "path-injection") }

  predicate isBarrier(DataFlow::Node sanitizer) {
    sanitizer.getType() instanceof BoxedType or
@@ -82,11 +77,7 @@ module TaintedPathFlow = TaintTracking::Global<TaintedPathConfig>;
 module TaintedPathLocalConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }

-  predicate isSink(DataFlow::Node sink) {
-    sink.asExpr() = any(PathCreation p).getAnInput()
-    or
-    sinkNode(sink, "path-injection")
-  }
+  predicate isSink(DataFlow::Node sink) { sinkNode(sink, "path-injection") }

  predicate isBarrier(DataFlow::Node sanitizer) {
    sanitizer.getType() instanceof BoxedType or
--- a/java/ql/lib/semmle/code/java/security/XmlParsers.qll
+++ b/java/ql/lib/semmle/code/java/security/XmlParsers.qll
@@ -337,9 +337,6 @@ class SaxBuilder extends RefType {
  }
 }

-/** DEPRECATED: Alias for SaxBuilder */
-deprecated class SAXBuilder = SaxBuilder;
-
 /**
 * A call to `SAXBuilder.build.`
 */
@@ -359,9 +356,6 @@ class SaxBuilderParse extends XmlParserCall {
  }
 }

-/** DEPRECATED: Alias for SaxBuilderParse */
-deprecated class SAXBuilderParse = SaxBuilderParse;
-
 private module SafeSaxBuilderToSaxBuilderParseFlowConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSaxBuilder }

@@ -386,9 +380,6 @@ class SaxBuilderConfig extends ParserConfig {
  }
 }

-/** DEPRECATED: Alias for SaxBuilderConfig */
-deprecated class SAXBuilderConfig = SaxBuilderConfig;
-
 /** A safely configured `SaxBuilder`. */
 class SafeSaxBuilder extends VarAccess {
  SafeSaxBuilder() {
@@ -404,9 +395,6 @@ class SafeSaxBuilder extends VarAccess {
  }
 }

-/** DEPRECATED: Alias for SafeSaxBuilder */
-deprecated class SafeSAXBuilder = SafeSaxBuilder;
-
 /*
 * The case in
 * https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller
@@ -420,17 +408,11 @@ class SaxParser extends RefType {
  SaxParser() { this.hasQualifiedName("javax.xml.parsers", "SAXParser") }
 }

-/** DEPRECATED: Alias for SaxParser */
-deprecated class SAXParser = SaxParser;
-
 /** The class `javax.xml.parsers.SAXParserFactory`. */
 class SaxParserFactory extends RefType {
  SaxParserFactory() { this.hasQualifiedName("javax.xml.parsers", "SAXParserFactory") }
 }

-/** DEPRECATED: Alias for SaxParserFactory */
-deprecated class SAXParserFactory = SaxParserFactory;
-
 /** A call to `SAXParser.parse`. */
 class SaxParserParse extends XmlParserCall {
  SaxParserParse() {
@@ -446,9 +428,6 @@ class SaxParserParse extends XmlParserCall {
  override predicate isSafe() { SafeSaxParserFlow::flowToExpr(this.getQualifier()) }
 }

-/** DEPRECATED: Alias for SaxParserParse */
-deprecated class SAXParserParse = SaxParserParse;
-
 /** A `ParserConfig` that is specific to `SaxParserFactory`. */
 class SaxParserFactoryConfig extends ParserConfig {
  SaxParserFactoryConfig() {
@@ -460,9 +439,6 @@ class SaxParserFactoryConfig extends ParserConfig {
  }
 }

-/** DEPRECATED: Alias for SaxParserFactoryConfig */
-deprecated class SAXParserFactoryConfig = SaxParserFactoryConfig;
-
 /**
 * A safely configured `SAXParserFactory`.
 */
@@ -496,9 +472,6 @@ class SafeSaxParserFactory extends VarAccess {
  }
 }

-/** DEPRECATED: Alias for SafeSaxParserFactory */
-deprecated class SafeSAXParserFactory = SafeSaxParserFactory;
-
 private module SafeSaxParserFactoryToNewSaxParserFlowConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSaxParserFactory }

@@ -540,9 +513,6 @@ class SafeSaxParser extends MethodAccess {
  }
 }

-/** DEPRECATED: Alias for SafeSaxParser */
-deprecated class SafeSAXParser = SafeSaxParser;
-
 /* SAXReader: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#saxreader */
 /**
 * The class `org.dom4j.io.SAXReader`.
@@ -551,9 +521,6 @@ class SaxReader extends RefType {
  SaxReader() { this.hasQualifiedName("org.dom4j.io", "SAXReader") }
 }

-/** DEPRECATED: Alias for SaxReader */
-deprecated class SAXReader = SaxReader;
-
 /** A call to `SAXReader.read`. */
 class SaxReaderRead extends XmlParserCall {
  SaxReaderRead() {
@@ -569,9 +536,6 @@ class SaxReaderRead extends XmlParserCall {
  override predicate isSafe() { SafeSaxReaderFlow::flowToExpr(this.getQualifier()) }
 }

-/** DEPRECATED: Alias for SaxReaderRead */
-deprecated class SAXReaderRead = SaxReaderRead;
-
 /** A `ParserConfig` specific to `SaxReader`. */
 class SaxReaderConfig extends ParserConfig {
  SaxReaderConfig() {
@@ -583,9 +547,6 @@ class SaxReaderConfig extends ParserConfig {
  }
 }

-/** DEPRECATED: Alias for SaxReaderConfig */
-deprecated class SAXReaderConfig = SaxReaderConfig;
-
 private module SafeSaxReaderFlowConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSaxReader }

@@ -626,9 +587,6 @@ class SafeSaxReader extends VarAccess {
  }
 }

-/** DEPRECATED: Alias for SafeSaxReader */
-deprecated class SafeSAXReader = SafeSaxReader;
-
 /* https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xmlreader */
 /** The class `org.xml.sax.XMLReader`. */
 class XmlReader extends RefType {
@@ -640,9 +598,6 @@ class InputSource extends Class {
  InputSource() { this.hasQualifiedName("org.xml.sax", "InputSource") }
 }

-/** DEPRECATED: Alias for XmlReader */
-deprecated class XMLReader = XmlReader;
-
 /** A call to `XMLReader.read`. */
 class XmlReaderParse extends XmlParserCall {
  XmlReaderParse() {
@@ -661,9 +616,6 @@ class XmlReaderParse extends XmlParserCall {
  }
 }

-/** DEPRECATED: Alias for XmlReaderParse */
-deprecated class XMLReaderParse = XmlReaderParse;
-
 /** A `ParserConfig` specific to the `XmlReader`. */
 class XmlReaderConfig extends ParserConfig {
  XmlReaderConfig() {
@@ -675,9 +627,6 @@ class XmlReaderConfig extends ParserConfig {
  }
 }

-/** DEPRECATED: Alias for XmlReaderConfig */
-deprecated class XMLReaderConfig = XmlReaderConfig;
-
 private module ExplicitlySafeXmlReaderFlowConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ExplicitlySafeXmlReader }

@@ -697,9 +646,6 @@ class SafeXmlReaderFlowSink extends Expr {
  }
 }

-/** DEPRECATED: Alias for SafeXmlReaderFlowSink */
-deprecated class SafeXMLReaderFlowSink = SafeXmlReaderFlowSink;
-
 /** An `XmlReader` that is explicitly configured to be safe. */
 class ExplicitlySafeXmlReader extends VarAccess {
  ExplicitlySafeXmlReader() {
@@ -739,9 +685,6 @@ class ExplicitlySafeXmlReader extends VarAccess {
  }
 }

-/** DEPRECATED: Alias for ExplicitlySafeXmlReader */
-deprecated class ExplicitlySafeXMLReader = ExplicitlySafeXmlReader;
-
 private module CreatedSafeXmlReaderFlowConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof CreatedSafeXmlReader }

@@ -778,9 +721,6 @@ class CreatedSafeXmlReader extends Call {
  }
 }

-/** DEPRECATED: Alias for CreatedSafeXmlReader */
-deprecated class CreatedSafeXMLReader = CreatedSafeXmlReader;
-
 /*
 * SAXSource in
 * https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller
@@ -791,9 +731,6 @@ class SaxSource extends RefType {
  SaxSource() { this.hasQualifiedName("javax.xml.transform.sax", "SAXSource") }
 }

-/** DEPRECATED: Alias for SaxSource */
-deprecated class SAXSource = SaxSource;
-
 /** A call to the constructor of `SAXSource` with `XmlReader` and `InputSource`. */
 class ConstructedSaxSource extends ClassInstanceExpr {
  ConstructedSaxSource() {
@@ -814,9 +751,6 @@ class ConstructedSaxSource extends ClassInstanceExpr {
  }
 }

-/** DEPRECATED: Alias for ConstructedSaxSource */
-deprecated class ConstructedSAXSource = ConstructedSaxSource;
-
 /** A call to the `SAXSource.setXMLReader` method. */
 class SaxSourceSetReader extends MethodAccess {
  SaxSourceSetReader() {
@@ -828,9 +762,6 @@ class SaxSourceSetReader extends MethodAccess {
  }
 }

-/** DEPRECATED: Alias for SaxSourceSetReader */
-deprecated class SAXSourceSetReader = SaxSourceSetReader;
-
 /** A `SaxSource` that is safe to use. */
 class SafeSaxSource extends Expr {
  SafeSaxSource() {
@@ -847,9 +778,6 @@ class SafeSaxSource extends Expr {
  }
 }

-/** DEPRECATED: Alias for SafeSaxSource */
-deprecated class SafeSAXSource = SafeSaxSource;
-
 /* Transformer: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#transformerfactory */
 /** An access to a method use for configuring a transformer or schema. */
 abstract class TransformerConfig extends MethodAccess {
@@ -1063,9 +991,6 @@ class SaxTransformerFactoryNewXmlFilter extends XmlParserCall {
  override predicate isSafe() { SafeTransformerFactoryFlow::flowToExpr(this.getQualifier()) }
 }

-/** DEPRECATED: Alias for SaxTransformerFactoryNewXmlFilter */
-deprecated class SAXTransformerFactoryNewXMLFilter = SaxTransformerFactoryNewXmlFilter;
-
 /* Schema: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#schemafactory */
 /** The class `javax.xml.validation.SchemaFactory`. */
 class SchemaFactory extends RefType {
@@ -1197,9 +1122,6 @@ class SimpleXmlPersisterCall extends XmlParserCall {
  override predicate isSafe() { none() }
 }

-/** DEPRECATED: Alias for SimpleXmlPersisterCall */
-deprecated class SimpleXMLPersisterCall = SimpleXmlPersisterCall;
-
 /** A call to `provide` in `Provider`. */
 class SimpleXmlProviderCall extends XmlParserCall {
  SimpleXmlProviderCall() {
@@ -1218,9 +1140,6 @@ class SimpleXmlProviderCall extends XmlParserCall {
  override predicate isSafe() { none() }
 }

-/** DEPRECATED: Alias for SimpleXmlProviderCall */
-deprecated class SimpleXMLProviderCall = SimpleXmlProviderCall;
-
 /** A call to `read` in `NodeBuilder`. */
 class SimpleXmlNodeBuilderCall extends XmlParserCall {
  SimpleXmlNodeBuilderCall() {
@@ -1236,9 +1155,6 @@ class SimpleXmlNodeBuilderCall extends XmlParserCall {
  override predicate isSafe() { none() }
 }

-/** DEPRECATED: Alias for SimpleXmlNodeBuilderCall */
-deprecated class SimpleXMLNodeBuilderCall = SimpleXmlNodeBuilderCall;
-
 /** A call to the `format` method of the `Formatter`. */
 class SimpleXmlFormatterCall extends XmlParserCall {
  SimpleXmlFormatterCall() {
@@ -1254,9 +1170,6 @@ class SimpleXmlFormatterCall extends XmlParserCall {
  override predicate isSafe() { none() }
 }

-/** DEPRECATED: Alias for SimpleXmlFormatterCall */
-deprecated class SimpleXMLFormatterCall = SimpleXmlFormatterCall;
-
 /** A configuration for secure processing. */
 Expr configSecureProcessing() {
  result.(ConstantStringExpr).getStringValue() =
--- a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll
@@ -4,6 +4,7 @@ import java
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.security.PathSanitizer
 private import semmle.code.java.dataflow.ExternalFlow
+private import semmle.code.java.security.PathCreation

 /**
 * A method that returns the name of an archive entry.
@@ -40,5 +41,28 @@ module ZipSlipFlow = TaintTracking::Global<ZipSlipConfig>;
 * A sink that represents a file creation, such as a file write, copy or move operation.
 */
 private class FileCreationSink extends DataFlow::Node {
-  FileCreationSink() { sinkNode(this, "path-injection") }
+  FileCreationSink() {
+    sinkNode(this, "path-injection") and
+    not isPathCreation(this)
+  }
+}
+
+/**
+ * Holds if `sink` is a path creation node that doesn't imply a read/write filesystem operation.
+ * This is to avoid creating new spurious alerts, since `PathCreation` sinks weren't
+ * previously part of this query.
+ */
+private predicate isPathCreation(DataFlow::Node sink) {
+  exists(PathCreation pc |
+    pc.getAnInput() = sink.asExpr()
+    or
+    pc.getAnInput().(Argument).isVararg() and sink.(DataFlow::ImplicitVarargsArray).getCall() = pc
+  |
+    // exclude actual read/write operations included in `PathCreation`
+    not pc.(Call)
+        .getCallee()
+        .getDeclaringType()
+        .hasQualifiedName("java.io",
+          ["FileInputStream", "FileOutputStream", "FileReader", "FileWriter"])
+  )
 }
--- a/java/ql/lib/semmle/code/xml/WebXML.qll
+++ b/java/ql/lib/semmle/code/xml/WebXML.qll
@@ -5,9 +5,6 @@ import java
 */
 predicate isWebXmlIncluded() { exists(WebXmlFile webXml) }

-/** DEPRECATED: Alias for isWebXmlIncluded */
-deprecated predicate isWebXMLIncluded = isWebXmlIncluded/0;
-
 /**
 * A deployment descriptor file, typically called `web.xml`.
 */
@@ -31,9 +28,6 @@ class WebXmlFile extends XmlFile {
  }
 }

-/** DEPRECATED: Alias for WebXmlFile */
-deprecated class WebXMLFile = WebXmlFile;
-
 /**
 * An XML element in a `WebXMLFile`.
 */
@@ -46,9 +40,6 @@ class WebXmlElement extends XmlElement {
  string getValue() { result = this.allCharactersString().trim() }
 }

-/** DEPRECATED: Alias for WebXmlElement */
-deprecated class WebXMLElement = WebXmlElement;
-
 /**
 * A `<context-param>` element in a `web.xml` file.
 */
--- a/java/ql/src/Metrics/Summaries/LinesOfCode.ql
+++ b/java/ql/src/Metrics/Summaries/LinesOfCode.ql
@@ -1,8 +1,8 @@
 /**
 * @id java/summary/lines-of-code
 * @name Total lines of Java code in the database
- * @description The total number of lines of code across all files. This is a useful metric of the size of a database.
- *              For all files that were seen during the build, this query counts the lines of code, excluding whitespace
+ * @description The total number of lines of code across all Java files. This is a useful metric of the size of a database.
+ *              For all Java files that were seen during the build, this query counts the lines of code, excluding whitespace
 *              or comments.
 * @kind metric
 * @tags summary
@@ -11,4 +11,4 @@

 import java

-select sum(CompilationUnit f | f.fromSource() | f.getNumberOfLinesOfCode())
+select sum(CompilationUnit f | f.fromSource() and f.isJavaSourceFile() | f.getNumberOfLinesOfCode())
--- a/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
+++ b/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
@@ -0,0 +1,18 @@
+/**
+ * @id java/summary/lines-of-code-kotlin
+ * @name Total lines of Kotlin code in the database
+ * @description The total number of lines of code across all Kotlin files. This is a useful metric of the size of a database.
+ *              For all Kotlin files that were seen during the build, this query counts the lines of code, excluding whitespace
+ *              or comments.
+ * @kind metric
+ * @tags summary
+ *       lines-of-code
+ */
+
+import java
+
+select sum(CompilationUnit f |
+    f.fromSource() and f.isKotlinSourceFile()
+  |
+    f.getNumberOfLinesOfCode()
+  )
--- a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
+++ b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
@@ -14,6 +14,7 @@
 */

 import java
+import semmle.code.java.security.PathCreation
 import semmle.code.java.security.TaintedPathQuery
 import TaintedPathFlow::PathGraph

--- a/Show More
+++ b/Show More