Merge branch 'redsun82/rust-qltest-proc-macro' into redsun82/rust-expand-assoc-items

Cargo.lock

@@ -426,6 +426,7 @@ dependencies = [
  "figment",
  "glob",
  "itertools 0.14.0",
+ "mustache",
  "num-traits",
  "ra_ap_base_db",
  "ra_ap_cfg",

actions/ql/lib/codeql/actions/security/OutputClobberingQuery.qll

@@ -214,6 +214,8 @@ private module OutputClobberingConfig implements DataFlow::ConfigSig {
       )
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /** Tracks flow of unsafe user input that is used to construct and evaluate an environment variable. */

actions/ql/lib/codeql/actions/security/RequestForgeryQuery.qll

@@ -16,6 +16,8 @@ private module RequestForgeryConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof RequestForgerySink }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /** Tracks flow of unsafe user input that is used to construct and evaluate a system command. */

actions/ql/lib/codeql/actions/security/SecretExfiltrationQuery.qll

@@ -15,6 +15,8 @@ private module SecretExfiltrationConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof SecretExfiltrationSink }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /** Tracks flow of unsafe user input that is used in a context where it may lead to a secret exfiltration. */

actions/ql/src/Models/CompositeActionsSinks.ql

@@ -24,6 +24,8 @@ private module MyConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) {
     sink instanceof CodeInjectionSink and not madSink(sink, "code-injection")
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module MyFlow = TaintTracking::Global<MyConfig>;

actions/ql/src/Models/CompositeActionsSources.ql

@@ -34,6 +34,8 @@ private module MyConfig implements DataFlow::ConfigSig {
     isSink(node) and
     set instanceof DataFlow::FieldContent
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module MyFlow = TaintTracking::Global<MyConfig>;

actions/ql/src/Models/CompositeActionsSummaries.ql

@@ -25,6 +25,8 @@ private module MyConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) {
     exists(CompositeAction c | c.getAnOutputExpr() = sink.asExpr())
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module MyFlow = TaintTracking::Global<MyConfig>;

actions/ql/src/Models/ReusableWorkflowsSinks.ql

@@ -24,6 +24,8 @@ private module MyConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) {
     sink instanceof CodeInjectionSink and not madSink(sink, "code-injection")
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module MyFlow = TaintTracking::Global<MyConfig>;

actions/ql/src/Models/ReusableWorkflowsSources.ql

@@ -34,6 +34,8 @@ private module MyConfig implements DataFlow::ConfigSig {
     isSink(node) and
     set instanceof DataFlow::FieldContent
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module MyFlow = TaintTracking::Global<MyConfig>;

actions/ql/src/Models/ReusableWorkflowsSummaries.ql

@@ -25,6 +25,8 @@ private module MyConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) {
     exists(ReusableWorkflow w | w.getAnOutputExpr() = sink.asExpr())
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module MyFlow = TaintTracking::Global<MyConfig>;

cpp/downgrades/9baef67d1ffc1551429dbe1c1130815693e28218/upgrade.properties

@@ -0,0 +1,3 @@
+description: Add a predicate `getAnAttribute` to `Namespace`
+compatibility: full
+namespaceattributes.rel: delete

cpp/ql/lib/change-notes/2025-06-16-namespace-attributes.md

@@ -0,0 +1,4 @@
+---
+category: feature
+---
+* Added a predicate `getAnAttribute` to `Namespace` to retrieve a namespace attribute.

cpp/ql/lib/change-notes/2025-06-17-arraytype-typedefs.md

@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* `resolveTypedefs` now properly resolves typedefs for `ArrayType`s.

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll

@@ -42,6 +42,8 @@ module PrivateCleartextWrite {
     predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
     predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   module WriteFlow = TaintTracking::Global<WriteConfig>;

cpp/ql/lib/semmle/code/cpp/Namespace.qll

@@ -99,6 +99,11 @@ class Namespace extends NameQualifyingElement, @namespace {
 
   /** Gets a file which declares (part of) this namespace. */
   File getAFile() { result = this.getADeclarationEntry().getLocation().getFile() }
+
+  /** Gets an attribute of this namespace. */
+  Attribute getAnAttribute() {
+    namespaceattributes(underlyingElement(this), unresolveElement(result))
+  }
 }
 
 /**

cpp/ql/lib/semmle/code/cpp/Type.qll

@@ -1589,6 +1589,11 @@ class ArrayType extends DerivedType {
    * Holds if this array is a variable-length array (VLA).
    */
   predicate isVla() { type_is_vla(underlyingElement(this)) }
+
+  override Type resolveTypedefs() {
+    result.(ArrayType).getBaseType() = this.getBaseType().resolveTypedefs() and
+    result.(ArrayType).getArraySize() = this.getArraySize()
+  }
 }
 
 /**

cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll

@@ -4,6 +4,7 @@ private import semmle.code.cpp.ir.implementation.internal.OperandTag
 private import semmle.code.cpp.ir.internal.CppType
 private import semmle.code.cpp.models.interfaces.SideEffect
 private import semmle.code.cpp.models.interfaces.Throwing
+private import semmle.code.cpp.models.interfaces.NonThrowing
 private import InstructionTag
 private import SideEffects
 private import TranslatedElement
@@ -366,6 +367,10 @@ class TranslatedFunctionCall extends TranslatedCallExpr, TranslatedDirectCall {
     or
     exists(MicrosoftTryStmt tryStmt | tryStmt.getStmt() = expr.getEnclosingStmt().getParent*()) and
     e instanceof SehExceptionEdge
+    or
+    not expr.getTarget() instanceof NonCppThrowingFunction and
+    exists(TryStmt tryStmt | tryStmt.getStmt() = expr.getEnclosingStmt().getParent*()) and
+    e instanceof CppExceptionEdge
   }
 
   final override predicate mustThrowException(ExceptionEdge e) {

cpp/ql/lib/semmlecode.cpp.dbscheme

@@ -1139,6 +1139,11 @@ varattributes(
     int spec_id: @attribute ref
 );
 
+namespaceattributes(
+    int namespace_id: @namespace ref,
+    int spec_id: @attribute ref
+);
+
 stmtattributes(
     int stmt_id: @stmt ref,
     int spec_id: @attribute ref

cpp/ql/lib/upgrades/a8c2176e9a5cf9be8d17053a4c8e7e56b5aced6d/upgrade.properties

@@ -0,0 +1,2 @@
+description: Add a predicate `getAnAttribute` to `Namespace`
+compatibility: backwards

cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql

@@ -48,6 +48,8 @@ module CastToPointerArithFlowConfig implements DataFlow::StateConfigSig {
   predicate isBarrierIn(DataFlow::Node node) { isSource(node, _) }
 
   predicate isBarrierOut(DataFlow::Node node) { isSink(node, _) }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll

@@ -141,6 +141,8 @@ private module NetworkToBufferSizeConfig implements DataFlow::ConfigSig {
       gc.controls(node.asExpr().getBasicBlock(), _)
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module NetworkToBufferSizeFlow = DataFlow::Global<NetworkToBufferSizeConfig>;

cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql

@@ -39,6 +39,8 @@ module Config implements DataFlow::ConfigSig {
     or
     node.asCertainDefinition().getUnspecifiedType() instanceof ArithmeticType
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module Flow = TaintTracking::Global<Config>;

cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql

@@ -66,6 +66,8 @@ module ImproperArrayIndexValidationConfig implements DataFlow::ConfigSig {
       not offsetIsAlwaysInBounds(arrayExpr, offsetExpr)
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module ImproperArrayIndexValidation = TaintTracking::Global<ImproperArrayIndexValidationConfig>;

cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql

@@ -44,6 +44,8 @@ module Config implements DataFlow::ConfigSig {
     or
     isArithmeticNonCharType(node.asCertainDefinition().getUnspecifiedType())
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module Flow = TaintTracking::Global<Config>;

cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql

@@ -94,6 +94,8 @@ module Config implements DataFlow::ConfigSig {
       not iTo instanceof PointerArithmeticInstruction
     )
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module Flow = TaintTracking::Global<Config>;

cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql

@@ -34,6 +34,8 @@ module ExposedSystemDataConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) {
     node.asIndirectArgument() = any(MemsetFunction func).getACallToThisFunction().getAnArgument()
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module ExposedSystemData = TaintTracking::Global<ExposedSystemDataConfig>;

cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql

@@ -54,6 +54,8 @@ module PotentiallyExposedSystemDataConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) {
     node.asIndirectArgument() = any(MemsetFunction func).getACallToThisFunction().getAnArgument()
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module PotentiallyExposedSystemData = TaintTracking::Global<PotentiallyExposedSystemDataConfig>;

cpp/ql/src/Security/CWE/CWE-611/XXE.ql

@@ -45,6 +45,8 @@ module XxeConfig implements DataFlow::StateConfigSig {
   }
 
   predicate neverSkip(DataFlow::Node node) { none() }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module XxeFlow = DataFlow::GlobalWithState<XxeConfig>;

cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql

@@ -48,6 +48,8 @@ module WordexpTaintConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) {
     node.asExpr().getUnspecifiedType() instanceof IntegralType
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module WordexpTaint = TaintTracking::Global<WordexpTaintConfig>;

cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql

@@ -30,6 +30,8 @@ module MultToAllocConfig implements DataFlow::ConfigSig {
     // something that affects an allocation size
     node.asExpr() = any(HeuristicAllocationExpr ae).getSizeExpr().getAChild*()
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 module MultToAlloc = DataFlow::Global<MultToAllocConfig>;

cpp/ql/test/library-tests/attributes/namespace/namespace.expected

@@ -0,0 +1,11 @@
+| file://:0:0:0:0 | MultiSquared | test.cpp:10:13:10:22 | deprecated |
+| file://:0:0:0:0 | MultiSquared | test.cpp:10:25:10:36 | maybe_unused |
+| file://:0:0:0:0 | MultiSquared | test.cpp:11:13:11:22 | deprecated |
+| file://:0:0:0:0 | MultiSquared | test.cpp:11:25:11:36 | maybe_unused |
+| file://:0:0:0:0 | NamespaceTest | test.cpp:1:26:1:35 | deprecated |
+| file://:0:0:0:0 | NamespaceTest | test.cpp:2:26:2:35 | deprecated |
+| file://:0:0:0:0 | NamespaceTest | test.cpp:3:26:3:37 | maybe_unused |
+| test.cpp:4:53:4:61 | MultiAttr | test.cpp:4:26:4:35 | deprecated |
+| test.cpp:4:53:4:61 | MultiAttr | test.cpp:4:38:4:49 | maybe_unused |
+| test.cpp:6:43:6:56 | OuterNamespace::InnerNamespace | test.cpp:6:30:6:39 | deprecated |
+| test.cpp:9:46:9:61 | NamespaceSquared | test.cpp:9:13:9:22 | deprecated |

cpp/ql/test/library-tests/attributes/namespace/namespace.ql

@@ -0,0 +1,4 @@
+import cpp
+
+from Namespace ns
+select ns, ns.getAnAttribute()

cpp/ql/test/library-tests/attributes/namespace/test.cpp

@@ -0,0 +1,11 @@
+namespace __attribute__((deprecated)) NamespaceTest {}
+namespace __attribute__((deprecated)) NamespaceTest {}
+namespace __attribute__((maybe_unused)) NamespaceTest {}
+namespace __attribute__((deprecated, maybe_unused)) MultiAttr {}
+namespace OuterNamespace {
+    namespace __attribute__((deprecated)) InnerNamespace {}
+}
+
+namespace [[deprecated("NamespaceSquared")]] NamespaceSquared {}
+namespace [[deprecated, maybe_unused]] MultiSquared {}
+namespace [[deprecated, maybe_unused]] MultiSquared {}

cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected

@@ -448,7 +448,6 @@ astGuardsControl
 | test.cpp:31:7:31:13 | ... == ... | false | 34 | 34 |
 | test.cpp:31:7:31:13 | ... == ... | true | 30 | 30 |
 | test.cpp:31:7:31:13 | ... == ... | true | 31 | 32 |
-| test.cpp:42:13:42:20 | call to getABool | false | 53 | 53 |
 | test.cpp:42:13:42:20 | call to getABool | true | 43 | 45 |
 astGuardsEnsure
 | test.c:7:9:7:13 | ... > ... | test.c:7:9:7:9 | x | < | test.c:7:13:7:13 | 0 | 1 | 10 | 11 |
@@ -893,8 +892,6 @@ astGuardsEnsure_const
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:13 | ... == ... | == | 1 | 30 | 30 |
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:13 | ... == ... | == | 1 | 31 | 32 |
 | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | != | 0 | 43 | 45 |
-| test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | != | 1 | 53 | 53 |
-| test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | == | 0 | 53 | 53 |
 | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | == | 1 | 43 | 45 |
 irGuards
 | test.c:7:9:7:13 | CompareGT: ... > ... |
@@ -1301,8 +1298,8 @@ irGuardsControl
 | test.cpp:31:7:31:13 | CompareEQ: ... == ... | false | 34 | 34 |
 | test.cpp:31:7:31:13 | CompareEQ: ... == ... | true | 30 | 30 |
 | test.cpp:31:7:31:13 | CompareEQ: ... == ... | true | 32 | 32 |
-| test.cpp:42:13:42:20 | Call: call to getABool | false | 53 | 53 |
 | test.cpp:42:13:42:20 | Call: call to getABool | true | 44 | 44 |
+| test.cpp:42:13:42:20 | Call: call to getABool | true | 45 | 45 |
 irGuardsEnsure
 | test.c:7:9:7:13 | CompareGT: ... > ... | test.c:7:9:7:9 | Load: x | < | test.c:7:13:7:13 | Constant: 0 | 1 | 11 | 11 |
 | test.c:7:9:7:13 | CompareGT: ... > ... | test.c:7:9:7:9 | Load: x | >= | test.c:7:13:7:13 | Constant: 0 | 1 | 8 | 8 |
@@ -1781,6 +1778,6 @@ irGuardsEnsure_const
 | test.cpp:31:7:31:13 | CompareEQ: ... == ... | test.cpp:31:7:31:13 | CompareEQ: ... == ... | == | 1 | 30 | 30 |
 | test.cpp:31:7:31:13 | CompareEQ: ... == ... | test.cpp:31:7:31:13 | CompareEQ: ... == ... | == | 1 | 32 | 32 |
 | test.cpp:42:13:42:20 | Call: call to getABool | test.cpp:42:13:42:20 | Call: call to getABool | != | 0 | 44 | 44 |
-| test.cpp:42:13:42:20 | Call: call to getABool | test.cpp:42:13:42:20 | Call: call to getABool | != | 1 | 53 | 53 |
+| test.cpp:42:13:42:20 | Call: call to getABool | test.cpp:42:13:42:20 | Call: call to getABool | != | 0 | 45 | 45 |
-| test.cpp:42:13:42:20 | Call: call to getABool | test.cpp:42:13:42:20 | Call: call to getABool | == | 0 | 53 | 53 |
 | test.cpp:42:13:42:20 | Call: call to getABool | test.cpp:42:13:42:20 | Call: call to getABool | == | 1 | 44 | 44 |
+| test.cpp:42:13:42:20 | Call: call to getABool | test.cpp:42:13:42:20 | Call: call to getABool | == | 1 | 45 | 45 |

cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected

@@ -104,7 +104,6 @@
 | test.cpp:31:7:31:13 | ... == ... | false | 34 | 34 |
 | test.cpp:31:7:31:13 | ... == ... | true | 30 | 30 |
 | test.cpp:31:7:31:13 | ... == ... | true | 31 | 32 |
-| test.cpp:42:13:42:20 | call to getABool | false | 53 | 53 |
 | test.cpp:42:13:42:20 | call to getABool | true | 43 | 45 |
 | test.cpp:61:10:61:10 | i | Case[0] | 62 | 64 |
 | test.cpp:61:10:61:10 | i | Case[1] | 65 | 66 |

cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected

@@ -635,8 +635,6 @@ unary
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:13 | ... == ... | == | 1 | 30 | 30 |
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:13 | ... == ... | == | 1 | 31 | 32 |
 | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | != | 0 | 43 | 45 |
-| test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | != | 1 | 53 | 53 |
-| test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | == | 0 | 53 | 53 |
 | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | == | 1 | 43 | 45 |
 | test.cpp:61:10:61:10 | i | test.cpp:61:10:61:10 | i | == | 0 | 62 | 64 |
 | test.cpp:61:10:61:10 | i | test.cpp:61:10:61:10 | i | == | 1 | 65 | 66 |

cpp/ql/test/library-tests/resolve_typedefs/ArrayTypedefs.cpp

@@ -0,0 +1,7 @@
+typedef int int_t;
+int_t g1[10];
+int_t g2[2][4];
+
+typedef float float_t;
+float_t arr1[5];
+float_t (*a_pointer)[10];

cpp/ql/test/library-tests/resolve_typedefs/ArrayTypedefs.expected

@@ -0,0 +1,5 @@
+| file://:0:0:0:0 | float_t[5] | file://:0:0:0:0 | float[5] | ArrayTypedefs.cpp:6:9:6:12 | definition of arr1 |
+| file://:0:0:0:0 | float_t[10] | file://:0:0:0:0 | float[10] | ArrayTypedefs.cpp:7:11:7:19 | definition of a_pointer |
+| file://:0:0:0:0 | int_t[2][4] | file://:0:0:0:0 | int[2][4] | ArrayTypedefs.cpp:3:7:3:8 | definition of g2 |
+| file://:0:0:0:0 | int_t[4] | file://:0:0:0:0 | int[4] | ArrayTypedefs.cpp:3:7:3:8 | definition of g2 |
+| file://:0:0:0:0 | int_t[10] | file://:0:0:0:0 | int[10] | ArrayTypedefs.cpp:2:7:2:8 | definition of g1 |

cpp/ql/test/library-tests/resolve_typedefs/ArrayTypedefs.ql

@@ -0,0 +1,4 @@
+import cpp
+
+from ArrayType type
+select type, type.resolveTypedefs(), type.getATypeNameUse()

csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected

@@ -1,20 +1,72 @@
 ql/csharp/ql/src/API Abuse/CallToGCCollect.ql
+ql/csharp/ql/src/API Abuse/CallToObsoleteMethod.ql
+ql/csharp/ql/src/API Abuse/ClassImplementsICloneable.ql
 ql/csharp/ql/src/API Abuse/FormatInvalid.ql
 ql/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql
+ql/csharp/ql/src/API Abuse/NullArgumentToEquals.ql
+ql/csharp/ql/src/ASP/BlockCodeResponseWrite.ql
+ql/csharp/ql/src/Bad Practices/CallsUnmanagedCode.ql
+ql/csharp/ql/src/Bad Practices/CatchOfNullReferenceException.ql
 ql/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql
+ql/csharp/ql/src/Bad Practices/Declarations/LocalScopeVariableShadowsMember.ql
+ql/csharp/ql/src/Bad Practices/EmptyCatchBlock.ql
+ql/csharp/ql/src/Bad Practices/Implementation Hiding/ExposeRepresentation.ql
+ql/csharp/ql/src/Bad Practices/Naming Conventions/FieldMasksSuperField.ql
+ql/csharp/ql/src/Bad Practices/Naming Conventions/SameNameAsSuper.ql
+ql/csharp/ql/src/Bad Practices/PathCombine.ql
+ql/csharp/ql/src/Bad Practices/UnmanagedCodeCheck.ql
+ql/csharp/ql/src/CSI/CompareIdenticalValues.ql
 ql/csharp/ql/src/CSI/NullAlways.ql
 ql/csharp/ql/src/CSI/NullMaybe.ql
+ql/csharp/ql/src/Concurrency/FutileSyncOnField.ql
+ql/csharp/ql/src/Concurrency/LockOrder.ql
+ql/csharp/ql/src/Concurrency/LockThis.ql
+ql/csharp/ql/src/Concurrency/LockedWait.ql
 ql/csharp/ql/src/Dead Code/DeadStoreOfLocal.ql
+ql/csharp/ql/src/Documentation/XmldocMissingSummary.ql
+ql/csharp/ql/src/Language Abuse/CastThisToTypeParameter.ql
+ql/csharp/ql/src/Language Abuse/CatchOfGenericException.ql
+ql/csharp/ql/src/Language Abuse/DubiousDowncastOfThis.ql
+ql/csharp/ql/src/Language Abuse/DubiousTypeTestOfThis.ql
 ql/csharp/ql/src/Language Abuse/MissedReadonlyOpportunity.ql
+ql/csharp/ql/src/Language Abuse/MissedTernaryOpportunity.ql
+ql/csharp/ql/src/Language Abuse/MissedUsingOpportunity.ql
+ql/csharp/ql/src/Language Abuse/NestedIf.ql
+ql/csharp/ql/src/Language Abuse/RethrowException.ql
+ql/csharp/ql/src/Language Abuse/SimplifyBoolExpr.ql
+ql/csharp/ql/src/Language Abuse/UnusedPropertyValue.ql
 ql/csharp/ql/src/Likely Bugs/Collections/ContainerLengthCmpOffByOne.ql
 ql/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql
+ql/csharp/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
+ql/csharp/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
+ql/csharp/ql/src/Likely Bugs/ConstantComparison.ql
 ql/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql
 ql/csharp/ql/src/Likely Bugs/EqualityCheckOnFloats.ql
+ql/csharp/ql/src/Likely Bugs/EqualsArray.ql
 ql/csharp/ql/src/Likely Bugs/HashedButNoHash.ql
+ql/csharp/ql/src/Likely Bugs/ImpossibleArrayCast.ql
+ql/csharp/ql/src/Likely Bugs/IncomparableEquals.ql
+ql/csharp/ql/src/Likely Bugs/NestedLoopsSameVariable.ql
+ql/csharp/ql/src/Likely Bugs/PossibleLossOfPrecision.ql
+ql/csharp/ql/src/Likely Bugs/RecursiveEquals.ql
 ql/csharp/ql/src/Likely Bugs/ReferenceEqualsOnValueTypes.ql
 ql/csharp/ql/src/Likely Bugs/SelfAssignment.ql
+ql/csharp/ql/src/Likely Bugs/Statements/EmptyBlock.ql
+ql/csharp/ql/src/Likely Bugs/Statements/EmptyLockStatement.ql
+ql/csharp/ql/src/Likely Bugs/StaticFieldWrittenByInstance.ql
+ql/csharp/ql/src/Likely Bugs/StringBuilderCharInit.ql
 ql/csharp/ql/src/Likely Bugs/UncheckedCastInEquals.ql
+ql/csharp/ql/src/Linq/MissedAllOpportunity.ql
+ql/csharp/ql/src/Linq/MissedCastOpportunity.ql
+ql/csharp/ql/src/Linq/MissedOfTypeOpportunity.ql
+ql/csharp/ql/src/Linq/MissedSelectOpportunity.ql
+ql/csharp/ql/src/Linq/MissedWhereOpportunity.ql
+ql/csharp/ql/src/Linq/RedundantSelect.ql
+ql/csharp/ql/src/Performance/StringBuilderInLoop.ql
 ql/csharp/ql/src/Performance/StringConcatenationInLoop.ql
 ql/csharp/ql/src/Performance/UseTryGetValue.ql
 ql/csharp/ql/src/Useless code/DefaultToString.ql
+ql/csharp/ql/src/Useless code/FutileConditional.ql
 ql/csharp/ql/src/Useless code/IntGetHashCode.ql
+ql/csharp/ql/src/Useless code/RedundantToStringCall.ql
+ql/csharp/ql/src/Useless code/UnusedLabel.ql

csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll

@@ -70,6 +70,8 @@ private module SymmetricKeyConfig implements DataFlow::ConfigSig {
 
   /** Holds if the node is a key sanitizer. */
   predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof KeySanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll

@@ -82,6 +82,8 @@ module HardcodedSymmetricEncryptionKey {
         succ.asExpr() = mc
       )
     }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
   }
 
   /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll

@@ -32,6 +32,8 @@ private module ClearTextStorageConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll

@@ -33,6 +33,8 @@ private module CodeInjectionConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll

@@ -42,6 +42,8 @@ module CommandInjectionConfig implements DataFlow::ConfigSig {
    * `node` from the data flow graph.
    */
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll

@@ -32,6 +32,8 @@ private module ExposureOfPrivateInformationConfig implements DataFlow::ConfigSig
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll

@@ -45,6 +45,8 @@ module LdapInjectionConfig implements DataFlow::ConfigSig {
    * `node` from the data flow graph.
    */
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll

@@ -35,6 +35,8 @@ private module LogForgingConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll

@@ -39,6 +39,8 @@ private module MissingXmlValidationConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { exists(sink.(Sink).getReason()) }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll

@@ -33,6 +33,8 @@ private module ReDoSConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll

@@ -33,6 +33,8 @@ private module RegexInjectionConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll

@@ -32,6 +32,8 @@ private module ResourceInjectionConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll

@@ -43,6 +43,8 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {
    * `node` from the data flow graph.
    */
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll

@@ -35,6 +35,8 @@ private module TaintedPathConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll

@@ -37,6 +37,8 @@ private module UrlRedirectConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll

@@ -43,6 +43,8 @@ module XpathInjectionConfig implements DataFlow::ConfigSig {
    * `node` from the data flow graph.
    */
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll

@@ -30,6 +30,8 @@ private module ZipSlipConfig implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }
 
 /**

csharp/ql/src/API Abuse/CallToGCCollect.ql

@@ -5,9 +5,9 @@
  * @problem.severity warning
  * @precision very-high
  * @id cs/call-to-gc
- * @tags efficiency
+ * @tags quality
- *       maintainability
+ *       reliability
- *       quality
+ *       performance
  */
 
 import csharp

csharp/ql/src/API Abuse/CallToObsoleteMethod.ql

@@ -6,8 +6,9 @@
  * @problem.severity warning
  * @precision very-high
  * @id cs/call-to-obsolete-method
- * @tags changeability
+ * @tags quality
  *       maintainability
+ *       changeability
  *       external/cwe/cwe-477
  */
 

csharp/ql/src/API Abuse/ClassImplementsICloneable.ql

@@ -6,7 +6,7 @@
  * @problem.severity recommendation
  * @precision very-high
  * @id cs/class-implements-icloneable
- * @tags reliability
+ * @tags quality
  *       maintainability
  */
 

csharp/ql/src/API Abuse/FormatInvalid.ql

@@ -6,9 +6,9 @@
  * @problem.severity error
  * @precision high
  * @id cs/invalid-string-formatting
- * @tags reliability
+ * @tags quality
- *       maintainability
+ *       reliability
- *       quality
+ *       correctness
  */
 
 import csharp

csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql

@@ -6,9 +6,10 @@
  * @problem.severity warning
  * @precision high
  * @id cs/local-not-disposed
- * @tags efficiency
+ * @tags quality
- *       maintainability
+ *       reliability
- *       quality
+ *       correctness
+ *       efficiency
  *       external/cwe/cwe-404
  *       external/cwe/cwe-459
  *       external/cwe/cwe-460

csharp/ql/src/API Abuse/NullArgumentToEquals.ql

@@ -6,7 +6,8 @@
  * @problem.severity warning
  * @precision high
  * @id cs/null-argument-to-equals
- * @tags reliability
+ * @tags quality
+ *       reliability
  *       correctness
  */
 

csharp/ql/src/ASP/BlockCodeResponseWrite.ql

@@ -5,7 +5,9 @@
  * @problem.severity recommendation
  * @precision high
  * @id cs/asp/response-write
- * @tags maintainability
+ * @tags quality
+ *       maintainability
+ *       readability
  *       frameworks/asp.net
  */
 

csharp/ql/src/Architecture/Refactoring Opportunities/InappropriateIntimacy.ql

@@ -7,6 +7,7 @@
  * @precision high
  * @id cs/coupled-types
  * @tags maintainability
+ *       complexity
  *       modularity
  */
 

csharp/ql/src/Bad Practices/CallsUnmanagedCode.ql

@@ -5,8 +5,9 @@
  * @problem.severity recommendation
  * @precision high
  * @id cs/call-to-unmanaged-code
- * @tags reliability
+ * @tags quality
- *       maintainability
+ *       reliability
+ *       correctness
  */
 
 import csharp

csharp/ql/src/Bad Practices/CatchOfNullReferenceException.ql

@@ -5,8 +5,10 @@
  * @problem.severity warning
  * @precision very-high
  * @id cs/catch-nullreferenceexception
- * @tags reliability
+ * @tags quality
+ *       reliability
  *       correctness
+ *       error-handling
  *       external/cwe/cwe-395
  */
 

csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql

@@ -7,9 +7,9 @@
  * @problem.severity warning
  * @precision very-high
  * @id cs/constant-condition
- * @tags maintainability
+ * @tags quality
+ *       maintainability
  *       readability
- *       quality
  *       external/cwe/cwe-835
  */
 

csharp/ql/src/Bad Practices/Declarations/LocalScopeVariableShadowsMember.ql

@@ -6,7 +6,8 @@
  * @problem.severity recommendation
  * @precision high
  * @id cs/local-shadows-member
- * @tags maintainability
+ * @tags quality
+ *       maintainability
  *       readability
  */
 

csharp/ql/src/Bad Practices/Declarations/TooManyRefParameters.ql

@@ -6,8 +6,9 @@
  * @problem.severity recommendation
  * @precision very-high
  * @id cs/too-many-ref-parameters
- * @tags testability
+ * @tags maintainability
  *       readability
+ *       testability
  */
 
 import csharp

csharp/ql/src/Bad Practices/EmptyCatchBlock.ql

@@ -5,8 +5,9 @@
  * @problem.severity recommendation
  * @precision very-high
  * @id cs/empty-catch-block
- * @tags reliability
+ * @tags quality
- *       readability
+ *       reliability
+ *       error-handling
  *       exceptions
  *       external/cwe/cwe-390
  *       external/cwe/cwe-391

csharp/ql/src/Bad Practices/Implementation Hiding/ExposeRepresentation.ql

@@ -6,7 +6,9 @@
  * @problem.severity recommendation
  * @precision high
  * @id cs/expose-implementation
- * @tags reliability
+ * @tags quality
+ *       reliability
+ *       correctness
  *       external/cwe/cwe-485
  */
 

csharp/ql/src/Bad Practices/Naming Conventions/FieldMasksSuperField.ql

@@ -7,7 +7,8 @@
  * @problem.severity warning
  * @precision high
  * @id cs/field-masks-base-field
- * @tags reliability
+ * @tags quality
+ *       maintainability
  *       readability
  *       naming
  */

csharp/ql/src/Bad Practices/Naming Conventions/SameNameAsSuper.ql

@@ -5,7 +5,8 @@
  * @problem.severity recommendation
  * @precision high
  * @id cs/class-name-matches-base-class
- * @tags maintainability
+ * @tags quality
+ *       maintainability
  *       readability
  *       naming
  */

csharp/ql/src/Bad Practices/PathCombine.ql

@@ -5,7 +5,9 @@
  * @problem.severity recommendation
  * @precision very-high
  * @id cs/path-combine
- * @tags reliability
+ * @tags quality
+ *       reliability
+ *       correctness
  */
 
 import csharp

csharp/ql/src/Bad Practices/UnmanagedCodeCheck.ql

@@ -5,8 +5,9 @@
  * @problem.severity recommendation
  * @precision high
  * @id cs/unmanaged-code
- * @tags reliability
+ * @tags quality
- *       maintainability
+ *       reliability
+ *       correctness
  */
 
 import csharp

csharp/ql/src/CSI/CompareIdenticalValues.ql

@@ -7,7 +7,9 @@
  * @problem.severity warning
  * @precision high
  * @id cs/comparison-of-identical-expressions
- * @tags reliability
+ * @tags quality
+ *       reliability
+ *       correctness
  */
 
 import csharp

csharp/ql/src/CSI/NullAlways.ql

@@ -5,11 +5,11 @@
  * @problem.severity error
  * @precision very-high
  * @id cs/dereferenced-value-is-always-null
- * @tags reliability
+ * @tags quality
+ *       reliability
  *       correctness
  *       exceptions
  *       external/cwe/cwe-476
- *       quality
  */
 
 import csharp

csharp/ql/src/CSI/NullMaybe.ql

@@ -6,11 +6,11 @@
  * @problem.severity warning
  * @precision high
  * @id cs/dereferenced-value-may-be-null
- * @tags reliability
+ * @tags quality
+ *       reliability
  *       correctness
  *       exceptions
  *       external/cwe/cwe-476
- *       quality
  */
 
 import csharp

csharp/ql/src/Complexity/BlockWithTooManyStatements.ql

@@ -8,8 +8,8 @@
  * @precision high
  * @id cs/complex-block
  * @tags maintainability
- *       testability
  *       complexity
+ *       testability
  */
 
 import csharp

csharp/ql/src/Complexity/ComplexCondition.ql

@@ -5,8 +5,9 @@
  * @problem.severity recommendation
  * @precision high
  * @id cs/complex-condition
- * @tags testability
+ * @tags maintainability
  *       readability
+ *       testability
  */
 
 import csharp

csharp/ql/src/Concurrency/FutileSyncOnField.ql

@@ -6,9 +6,10 @@
  * @problem.severity error
  * @precision high
  * @id cs/unsafe-sync-on-field
- * @tags reliability
+ * @tags quality
- *       correctness
+ *       reliability
  *       concurrency
+ *       correctness
  *       external/cwe/cwe-662
  *       external/cwe/cwe-366
  */

csharp/ql/src/Concurrency/LockOrder.ql

@@ -5,9 +5,10 @@
  * @problem.severity error
  * @precision high
  * @id cs/inconsistent-lock-sequence
- * @tags reliability
+ * @tags quality
- *       correctness
+ *       reliability
  *       concurrency
+ *       correctness
  *       external/cwe/cwe-662
  */
 

csharp/ql/src/Concurrency/LockThis.ql

@@ -6,8 +6,9 @@
  * @problem.severity warning
  * @precision high
  * @id cs/lock-this
- * @tags reliability
+ * @tags quality
- *       maintainability
+ *       reliability
+ *       concurrency
  *       modularity
  *       external/cwe/cwe-662
  */

csharp/ql/src/Concurrency/LockedWait.ql

@@ -5,9 +5,10 @@
  * @problem.severity warning
  * @precision high
  * @id cs/locked-wait
- * @tags reliability
+ * @tags quality
- *       correctness
+ *       reliability
  *       concurrency
+ *       correctness
  *       external/cwe/cwe-662
  *       external/cwe/cwe-833
  */

csharp/ql/src/Dead Code/DeadStoreOfLocal.ql

@@ -5,8 +5,9 @@
  * @kind problem
  * @problem.severity warning
  * @id cs/useless-assignment-to-local
- * @tags maintainability
+ * @tags quality
- *       quality
+ *       maintainability
+ *       useless-code
  *       external/cwe/cwe-563
  * @precision very-high
  */

csharp/ql/src/Documentation/XmldocMissingSummary.ql

@@ -5,7 +5,9 @@
  * @problem.severity recommendation
  * @precision high
  * @id cs/xmldoc/missing-summary
- * @tags maintainability
+ * @tags quality
+ *       maintainability
+ *       readability
  */
 
 import Documentation

csharp/ql/src/Language Abuse/CastThisToTypeParameter.ql

@@ -5,8 +5,9 @@
  * @problem.severity recommendation
  * @precision high
  * @id cs/cast-of-this-to-type-parameter
- * @tags reliability
+ * @tags quality
- *       maintainability
+ *       reliability
+ *       correctness
  *       language-features
  */
 

csharp/ql/src/Language Abuse/CatchOfGenericException.ql

@@ -6,8 +6,9 @@
  * @problem.severity recommendation
  * @precision high
  * @id cs/catch-of-all-exceptions
- * @tags reliability
+ * @tags quality
- *       maintainability
+ *       reliability
+ *       error-handling
  *       external/cwe/cwe-396
  */
 

csharp/ql/src/Language Abuse/ChainedIs.ql

@@ -6,8 +6,9 @@
  * @problem.severity recommendation
  * @precision high
  * @id cs/chained-type-tests
- * @tags changeability
+ * @tags reliability
- *       maintainability
+ *       performance
+ *       changeability
  *       language-features
  */
 

csharp/ql/src/Language Abuse/DubiousDowncastOfThis.ql

@@ -5,8 +5,10 @@
  * @problem.severity warning
  * @precision high
  * @id cs/downcast-of-this
- * @tags testability
+ * @tags quality
- *       maintainability
+ *       reliability
+ *       correctness
+ *       testability
  *       language-features
  */
 

csharp/ql/src/Language Abuse/DubiousTypeTestOfThis.ql

@@ -5,8 +5,10 @@
  * @problem.severity warning
  * @precision high
  * @id cs/type-test-of-this
- * @tags testability
+ * @tags quality
- *       maintainability
+ *       reliability
+ *       correctness
+ *       testability
  *       language-features
  */
 

csharp/ql/src/Language Abuse/MissedReadonlyOpportunity.ql

@@ -6,9 +6,10 @@
  * @problem.severity recommendation
  * @precision high
  * @id cs/missed-readonly-modifier
- * @tags maintainability
+ * @tags quality
+ *       maintainability
+ *       readability
  *       language-features
- *       quality
  */
 
 import csharp