Merge branch 'redsun82/rust-qltest-proc-macro' into redsun82/rust-expand-assoc-items

2025-12-16 16:53:25 +01:00 · 2025-06-18 10:39:43 +02:00
parent 69cdef7797 80ef303890
commit f3c5bde3c0
270 changed files with 20284 additions and 7312 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -426,6 +426,7 @@ dependencies = [
 "figment",
 "glob",
 "itertools 0.14.0",
+ "mustache",
 "num-traits",
 "ra_ap_base_db",
 "ra_ap_cfg",
--- a/actions/ql/lib/codeql/actions/security/OutputClobberingQuery.qll
+++ b/actions/ql/lib/codeql/actions/security/OutputClobberingQuery.qll
@@ -214,6 +214,8 @@ private module OutputClobberingConfig implements DataFlow::ConfigSig {
      )
    )
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /** Tracks flow of unsafe user input that is used to construct and evaluate an environment variable. */
--- a/actions/ql/lib/codeql/actions/security/RequestForgeryQuery.qll
+++ b/actions/ql/lib/codeql/actions/security/RequestForgeryQuery.qll
@@ -16,6 +16,8 @@ private module RequestForgeryConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }

  predicate isSink(DataFlow::Node sink) { sink instanceof RequestForgerySink }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /** Tracks flow of unsafe user input that is used to construct and evaluate a system command. */
--- a/actions/ql/lib/codeql/actions/security/SecretExfiltrationQuery.qll
+++ b/actions/ql/lib/codeql/actions/security/SecretExfiltrationQuery.qll
@@ -15,6 +15,8 @@ private module SecretExfiltrationConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }

  predicate isSink(DataFlow::Node sink) { sink instanceof SecretExfiltrationSink }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /** Tracks flow of unsafe user input that is used in a context where it may lead to a secret exfiltration. */
--- a/actions/ql/src/Models/CompositeActionsSinks.ql
+++ b/actions/ql/src/Models/CompositeActionsSinks.ql
@@ -24,6 +24,8 @@ private module MyConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) {
    sink instanceof CodeInjectionSink and not madSink(sink, "code-injection")
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module MyFlow = TaintTracking::Global<MyConfig>;
--- a/actions/ql/src/Models/CompositeActionsSources.ql
+++ b/actions/ql/src/Models/CompositeActionsSources.ql
@@ -34,6 +34,8 @@ private module MyConfig implements DataFlow::ConfigSig {
    isSink(node) and
    set instanceof DataFlow::FieldContent
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module MyFlow = TaintTracking::Global<MyConfig>;
--- a/actions/ql/src/Models/CompositeActionsSummaries.ql
+++ b/actions/ql/src/Models/CompositeActionsSummaries.ql
@@ -25,6 +25,8 @@ private module MyConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) {
    exists(CompositeAction c | c.getAnOutputExpr() = sink.asExpr())
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module MyFlow = TaintTracking::Global<MyConfig>;
--- a/actions/ql/src/Models/ReusableWorkflowsSinks.ql
+++ b/actions/ql/src/Models/ReusableWorkflowsSinks.ql
@@ -24,6 +24,8 @@ private module MyConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) {
    sink instanceof CodeInjectionSink and not madSink(sink, "code-injection")
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module MyFlow = TaintTracking::Global<MyConfig>;
--- a/actions/ql/src/Models/ReusableWorkflowsSources.ql
+++ b/actions/ql/src/Models/ReusableWorkflowsSources.ql
@@ -34,6 +34,8 @@ private module MyConfig implements DataFlow::ConfigSig {
    isSink(node) and
    set instanceof DataFlow::FieldContent
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module MyFlow = TaintTracking::Global<MyConfig>;
--- a/actions/ql/src/Models/ReusableWorkflowsSummaries.ql
+++ b/actions/ql/src/Models/ReusableWorkflowsSummaries.ql
@@ -25,6 +25,8 @@ private module MyConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) {
    exists(ReusableWorkflow w | w.getAnOutputExpr() = sink.asExpr())
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module MyFlow = TaintTracking::Global<MyConfig>;
--- a/cpp/downgrades/9baef67d1ffc1551429dbe1c1130815693e28218/old.dbscheme
+++ b/cpp/downgrades/9baef67d1ffc1551429dbe1c1130815693e28218/old.dbscheme
--- a/cpp/downgrades/9baef67d1ffc1551429dbe1c1130815693e28218/semmlecode.cpp.dbscheme
+++ b/cpp/downgrades/9baef67d1ffc1551429dbe1c1130815693e28218/semmlecode.cpp.dbscheme
--- a/cpp/downgrades/9baef67d1ffc1551429dbe1c1130815693e28218/upgrade.properties
+++ b/cpp/downgrades/9baef67d1ffc1551429dbe1c1130815693e28218/upgrade.properties
@@ -0,0 +1,3 @@
+description: Add a predicate `getAnAttribute` to `Namespace`
+compatibility: full
+namespaceattributes.rel: delete
--- a/cpp/ql/lib/change-notes/2025-06-16-namespace-attributes.md
+++ b/cpp/ql/lib/change-notes/2025-06-16-namespace-attributes.md
@@ -0,0 +1,4 @@
+---
+category: feature
+---
+* Added a predicate `getAnAttribute` to `Namespace` to retrieve a namespace attribute.
--- a/cpp/ql/lib/change-notes/2025-06-17-arraytype-typedefs.md
+++ b/cpp/ql/lib/change-notes/2025-06-17-arraytype-typedefs.md
@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* `resolveTypedefs` now properly resolves typedefs for `ArrayType`s.
--- a/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll
@@ -42,6 +42,8 @@ module PrivateCleartextWrite {
    predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

    predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
  }

  module WriteFlow = TaintTracking::Global<WriteConfig>;
--- a/cpp/ql/lib/semmle/code/cpp/Namespace.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Namespace.qll
@@ -99,6 +99,11 @@ class Namespace extends NameQualifyingElement, @namespace {

  /** Gets a file which declares (part of) this namespace. */
  File getAFile() { result = this.getADeclarationEntry().getLocation().getFile() }
+
+  /** Gets an attribute of this namespace. */
+  Attribute getAnAttribute() {
+    namespaceattributes(underlyingElement(this), unresolveElement(result))
+  }
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/Type.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Type.qll
@@ -1589,6 +1589,11 @@ class ArrayType extends DerivedType {
   * Holds if this array is a variable-length array (VLA).
   */
  predicate isVla() { type_is_vla(underlyingElement(this)) }
+
+  override Type resolveTypedefs() {
+    result.(ArrayType).getBaseType() = this.getBaseType().resolveTypedefs() and
+    result.(ArrayType).getArraySize() = this.getArraySize()
+  }
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedCall.qll
@@ -4,6 +4,7 @@ private import semmle.code.cpp.ir.implementation.internal.OperandTag
 private import semmle.code.cpp.ir.internal.CppType
 private import semmle.code.cpp.models.interfaces.SideEffect
 private import semmle.code.cpp.models.interfaces.Throwing
+private import semmle.code.cpp.models.interfaces.NonThrowing
 private import InstructionTag
 private import SideEffects
 private import TranslatedElement
@@ -366,6 +367,10 @@ class TranslatedFunctionCall extends TranslatedCallExpr, TranslatedDirectCall {
    or
    exists(MicrosoftTryStmt tryStmt | tryStmt.getStmt() = expr.getEnclosingStmt().getParent*()) and
    e instanceof SehExceptionEdge
+    or
+    not expr.getTarget() instanceof NonCppThrowingFunction and
+    exists(TryStmt tryStmt | tryStmt.getStmt() = expr.getEnclosingStmt().getParent*()) and
+    e instanceof CppExceptionEdge
  }

  final override predicate mustThrowException(ExceptionEdge e) {
--- a/cpp/ql/lib/semmlecode.cpp.dbscheme
+++ b/cpp/ql/lib/semmlecode.cpp.dbscheme
@@ -1139,6 +1139,11 @@ varattributes(
    int spec_id: @attribute ref
 );

+namespaceattributes(
+    int namespace_id: @namespace ref,
+    int spec_id: @attribute ref
+);
+
 stmtattributes(
    int stmt_id: @stmt ref,
    int spec_id: @attribute ref
--- a/cpp/ql/lib/semmlecode.cpp.dbscheme.stats
+++ b/cpp/ql/lib/semmlecode.cpp.dbscheme.stats
--- a/cpp/ql/lib/upgrades/a8c2176e9a5cf9be8d17053a4c8e7e56b5aced6d/old.dbscheme
+++ b/cpp/ql/lib/upgrades/a8c2176e9a5cf9be8d17053a4c8e7e56b5aced6d/old.dbscheme
--- a/cpp/ql/lib/upgrades/a8c2176e9a5cf9be8d17053a4c8e7e56b5aced6d/semmlecode.cpp.dbscheme
+++ b/cpp/ql/lib/upgrades/a8c2176e9a5cf9be8d17053a4c8e7e56b5aced6d/semmlecode.cpp.dbscheme
--- a/cpp/ql/lib/upgrades/a8c2176e9a5cf9be8d17053a4c8e7e56b5aced6d/upgrade.properties
+++ b/cpp/ql/lib/upgrades/a8c2176e9a5cf9be8d17053a4c8e7e56b5aced6d/upgrade.properties
@@ -0,0 +1,2 @@
+description: Add a predicate `getAnAttribute` to `Namespace`
+compatibility: backwards
--- a/Bugs/Conversion/CastArrayPointerArithmetic.ql
+++ b/Bugs/Conversion/CastArrayPointerArithmetic.ql
@@ -48,6 +48,8 @@ module CastToPointerArithFlowConfig implements DataFlow::StateConfigSig {
  predicate isBarrierIn(DataFlow::Node node) { isSource(node, _) }

  predicate isBarrierOut(DataFlow::Node node) { isSink(node, _) }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/Management/NtohlArrayNoBound.qll
+++ b/Management/NtohlArrayNoBound.qll
@@ -141,6 +141,8 @@ private module NetworkToBufferSizeConfig implements DataFlow::ConfigSig {
      gc.controls(node.asExpr().getBasicBlock(), _)
    )
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module NetworkToBufferSizeFlow = DataFlow::Global<NetworkToBufferSizeConfig>;
--- a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
@@ -39,6 +39,8 @@ module Config implements DataFlow::ConfigSig {
    or
    node.asCertainDefinition().getUnspecifiedType() instanceof ArithmeticType
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module Flow = TaintTracking::Global<Config>;
--- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
@@ -66,6 +66,8 @@ module ImproperArrayIndexValidationConfig implements DataFlow::ConfigSig {
      not offsetIsAlwaysInBounds(arrayExpr, offsetExpr)
    )
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module ImproperArrayIndexValidation = TaintTracking::Global<ImproperArrayIndexValidationConfig>;
--- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
+++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
@@ -44,6 +44,8 @@ module Config implements DataFlow::ConfigSig {
    or
    isArithmeticNonCharType(node.asCertainDefinition().getUnspecifiedType())
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module Flow = TaintTracking::Global<Config>;
--- a/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
@@ -94,6 +94,8 @@ module Config implements DataFlow::ConfigSig {
      not iTo instanceof PointerArithmeticInstruction
    )
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module Flow = TaintTracking::Global<Config>;
--- a/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
+++ b/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
@@ -34,6 +34,8 @@ module ExposedSystemDataConfig implements DataFlow::ConfigSig {
  predicate isBarrier(DataFlow::Node node) {
    node.asIndirectArgument() = any(MemsetFunction func).getACallToThisFunction().getAnArgument()
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module ExposedSystemData = TaintTracking::Global<ExposedSystemDataConfig>;
--- a/cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql
+++ b/cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql
@@ -54,6 +54,8 @@ module PotentiallyExposedSystemDataConfig implements DataFlow::ConfigSig {
  predicate isBarrier(DataFlow::Node node) {
    node.asIndirectArgument() = any(MemsetFunction func).getACallToThisFunction().getAnArgument()
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module PotentiallyExposedSystemData = TaintTracking::Global<PotentiallyExposedSystemDataConfig>;
--- a/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
+++ b/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
@@ -45,6 +45,8 @@ module XxeConfig implements DataFlow::StateConfigSig {
  }

  predicate neverSkip(DataFlow::Node node) { none() }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module XxeFlow = DataFlow::GlobalWithState<XxeConfig>;
--- a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql
@@ -48,6 +48,8 @@ module WordexpTaintConfig implements DataFlow::ConfigSig {
  predicate isBarrier(DataFlow::Node node) {
    node.asExpr().getUnspecifiedType() instanceof IntegralType
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module WordexpTaint = TaintTracking::Global<WordexpTaintConfig>;
--- a/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
@@ -30,6 +30,8 @@ module MultToAllocConfig implements DataFlow::ConfigSig {
    // something that affects an allocation size
    node.asExpr() = any(HeuristicAllocationExpr ae).getSizeExpr().getAChild*()
  }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 module MultToAlloc = DataFlow::Global<MultToAllocConfig>;
--- a/cpp/ql/test/library-tests/attributes/namespace/namespace.expected
+++ b/cpp/ql/test/library-tests/attributes/namespace/namespace.expected
@@ -0,0 +1,11 @@
+| file://:0:0:0:0 | MultiSquared | test.cpp:10:13:10:22 | deprecated |
+| file://:0:0:0:0 | MultiSquared | test.cpp:10:25:10:36 | maybe_unused |
+| file://:0:0:0:0 | MultiSquared | test.cpp:11:13:11:22 | deprecated |
+| file://:0:0:0:0 | MultiSquared | test.cpp:11:25:11:36 | maybe_unused |
+| file://:0:0:0:0 | NamespaceTest | test.cpp:1:26:1:35 | deprecated |
+| file://:0:0:0:0 | NamespaceTest | test.cpp:2:26:2:35 | deprecated |
+| file://:0:0:0:0 | NamespaceTest | test.cpp:3:26:3:37 | maybe_unused |
+| test.cpp:4:53:4:61 | MultiAttr | test.cpp:4:26:4:35 | deprecated |
+| test.cpp:4:53:4:61 | MultiAttr | test.cpp:4:38:4:49 | maybe_unused |
+| test.cpp:6:43:6:56 | OuterNamespace::InnerNamespace | test.cpp:6:30:6:39 | deprecated |
+| test.cpp:9:46:9:61 | NamespaceSquared | test.cpp:9:13:9:22 | deprecated |
--- a/cpp/ql/test/library-tests/attributes/namespace/namespace.ql
+++ b/cpp/ql/test/library-tests/attributes/namespace/namespace.ql
@@ -0,0 +1,4 @@
+import cpp
+
+from Namespace ns
+select ns, ns.getAnAttribute()
--- a/cpp/ql/test/library-tests/attributes/namespace/test.cpp
+++ b/cpp/ql/test/library-tests/attributes/namespace/test.cpp
@@ -0,0 +1,11 @@
+namespace __attribute__((deprecated)) NamespaceTest {}
+namespace __attribute__((deprecated)) NamespaceTest {}
+namespace __attribute__((maybe_unused)) NamespaceTest {}
+namespace __attribute__((deprecated, maybe_unused)) MultiAttr {}
+namespace OuterNamespace {
+    namespace __attribute__((deprecated)) InnerNamespace {}
+}
+
+namespace [[deprecated("NamespaceSquared")]] NamespaceSquared {}
+namespace [[deprecated, maybe_unused]] MultiSquared {}
+namespace [[deprecated, maybe_unused]] MultiSquared {}
--- a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected
+++ b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected
@@ -448,7 +448,6 @@ astGuardsControl
 | test.cpp:31:7:31:13 | ... == ... | false | 34 | 34 |
 | test.cpp:31:7:31:13 | ... == ... | true | 30 | 30 |
 | test.cpp:31:7:31:13 | ... == ... | true | 31 | 32 |
-| test.cpp:42:13:42:20 | call to getABool | false | 53 | 53 |
 | test.cpp:42:13:42:20 | call to getABool | true | 43 | 45 |
 astGuardsEnsure
 | test.c:7:9:7:13 | ... > ... | test.c:7:9:7:9 | x | < | test.c:7:13:7:13 | 0 | 1 | 10 | 11 |
@@ -893,8 +892,6 @@ astGuardsEnsure_const
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:13 | ... == ... | == | 1 | 30 | 30 |
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:13 | ... == ... | == | 1 | 31 | 32 |
 | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | != | 0 | 43 | 45 |
-| test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | != | 1 | 53 | 53 |
-| test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | == | 0 | 53 | 53 |
 | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | == | 1 | 43 | 45 |
 irGuards
 | test.c:7:9:7:13 | CompareGT: ... > ... |
@@ -1301,8 +1298,8 @@ irGuardsControl
 | test.cpp:31:7:31:13 | CompareEQ: ... == ... | false | 34 | 34 |
 | test.cpp:31:7:31:13 | CompareEQ: ... == ... | true | 30 | 30 |
 | test.cpp:31:7:31:13 | CompareEQ: ... == ... | true | 32 | 32 |
-| test.cpp:42:13:42:20 | Call: call to getABool | false | 53 | 53 |
 | test.cpp:42:13:42:20 | Call: call to getABool | true | 44 | 44 |
+| test.cpp:42:13:42:20 | Call: call to getABool | true | 45 | 45 |
 irGuardsEnsure
 | test.c:7:9:7:13 | CompareGT: ... > ... | test.c:7:9:7:9 | Load: x | < | test.c:7:13:7:13 | Constant: 0 | 1 | 11 | 11 |
 | test.c:7:9:7:13 | CompareGT: ... > ... | test.c:7:9:7:9 | Load: x | >= | test.c:7:13:7:13 | Constant: 0 | 1 | 8 | 8 |
@@ -1781,6 +1778,6 @@ irGuardsEnsure_const
 | test.cpp:31:7:31:13 | CompareEQ: ... == ... | test.cpp:31:7:31:13 | CompareEQ: ... == ... | == | 1 | 30 | 30 |
 | test.cpp:31:7:31:13 | CompareEQ: ... == ... | test.cpp:31:7:31:13 | CompareEQ: ... == ... | == | 1 | 32 | 32 |
 | test.cpp:42:13:42:20 | Call: call to getABool | test.cpp:42:13:42:20 | Call: call to getABool | != | 0 | 44 | 44 |
-| test.cpp:42:13:42:20 | Call: call to getABool | test.cpp:42:13:42:20 | Call: call to getABool | != | 1 | 53 | 53 |
-| test.cpp:42:13:42:20 | Call: call to getABool | test.cpp:42:13:42:20 | Call: call to getABool | == | 0 | 53 | 53 |
+| test.cpp:42:13:42:20 | Call: call to getABool | test.cpp:42:13:42:20 | Call: call to getABool | != | 0 | 45 | 45 |
 | test.cpp:42:13:42:20 | Call: call to getABool | test.cpp:42:13:42:20 | Call: call to getABool | == | 1 | 44 | 44 |
+| test.cpp:42:13:42:20 | Call: call to getABool | test.cpp:42:13:42:20 | Call: call to getABool | == | 1 | 45 | 45 |
--- a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected
+++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected
@@ -104,7 +104,6 @@
 | test.cpp:31:7:31:13 | ... == ... | false | 34 | 34 |
 | test.cpp:31:7:31:13 | ... == ... | true | 30 | 30 |
 | test.cpp:31:7:31:13 | ... == ... | true | 31 | 32 |
-| test.cpp:42:13:42:20 | call to getABool | false | 53 | 53 |
 | test.cpp:42:13:42:20 | call to getABool | true | 43 | 45 |
 | test.cpp:61:10:61:10 | i | Case[0] | 62 | 64 |
 | test.cpp:61:10:61:10 | i | Case[1] | 65 | 66 |
--- a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected
+++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected
@@ -635,8 +635,6 @@ unary
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:13 | ... == ... | == | 1 | 30 | 30 |
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:13 | ... == ... | == | 1 | 31 | 32 |
 | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | != | 0 | 43 | 45 |
-| test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | != | 1 | 53 | 53 |
-| test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | == | 0 | 53 | 53 |
 | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | == | 1 | 43 | 45 |
 | test.cpp:61:10:61:10 | i | test.cpp:61:10:61:10 | i | == | 0 | 62 | 64 |
 | test.cpp:61:10:61:10 | i | test.cpp:61:10:61:10 | i | == | 1 | 65 | 66 |
--- a/cpp/ql/test/library-tests/ir/ir/aliased_ir.expected
+++ b/cpp/ql/test/library-tests/ir/ir/aliased_ir.expected
--- a/cpp/ql/test/library-tests/ir/ir/raw_ir.expected
+++ b/cpp/ql/test/library-tests/ir/ir/raw_ir.expected
--- a/cpp/ql/test/library-tests/resolve_typedefs/ArrayTypedefs.cpp
+++ b/cpp/ql/test/library-tests/resolve_typedefs/ArrayTypedefs.cpp
@@ -0,0 +1,7 @@
+typedef int int_t;
+int_t g1[10];
+int_t g2[2][4];
+
+typedef float float_t;
+float_t arr1[5];
+float_t (*a_pointer)[10];
--- a/cpp/ql/test/library-tests/resolve_typedefs/ArrayTypedefs.expected
+++ b/cpp/ql/test/library-tests/resolve_typedefs/ArrayTypedefs.expected
@@ -0,0 +1,5 @@
+| file://:0:0:0:0 | float_t[5] | file://:0:0:0:0 | float[5] | ArrayTypedefs.cpp:6:9:6:12 | definition of arr1 |
+| file://:0:0:0:0 | float_t[10] | file://:0:0:0:0 | float[10] | ArrayTypedefs.cpp:7:11:7:19 | definition of a_pointer |
+| file://:0:0:0:0 | int_t[2][4] | file://:0:0:0:0 | int[2][4] | ArrayTypedefs.cpp:3:7:3:8 | definition of g2 |
+| file://:0:0:0:0 | int_t[4] | file://:0:0:0:0 | int[4] | ArrayTypedefs.cpp:3:7:3:8 | definition of g2 |
+| file://:0:0:0:0 | int_t[10] | file://:0:0:0:0 | int[10] | ArrayTypedefs.cpp:2:7:2:8 | definition of g1 |
--- a/cpp/ql/test/library-tests/resolve_typedefs/ArrayTypedefs.ql
+++ b/cpp/ql/test/library-tests/resolve_typedefs/ArrayTypedefs.ql
@@ -0,0 +1,4 @@
+import cpp
+
+from ArrayType type
+select type, type.resolveTypedefs(), type.getATypeNameUse()
--- a/csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected
+++ b/csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected
@@ -1,20 +1,72 @@
 ql/csharp/ql/src/API Abuse/CallToGCCollect.ql
+ql/csharp/ql/src/API Abuse/CallToObsoleteMethod.ql
+ql/csharp/ql/src/API Abuse/ClassImplementsICloneable.ql
 ql/csharp/ql/src/API Abuse/FormatInvalid.ql
 ql/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql
+ql/csharp/ql/src/API Abuse/NullArgumentToEquals.ql
+ql/csharp/ql/src/ASP/BlockCodeResponseWrite.ql
+ql/csharp/ql/src/Bad Practices/CallsUnmanagedCode.ql
+ql/csharp/ql/src/Bad Practices/CatchOfNullReferenceException.ql
 ql/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql
+ql/csharp/ql/src/Bad Practices/Declarations/LocalScopeVariableShadowsMember.ql
+ql/csharp/ql/src/Bad Practices/EmptyCatchBlock.ql
+ql/csharp/ql/src/Bad Practices/Implementation Hiding/ExposeRepresentation.ql
+ql/csharp/ql/src/Bad Practices/Naming Conventions/FieldMasksSuperField.ql
+ql/csharp/ql/src/Bad Practices/Naming Conventions/SameNameAsSuper.ql
+ql/csharp/ql/src/Bad Practices/PathCombine.ql
+ql/csharp/ql/src/Bad Practices/UnmanagedCodeCheck.ql
+ql/csharp/ql/src/CSI/CompareIdenticalValues.ql
 ql/csharp/ql/src/CSI/NullAlways.ql
 ql/csharp/ql/src/CSI/NullMaybe.ql
+ql/csharp/ql/src/Concurrency/FutileSyncOnField.ql
+ql/csharp/ql/src/Concurrency/LockOrder.ql
+ql/csharp/ql/src/Concurrency/LockThis.ql
+ql/csharp/ql/src/Concurrency/LockedWait.ql
 ql/csharp/ql/src/Dead Code/DeadStoreOfLocal.ql
+ql/csharp/ql/src/Documentation/XmldocMissingSummary.ql
+ql/csharp/ql/src/Language Abuse/CastThisToTypeParameter.ql
+ql/csharp/ql/src/Language Abuse/CatchOfGenericException.ql
+ql/csharp/ql/src/Language Abuse/DubiousDowncastOfThis.ql
+ql/csharp/ql/src/Language Abuse/DubiousTypeTestOfThis.ql
 ql/csharp/ql/src/Language Abuse/MissedReadonlyOpportunity.ql
+ql/csharp/ql/src/Language Abuse/MissedTernaryOpportunity.ql
+ql/csharp/ql/src/Language Abuse/MissedUsingOpportunity.ql
+ql/csharp/ql/src/Language Abuse/NestedIf.ql
+ql/csharp/ql/src/Language Abuse/RethrowException.ql
+ql/csharp/ql/src/Language Abuse/SimplifyBoolExpr.ql
+ql/csharp/ql/src/Language Abuse/UnusedPropertyValue.ql
 ql/csharp/ql/src/Likely Bugs/Collections/ContainerLengthCmpOffByOne.ql
 ql/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql
+ql/csharp/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
+ql/csharp/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
+ql/csharp/ql/src/Likely Bugs/ConstantComparison.ql
 ql/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql
 ql/csharp/ql/src/Likely Bugs/EqualityCheckOnFloats.ql
+ql/csharp/ql/src/Likely Bugs/EqualsArray.ql
 ql/csharp/ql/src/Likely Bugs/HashedButNoHash.ql
+ql/csharp/ql/src/Likely Bugs/ImpossibleArrayCast.ql
+ql/csharp/ql/src/Likely Bugs/IncomparableEquals.ql
+ql/csharp/ql/src/Likely Bugs/NestedLoopsSameVariable.ql
+ql/csharp/ql/src/Likely Bugs/PossibleLossOfPrecision.ql
+ql/csharp/ql/src/Likely Bugs/RecursiveEquals.ql
 ql/csharp/ql/src/Likely Bugs/ReferenceEqualsOnValueTypes.ql
 ql/csharp/ql/src/Likely Bugs/SelfAssignment.ql
+ql/csharp/ql/src/Likely Bugs/Statements/EmptyBlock.ql
+ql/csharp/ql/src/Likely Bugs/Statements/EmptyLockStatement.ql
+ql/csharp/ql/src/Likely Bugs/StaticFieldWrittenByInstance.ql
+ql/csharp/ql/src/Likely Bugs/StringBuilderCharInit.ql
 ql/csharp/ql/src/Likely Bugs/UncheckedCastInEquals.ql
+ql/csharp/ql/src/Linq/MissedAllOpportunity.ql
+ql/csharp/ql/src/Linq/MissedCastOpportunity.ql
+ql/csharp/ql/src/Linq/MissedOfTypeOpportunity.ql
+ql/csharp/ql/src/Linq/MissedSelectOpportunity.ql
+ql/csharp/ql/src/Linq/MissedWhereOpportunity.ql
+ql/csharp/ql/src/Linq/RedundantSelect.ql
+ql/csharp/ql/src/Performance/StringBuilderInLoop.ql
 ql/csharp/ql/src/Performance/StringConcatenationInLoop.ql
 ql/csharp/ql/src/Performance/UseTryGetValue.ql
 ql/csharp/ql/src/Useless code/DefaultToString.ql
+ql/csharp/ql/src/Useless code/FutileConditional.ql
 ql/csharp/ql/src/Useless code/IntGetHashCode.ql
+ql/csharp/ql/src/Useless code/RedundantToStringCall.ql
+ql/csharp/ql/src/Useless code/UnusedLabel.ql
--- a/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll
@@ -70,6 +70,8 @@ private module SymmetricKeyConfig implements DataFlow::ConfigSig {

  /** Holds if the node is a key sanitizer. */
  predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof KeySanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll
@@ -82,6 +82,8 @@ module HardcodedSymmetricEncryptionKey {
        succ.asExpr() = mc
      )
    }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
  }

  /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CleartextStorageQuery.qll
@@ -32,6 +32,8 @@ private module ClearTextStorageConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll
@@ -33,6 +33,8 @@ private module CodeInjectionConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll
@@ -42,6 +42,8 @@ module CommandInjectionConfig implements DataFlow::ConfigSig {
   * `node` from the data flow graph.
   */
  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExposureOfPrivateInformationQuery.qll
@@ -32,6 +32,8 @@ private module ExposureOfPrivateInformationConfig implements DataFlow::ConfigSig
  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
@@ -45,6 +45,8 @@ module LdapInjectionConfig implements DataFlow::ConfigSig {
   * `node` from the data flow graph.
   */
  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/LogForgingQuery.qll
@@ -35,6 +35,8 @@ private module LogForgingConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll
@@ -39,6 +39,8 @@ private module MissingXmlValidationConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { exists(sink.(Sink).getReason()) }

  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ReDoSQuery.qll
@@ -33,6 +33,8 @@ private module ReDoSConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/RegexInjectionQuery.qll
@@ -33,6 +33,8 @@ private module RegexInjectionConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll
@@ -32,6 +32,8 @@ private module ResourceInjectionConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll
@@ -43,6 +43,8 @@ module SqlInjectionConfig implements DataFlow::ConfigSig {
   * `node` from the data flow graph.
   */
  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/TaintedPathQuery.qll
@@ -35,6 +35,8 @@ private module TaintedPathConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
@@ -37,6 +37,8 @@ private module UrlRedirectConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/XPathInjectionQuery.qll
@@ -43,6 +43,8 @@ module XpathInjectionConfig implements DataFlow::ConfigSig {
   * `node` from the data flow graph.
   */
  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ZipSlipQuery.qll
@@ -30,6 +30,8 @@ private module ZipSlipConfig implements DataFlow::ConfigSig {
  predicate isSink(DataFlow::Node sink) { sink instanceof Sink }

  predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
 }

 /**
--- a/Abuse/CallToGCCollect.ql
+++ b/Abuse/CallToGCCollect.ql
@@ -5,9 +5,9 @@
 * @problem.severity warning
 * @precision very-high
 * @id cs/call-to-gc
- * @tags efficiency
- *       maintainability
- *       quality
+ * @tags quality
+ *       reliability
+ *       performance
 */

 import csharp
--- a/Abuse/CallToObsoleteMethod.ql
+++ b/Abuse/CallToObsoleteMethod.ql
@@ -6,8 +6,9 @@
 * @problem.severity warning
 * @precision very-high
 * @id cs/call-to-obsolete-method
- * @tags changeability
+ * @tags quality
 *       maintainability
+ *       changeability
 *       external/cwe/cwe-477
 */

--- a/Abuse/ClassImplementsICloneable.ql
+++ b/Abuse/ClassImplementsICloneable.ql
@@ -6,7 +6,7 @@
 * @problem.severity recommendation
 * @precision very-high
 * @id cs/class-implements-icloneable
- * @tags reliability
+ * @tags quality
 *       maintainability
 */

--- a/Abuse/FormatInvalid.ql
+++ b/Abuse/FormatInvalid.ql
@@ -6,9 +6,9 @@
 * @problem.severity error
 * @precision high
 * @id cs/invalid-string-formatting
- * @tags reliability
- *       maintainability
- *       quality
+ * @tags quality
+ *       reliability
+ *       correctness
 */

 import csharp
--- a/Abuse/NoDisposeCallOnLocalIDisposable.ql
+++ b/Abuse/NoDisposeCallOnLocalIDisposable.ql
@@ -6,9 +6,10 @@
 * @problem.severity warning
 * @precision high
 * @id cs/local-not-disposed
- * @tags efficiency
- *       maintainability
- *       quality
+ * @tags quality
+ *       reliability
+ *       correctness
+ *       efficiency
 *       external/cwe/cwe-404
 *       external/cwe/cwe-459
 *       external/cwe/cwe-460
--- a/Abuse/NullArgumentToEquals.ql
+++ b/Abuse/NullArgumentToEquals.ql
@@ -6,7 +6,8 @@
 * @problem.severity warning
 * @precision high
 * @id cs/null-argument-to-equals
- * @tags reliability
+ * @tags quality
+ *       reliability
 *       correctness
 */

--- a/csharp/ql/src/ASP/BlockCodeResponseWrite.ql
+++ b/csharp/ql/src/ASP/BlockCodeResponseWrite.ql
@@ -5,7 +5,9 @@
 * @problem.severity recommendation
 * @precision high
 * @id cs/asp/response-write
- * @tags maintainability
+ * @tags quality
+ *       maintainability
+ *       readability
 *       frameworks/asp.net
 */

--- a/Opportunities/InappropriateIntimacy.ql
+++ b/Opportunities/InappropriateIntimacy.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id cs/coupled-types
 * @tags maintainability
+ *       complexity
 *       modularity
 */

--- a/Practices/CallsUnmanagedCode.ql
+++ b/Practices/CallsUnmanagedCode.ql
@@ -5,8 +5,9 @@
 * @problem.severity recommendation
 * @precision high
 * @id cs/call-to-unmanaged-code
- * @tags reliability
- *       maintainability
+ * @tags quality
+ *       reliability
+ *       correctness
 */

 import csharp
--- a/Practices/CatchOfNullReferenceException.ql
+++ b/Practices/CatchOfNullReferenceException.ql
@@ -5,8 +5,10 @@
 * @problem.severity warning
 * @precision very-high
 * @id cs/catch-nullreferenceexception
- * @tags reliability
+ * @tags quality
+ *       reliability
 *       correctness
+ *       error-handling
 *       external/cwe/cwe-395
 */

--- a/Practices/Control-Flow/ConstantCondition.ql
+++ b/Practices/Control-Flow/ConstantCondition.ql
@@ -7,9 +7,9 @@
 * @problem.severity warning
 * @precision very-high
 * @id cs/constant-condition
- * @tags maintainability
+ * @tags quality
+ *       maintainability
 *       readability
- *       quality
 *       external/cwe/cwe-835
 */

--- a/Practices/Declarations/LocalScopeVariableShadowsMember.ql
+++ b/Practices/Declarations/LocalScopeVariableShadowsMember.ql
@@ -6,7 +6,8 @@
 * @problem.severity recommendation
 * @precision high
 * @id cs/local-shadows-member
- * @tags maintainability
+ * @tags quality
+ *       maintainability
 *       readability
 */

--- a/Practices/Declarations/TooManyRefParameters.ql
+++ b/Practices/Declarations/TooManyRefParameters.ql
@@ -6,8 +6,9 @@
 * @problem.severity recommendation
 * @precision very-high
 * @id cs/too-many-ref-parameters
- * @tags testability
+ * @tags maintainability
 *       readability
+ *       testability
 */

 import csharp
--- a/Practices/EmptyCatchBlock.ql
+++ b/Practices/EmptyCatchBlock.ql
@@ -5,8 +5,9 @@
 * @problem.severity recommendation
 * @precision very-high
 * @id cs/empty-catch-block
- * @tags reliability
- *       readability
+ * @tags quality
+ *       reliability
+ *       error-handling
 *       exceptions
 *       external/cwe/cwe-390
 *       external/cwe/cwe-391
--- a/Hiding/ExposeRepresentation.ql
+++ b/Hiding/ExposeRepresentation.ql
@@ -6,7 +6,9 @@
 * @problem.severity recommendation
 * @precision high
 * @id cs/expose-implementation
- * @tags reliability
+ * @tags quality
+ *       reliability
+ *       correctness
 *       external/cwe/cwe-485
 */

--- a/Conventions/FieldMasksSuperField.ql
+++ b/Conventions/FieldMasksSuperField.ql
@@ -7,7 +7,8 @@
 * @problem.severity warning
 * @precision high
 * @id cs/field-masks-base-field
- * @tags reliability
+ * @tags quality
+ *       maintainability
 *       readability
 *       naming
 */
--- a/Conventions/SameNameAsSuper.ql
+++ b/Conventions/SameNameAsSuper.ql
@@ -5,7 +5,8 @@
 * @problem.severity recommendation
 * @precision high
 * @id cs/class-name-matches-base-class
- * @tags maintainability
+ * @tags quality
+ *       maintainability
 *       readability
 *       naming
 */
--- a/Practices/PathCombine.ql
+++ b/Practices/PathCombine.ql
@@ -5,7 +5,9 @@
 * @problem.severity recommendation
 * @precision very-high
 * @id cs/path-combine
- * @tags reliability
+ * @tags quality
+ *       reliability
+ *       correctness
 */

 import csharp
--- a/Practices/UnmanagedCodeCheck.ql
+++ b/Practices/UnmanagedCodeCheck.ql
@@ -5,8 +5,9 @@
 * @problem.severity recommendation
 * @precision high
 * @id cs/unmanaged-code
- * @tags reliability
- *       maintainability
+ * @tags quality
+ *       reliability
+ *       correctness
 */

 import csharp
--- a/csharp/ql/src/CSI/CompareIdenticalValues.ql
+++ b/csharp/ql/src/CSI/CompareIdenticalValues.ql
@@ -7,7 +7,9 @@
 * @problem.severity warning
 * @precision high
 * @id cs/comparison-of-identical-expressions
- * @tags reliability
+ * @tags quality
+ *       reliability
+ *       correctness
 */

 import csharp
--- a/csharp/ql/src/CSI/NullAlways.ql
+++ b/csharp/ql/src/CSI/NullAlways.ql
@@ -5,11 +5,11 @@
 * @problem.severity error
 * @precision very-high
 * @id cs/dereferenced-value-is-always-null
- * @tags reliability
+ * @tags quality
+ *       reliability
 *       correctness
 *       exceptions
 *       external/cwe/cwe-476
- *       quality
 */

 import csharp
--- a/csharp/ql/src/CSI/NullMaybe.ql
+++ b/csharp/ql/src/CSI/NullMaybe.ql
@@ -6,11 +6,11 @@
 * @problem.severity warning
 * @precision high
 * @id cs/dereferenced-value-may-be-null
- * @tags reliability
+ * @tags quality
+ *       reliability
 *       correctness
 *       exceptions
 *       external/cwe/cwe-476
- *       quality
 */

 import csharp
--- a/csharp/ql/src/Complexity/BlockWithTooManyStatements.ql
+++ b/csharp/ql/src/Complexity/BlockWithTooManyStatements.ql
@@ -8,8 +8,8 @@
 * @precision high
 * @id cs/complex-block
 * @tags maintainability
- *       testability
 *       complexity
+ *       testability
 */

 import csharp
--- a/csharp/ql/src/Complexity/ComplexCondition.ql
+++ b/csharp/ql/src/Complexity/ComplexCondition.ql
@@ -5,8 +5,9 @@
 * @problem.severity recommendation
 * @precision high
 * @id cs/complex-condition
- * @tags testability
+ * @tags maintainability
 *       readability
+ *       testability
 */

 import csharp
--- a/csharp/ql/src/Concurrency/FutileSyncOnField.ql
+++ b/csharp/ql/src/Concurrency/FutileSyncOnField.ql
@@ -6,9 +6,10 @@
 * @problem.severity error
 * @precision high
 * @id cs/unsafe-sync-on-field
- * @tags reliability
- *       correctness
+ * @tags quality
+ *       reliability
 *       concurrency
+ *       correctness
 *       external/cwe/cwe-662
 *       external/cwe/cwe-366
 */
--- a/csharp/ql/src/Concurrency/LockOrder.ql
+++ b/csharp/ql/src/Concurrency/LockOrder.ql
@@ -5,9 +5,10 @@
 * @problem.severity error
 * @precision high
 * @id cs/inconsistent-lock-sequence
- * @tags reliability
- *       correctness
+ * @tags quality
+ *       reliability
 *       concurrency
+ *       correctness
 *       external/cwe/cwe-662
 */

--- a/csharp/ql/src/Concurrency/LockThis.ql
+++ b/csharp/ql/src/Concurrency/LockThis.ql
@@ -6,8 +6,9 @@
 * @problem.severity warning
 * @precision high
 * @id cs/lock-this
- * @tags reliability
- *       maintainability
+ * @tags quality
+ *       reliability
+ *       concurrency
 *       modularity
 *       external/cwe/cwe-662
 */
--- a/csharp/ql/src/Concurrency/LockedWait.ql
+++ b/csharp/ql/src/Concurrency/LockedWait.ql
@@ -5,9 +5,10 @@
 * @problem.severity warning
 * @precision high
 * @id cs/locked-wait
- * @tags reliability
- *       correctness
+ * @tags quality
+ *       reliability
 *       concurrency
+ *       correctness
 *       external/cwe/cwe-662
 *       external/cwe/cwe-833
 */
--- a/Code/DeadStoreOfLocal.ql
+++ b/Code/DeadStoreOfLocal.ql
@@ -5,8 +5,9 @@
 * @kind problem
 * @problem.severity warning
 * @id cs/useless-assignment-to-local
- * @tags maintainability
- *       quality
+ * @tags quality
+ *       maintainability
+ *       useless-code
 *       external/cwe/cwe-563
 * @precision very-high
 */
--- a/csharp/ql/src/Documentation/XmldocMissingSummary.ql
+++ b/csharp/ql/src/Documentation/XmldocMissingSummary.ql
@@ -5,7 +5,9 @@
 * @problem.severity recommendation
 * @precision high
 * @id cs/xmldoc/missing-summary
- * @tags maintainability
+ * @tags quality
+ *       maintainability
+ *       readability
 */

 import Documentation
--- a/Abuse/CastThisToTypeParameter.ql
+++ b/Abuse/CastThisToTypeParameter.ql
@@ -5,8 +5,9 @@
 * @problem.severity recommendation
 * @precision high
 * @id cs/cast-of-this-to-type-parameter
- * @tags reliability
- *       maintainability
+ * @tags quality
+ *       reliability
+ *       correctness
 *       language-features
 */

--- a/Abuse/CatchOfGenericException.ql
+++ b/Abuse/CatchOfGenericException.ql
@@ -6,8 +6,9 @@
 * @problem.severity recommendation
 * @precision high
 * @id cs/catch-of-all-exceptions
- * @tags reliability
- *       maintainability
+ * @tags quality
+ *       reliability
+ *       error-handling
 *       external/cwe/cwe-396
 */

--- a/csharp/ql/src/Language
+++ b/csharp/ql/src/Language
@@ -6,8 +6,9 @@
 * @problem.severity recommendation
 * @precision high
 * @id cs/chained-type-tests
- * @tags changeability
- *       maintainability
+ * @tags reliability
+ *       performance
+ *       changeability
 *       language-features
 */

--- a/Abuse/DubiousDowncastOfThis.ql
+++ b/Abuse/DubiousDowncastOfThis.ql
@@ -5,8 +5,10 @@
 * @problem.severity warning
 * @precision high
 * @id cs/downcast-of-this
- * @tags testability
- *       maintainability
+ * @tags quality
+ *       reliability
+ *       correctness
+ *       testability
 *       language-features
 */

--- a/Abuse/DubiousTypeTestOfThis.ql
+++ b/Abuse/DubiousTypeTestOfThis.ql
@@ -5,8 +5,10 @@
 * @problem.severity warning
 * @precision high
 * @id cs/type-test-of-this
- * @tags testability
- *       maintainability
+ * @tags quality
+ *       reliability
+ *       correctness
+ *       testability
 *       language-features
 */

--- a/Abuse/MissedReadonlyOpportunity.ql
+++ b/Abuse/MissedReadonlyOpportunity.ql
@@ -6,9 +6,10 @@
 * @problem.severity recommendation
 * @precision high
 * @id cs/missed-readonly-modifier
- * @tags maintainability
+ * @tags quality
+ *       maintainability
+ *       readability
 *       language-features
- *       quality
 */

 import csharp
--- a/Show More
+++ b/Show More