Merge branch 'github:main' into couchdb

2026-02-12 05:01:06 +01:00 · 2025-12-22 20:25:41 +01:00
parent b22077c371 6fa60932c9
commit fd78c949d3
913 changed files with 33914 additions and 15179 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -34,7 +34,7 @@ jobs:
    - name: Setup dotnet
      uses: actions/setup-dotnet@v4
      with:
-        dotnet-version: 9.0.300
+        dotnet-version: 10.0.100

    - name: Checkout repository
      uses: actions/checkout@v5
--- a/.github/workflows/csharp-qltest.yml
+++ b/.github/workflows/csharp-qltest.yml
@@ -43,14 +43,14 @@ jobs:
      - name: Setup dotnet
        uses: actions/setup-dotnet@v4
        with:
-          dotnet-version: 9.0.300
+          dotnet-version: 10.0.100
      - name: Extractor unit tests
        run: |
          dotnet tool restore
-          dotnet test -p:RuntimeFrameworkVersion=9.0.5 extractor/Semmle.Util.Tests
-          dotnet test -p:RuntimeFrameworkVersion=9.0.5 extractor/Semmle.Extraction.Tests
-          dotnet test -p:RuntimeFrameworkVersion=9.0.5 autobuilder/Semmle.Autobuild.CSharp.Tests
-          dotnet test -p:RuntimeFrameworkVersion=9.0.5 autobuilder/Semmle.Autobuild.Cpp.Tests
+          dotnet test -p:RuntimeFrameworkVersion=10.0.0 extractor/Semmle.Util.Tests
+          dotnet test -p:RuntimeFrameworkVersion=10.0.0 extractor/Semmle.Extraction.Tests
+          dotnet test -p:RuntimeFrameworkVersion=10.0.0 autobuilder/Semmle.Autobuild.CSharp.Tests
+          dotnet test -p:RuntimeFrameworkVersion=10.0.0 autobuilder/Semmle.Autobuild.Cpp.Tests
        shell: bash
  stubgentest:
    runs-on: ubuntu-latest
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -26,7 +26,7 @@ bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
 bazel_dep(name = "fmt", version = "12.1.0-codeql.1")
 bazel_dep(name = "rules_kotlin", version = "2.1.3-codeql.1")
 bazel_dep(name = "gazelle", version = "0.40.0")
-bazel_dep(name = "rules_dotnet", version = "0.19.2-codeql.1")
+bazel_dep(name = "rules_dotnet", version = "0.21.5-codeql.1")
 bazel_dep(name = "googletest", version = "1.14.0.bcr.1")
 bazel_dep(name = "rules_rust", version = "0.66.0")
 bazel_dep(name = "zstd", version = "1.5.5.bcr.1")
@@ -172,7 +172,7 @@ http_archive(
 )

 dotnet = use_extension("@rules_dotnet//dotnet:extensions.bzl", "dotnet")
-dotnet.toolchain(dotnet_version = "9.0.300")
+dotnet.toolchain(dotnet_version = "10.0.100")
 use_repo(dotnet, "dotnet_toolchains")

 register_toolchains("@dotnet_toolchains//:all")
--- a/actions/ql/lib/CHANGELOG.md
+++ b/actions/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.24
+
+No user-facing changes.
+
 ## 0.4.23

 No user-facing changes.
--- a/actions/ql/lib/change-notes/released/0.4.24.md
+++ b/actions/ql/lib/change-notes/released/0.4.24.md
@@ -0,0 +1,3 @@
+## 0.4.24
+
+No user-facing changes.
--- a/actions/ql/lib/codeql-pack.release.yml
+++ b/actions/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.23
+lastReleaseVersion: 0.4.24
--- a/actions/ql/lib/qlpack.yml
+++ b/actions/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.24-dev
+version: 0.4.25-dev
 library: true
 warnOnImplicitThis: true
 dependencies:
--- a/actions/ql/src/CHANGELOG.md
+++ b/actions/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.6.16
+
+No user-facing changes.
+
 ## 0.6.15

 No user-facing changes.
--- a/actions/ql/src/change-notes/released/0.6.16.md
+++ b/actions/ql/src/change-notes/released/0.6.16.md
@@ -0,0 +1,3 @@
+## 0.6.16
+
+No user-facing changes.
--- a/actions/ql/src/codeql-pack.release.yml
+++ b/actions/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.15
+lastReleaseVersion: 0.6.16
--- a/actions/ql/src/qlpack.yml
+++ b/actions/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.16-dev
+version: 0.6.17-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]
--- a/config/identical-files.json
+++ b/config/identical-files.json
@@ -282,6 +282,7 @@
    "java/ql/lib/semmle/code/java/internal/OverlayXml.qll",
    "go/ql/lib/semmle/go/internal/OverlayXml.qll",
    "python/ql/lib/semmle/python/internal/OverlayXml.qll",
-    "csharp/ql/lib/semmle/code/csharp/internal/OverlayXml.qll"
+    "csharp/ql/lib/semmle/code/csharp/internal/OverlayXml.qll",
+    "cpp/ql/lib/semmle/code/cpp/internal/OverlayXml.qll"
  ]
 }
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 6.1.3
+
+No user-facing changes.
+
 ## 6.1.2

 No user-facing changes.
--- a/cpp/ql/lib/change-notes/released/6.1.3.md
+++ b/cpp/ql/lib/change-notes/released/6.1.3.md
@@ -0,0 +1,3 @@
+## 6.1.3
+
+No user-facing changes.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 6.1.2
+lastReleaseVersion: 6.1.3
--- a/cpp/ql/lib/ext/empty.model.yml
+++ b/cpp/ql/lib/ext/empty.model.yml
@@ -9,6 +9,14 @@ extensions:
      pack: codeql/cpp-all
      extensible: sinkModel
    data: []
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: barrierModel
+    data: []
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: barrierGuardModel
+    data: []
  - addsTo:
      pack: codeql/cpp-all
      extensible: summaryModel
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 6.1.3-dev
+version: 6.1.4-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
@@ -101,9 +101,10 @@ private import internal.FlowSummaryImpl
 private import internal.FlowSummaryImpl::Public
 private import internal.FlowSummaryImpl::Private
 private import internal.FlowSummaryImpl::Private::External
-private import internal.ExternalFlowExtensions as Extensions
+private import internal.ExternalFlowExtensions::Extensions as Extensions
 private import codeql.mad.ModelValidation as SharedModelVal
 private import codeql.util.Unit
+private import codeql.mad.static.ModelsAsData as SharedMaD

 /**
 * A unit class for adding additional source model rows.
@@ -144,134 +145,81 @@ predicate sinkModel(string row) { any(SinkModelCsv s).row(row) }
 /** Holds if `row` is a summary model. */
 predicate summaryModel(string row) { any(SummaryModelCsv s).row(row) }

-/** Holds if a source model exists for the given parameters. */
-predicate sourceModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string output, string kind, string provenance, string model
-) {
-  exists(string row |
-    sourceModel(row) and
-    row.splitAt(";", 0) = namespace and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = subtypes.toString() and
-    subtypes = [true, false] and
-    row.splitAt(";", 3) = name and
-    row.splitAt(";", 4) = signature and
-    row.splitAt(";", 5) = ext and
-    row.splitAt(";", 6) = output and
-    row.splitAt(";", 7) = kind
-  ) and
-  provenance = "manual" and
-  model = ""
-  or
-  exists(QlBuiltins::ExtensionId madId |
-    Extensions::sourceModel(namespace, type, subtypes, name, signature, ext, output, kind,
-      provenance, madId) and
-    model = "MaD:" + madId.toString()
-  )
+private module MadInput implements SharedMaD::InputSig {
+  /** Holds if a source model exists for the given parameters. */
+  predicate additionalSourceModel(
+    string namespace, string type, boolean subtypes, string name, string signature, string ext,
+    string output, string kind, string provenance, string model
+  ) {
+    exists(string row |
+      sourceModel(row) and
+      row.splitAt(";", 0) = namespace and
+      row.splitAt(";", 1) = type and
+      row.splitAt(";", 2) = subtypes.toString() and
+      subtypes = [true, false] and
+      row.splitAt(";", 3) = name and
+      row.splitAt(";", 4) = signature and
+      row.splitAt(";", 5) = ext and
+      row.splitAt(";", 6) = output and
+      row.splitAt(";", 7) = kind
+    ) and
+    provenance = "manual" and
+    model = ""
+  }
+
+  /** Holds if a sink model exists for the given parameters. */
+  predicate additionalSinkModel(
+    string namespace, string type, boolean subtypes, string name, string signature, string ext,
+    string input, string kind, string provenance, string model
+  ) {
+    exists(string row |
+      sinkModel(row) and
+      row.splitAt(";", 0) = namespace and
+      row.splitAt(";", 1) = type and
+      row.splitAt(";", 2) = subtypes.toString() and
+      subtypes = [true, false] and
+      row.splitAt(";", 3) = name and
+      row.splitAt(";", 4) = signature and
+      row.splitAt(";", 5) = ext and
+      row.splitAt(";", 6) = input and
+      row.splitAt(";", 7) = kind
+    ) and
+    provenance = "manual" and
+    model = ""
+  }
+
+  /**
+   * Holds if a summary model exists for the given parameters.
+   *
+   * This predicate does not expand `@` to `*`s.
+   */
+  predicate additionalSummaryModel(
+    string namespace, string type, boolean subtypes, string name, string signature, string ext,
+    string input, string output, string kind, string provenance, string model
+  ) {
+    exists(string row |
+      summaryModel(row) and
+      row.splitAt(";", 0) = namespace and
+      row.splitAt(";", 1) = type and
+      row.splitAt(";", 2) = subtypes.toString() and
+      subtypes = [true, false] and
+      row.splitAt(";", 3) = name and
+      row.splitAt(";", 4) = signature and
+      row.splitAt(";", 5) = ext and
+      row.splitAt(";", 6) = input and
+      row.splitAt(";", 7) = output and
+      row.splitAt(";", 8) = kind
+    ) and
+    provenance = "manual" and
+    model = ""
+  }
+
+  string namespaceSegmentSeparator() { result = "::" }
 }

-/** Holds if a sink model exists for the given parameters. */
-predicate sinkModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string kind, string provenance, string model
-) {
-  exists(string row |
-    sinkModel(row) and
-    row.splitAt(";", 0) = namespace and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = subtypes.toString() and
-    subtypes = [true, false] and
-    row.splitAt(";", 3) = name and
-    row.splitAt(";", 4) = signature and
-    row.splitAt(";", 5) = ext and
-    row.splitAt(";", 6) = input and
-    row.splitAt(";", 7) = kind
-  ) and
-  provenance = "manual" and
-  model = ""
-  or
-  exists(QlBuiltins::ExtensionId madId |
-    Extensions::sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance,
-      madId) and
-    model = "MaD:" + madId.toString()
-  )
-}
+private module MaD = SharedMaD::ModelsAsData<Extensions, MadInput>;

-/**
- * Holds if a summary model exists for the given parameters.
- *
- * This predicate does not expand `@` to `*`s.
- */
-private predicate summaryModel0(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string output, string kind, string provenance, string model
-) {
-  exists(string row |
-    summaryModel(row) and
-    row.splitAt(";", 0) = namespace and
-    row.splitAt(";", 1) = type and
-    row.splitAt(";", 2) = subtypes.toString() and
-    subtypes = [true, false] and
-    row.splitAt(";", 3) = name and
-    row.splitAt(";", 4) = signature and
-    row.splitAt(";", 5) = ext and
-    row.splitAt(";", 6) = input and
-    row.splitAt(";", 7) = output and
-    row.splitAt(";", 8) = kind
-  ) and
-  provenance = "manual" and
-  model = ""
-  or
-  exists(QlBuiltins::ExtensionId madId |
-    Extensions::summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind,
-      provenance, madId) and
-    model = "MaD:" + madId.toString()
-  )
-}
-
-/**
- * Holds if the given extension tuple `madId` should pretty-print as `model`.
- *
- * This predicate should only be used in tests.
- */
-predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
-  exists(
-    string namespace, string type, boolean subtypes, string name, string signature, string ext,
-    string output, string kind, string provenance
-  |
-    Extensions::sourceModel(namespace, type, subtypes, name, signature, ext, output, kind,
-      provenance, madId)
-  |
-    model =
-      "Source: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; "
-        + ext + "; " + output + "; " + kind + "; " + provenance
-  )
-  or
-  exists(
-    string namespace, string type, boolean subtypes, string name, string signature, string ext,
-    string input, string kind, string provenance
-  |
-    Extensions::sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance,
-      madId)
-  |
-    model =
-      "Sink: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " +
-        ext + "; " + input + "; " + kind + "; " + provenance
-  )
-  or
-  exists(
-    string namespace, string type, boolean subtypes, string name, string signature, string ext,
-    string input, string output, string kind, string provenance
-  |
-    Extensions::summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind,
-      provenance, madId)
-  |
-    model =
-      "Summary: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature +
-        "; " + ext + "; " + input + "; " + output + "; " + kind + "; " + provenance
-  )
-}
+import MaD

 /**
 * Holds if `input` is `input0`, but with all occurrences of `@` replaced
@@ -294,69 +242,13 @@ predicate summaryModel(
  string input, string output, string kind, string provenance, string model
 ) {
  exists(string input0, string output0 |
-    summaryModel0(namespace, type, subtypes, name, signature, ext, input0, output0, kind,
+    MaD::summaryModel(namespace, type, subtypes, name, signature, ext, input0, output0, kind,
      provenance, model) and
    expandInputAndOutput(input0, input, output0, output,
      [0 .. Private::getMaxElementContentIndirectionIndex() - 1])
  )
 }

-private predicate relevantNamespace(string namespace) {
-  sourceModel(namespace, _, _, _, _, _, _, _, _, _) or
-  sinkModel(namespace, _, _, _, _, _, _, _, _, _) or
-  summaryModel(namespace, _, _, _, _, _, _, _, _, _, _)
-}
-
-private predicate namespaceLink(string shortns, string longns) {
-  relevantNamespace(shortns) and
-  relevantNamespace(longns) and
-  longns.prefix(longns.indexOf("::")) = shortns
-}
-
-private predicate canonicalNamespace(string namespace) {
-  relevantNamespace(namespace) and not namespaceLink(_, namespace)
-}
-
-private predicate canonicalNamespaceLink(string namespace, string subns) {
-  canonicalNamespace(namespace) and
-  (subns = namespace or namespaceLink(namespace, subns))
-}
-
-/**
- * Holds if MaD framework coverage of `namespace` is `n` api endpoints of the
- * kind `(kind, part)`, and `namespaces` is the number of subnamespaces of
- * `namespace` which have MaD framework coverage (including `namespace`
- * itself).
- */
-predicate modelCoverage(string namespace, int namespaces, string kind, string part, int n) {
-  namespaces = strictcount(string subns | canonicalNamespaceLink(namespace, subns)) and
-  (
-    part = "source" and
-    n =
-      strictcount(string subns, string type, boolean subtypes, string name, string signature,
-        string ext, string output, string provenance, string model |
-        canonicalNamespaceLink(namespace, subns) and
-        sourceModel(subns, type, subtypes, name, signature, ext, output, kind, provenance, model)
-      )
-    or
-    part = "sink" and
-    n =
-      strictcount(string subns, string type, boolean subtypes, string name, string signature,
-        string ext, string input, string provenance, string model |
-        canonicalNamespaceLink(namespace, subns) and
-        sinkModel(subns, type, subtypes, name, signature, ext, input, kind, provenance, model)
-      )
-    or
-    part = "summary" and
-    n =
-      strictcount(string subns, string type, boolean subtypes, string name, string signature,
-        string ext, string input, string output, string provenance |
-        canonicalNamespaceLink(namespace, subns) and
-        summaryModel(subns, type, subtypes, name, signature, ext, input, output, kind, provenance, _)
-      )
-  )
-}
-
 /** Provides a query predicate to check the CSV data for validation errors. */
 module CsvValidation {
  private string getInvalidModelInput() {
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/ExternalFlowExtensions.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/ExternalFlowExtensions.qll
@@ -2,6 +2,8 @@
 * This module provides extensible predicates for defining MaD models.
 */

+private import codeql.mad.static.ModelsAsData as SharedMaD
+
 /**
 * Holds if an external source model exists for the given parameters.
 */
@@ -18,6 +20,22 @@ extensible predicate sinkModel(
  string input, string kind, string provenance, QlBuiltins::ExtensionId madId
 );

+/**
+ * Holds if a barrier model exists for the given parameters.
+ */
+extensible predicate barrierModel(
+  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string output, string kind, string provenance, QlBuiltins::ExtensionId madId
+);
+
+/**
+ * Holds if a barrier guard model exists for the given parameters.
+ */
+extensible predicate barrierGuardModel(
+  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string acceptingvalue, string kind, string provenance, QlBuiltins::ExtensionId madId
+);
+
 /**
 * Holds if an external summary model exists for the given parameters.
 */
@@ -25,3 +43,16 @@ extensible predicate summaryModel(
  string namespace, string type, boolean subtypes, string name, string signature, string ext,
  string input, string output, string kind, string provenance, QlBuiltins::ExtensionId madId
 );
+
+/**
+ * Holds if a neutral model exists for the given parameters.
+ */
+extensible predicate neutralModel(
+  string namespace, string type, string name, string signature, string kind, string provenance
+);
+
+module Extensions implements SharedMaD::ExtensionsSig {
+  import ExternalFlowExtensions
+
+  predicate namespaceGrouping(string group, string namespace) { none() }
+}
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll
@@ -148,6 +148,19 @@ module SourceSinkInterpretationInput implements
    )
  }

+  predicate barrierElement(
+    Element n, string output, string kind, Public::Provenance provenance, string model
+  ) {
+    none()
+  }
+
+  predicate barrierGuardElement(
+    Element n, string input, Public::AcceptingValue acceptingvalue, string kind,
+    Public::Provenance provenance, string model
+  ) {
+    none()
+  }
+
  private newtype TInterpretNode =
    TElement_(Element n) or
    TNode_(Node n)
--- a/cpp/ql/lib/semmle/code/cpp/internal/Overlay.qll
+++ b/cpp/ql/lib/semmle/code/cpp/internal/Overlay.qll
@@ -2,6 +2,8 @@
 * Defines entity discard predicates for C++ overlay analysis.
 */

+private import OverlayXml
+
 /**
 * Holds always for the overlay variant and never for the base variant.
 * This local predicate is used to define local predicates that behave
@@ -20,9 +22,21 @@ private string getLocationFilePath(@location_default loc) {
 */
 overlay[local]
 private string getSingleLocationFilePath(@element e) {
-  // @var_decl has a direct location in the var_decls relation
-  exists(@location_default loc | var_decls(e, _, _, _, loc) | result = getLocationFilePath(loc))
-  //TODO: add other kinds of elements with single locations
+  exists(@location_default loc |
+    var_decls(e, _, _, _, loc)
+    or
+    fun_decls(e, _, _, _, loc)
+    or
+    type_decls(e, _, loc)
+    or
+    namespace_decls(e, _, loc, _)
+    or
+    macroinvocations(e, _, loc, _)
+    or
+    preprocdirects(e, _, loc)
+  |
+    result = getLocationFilePath(loc)
+  )
 }

 /**
@@ -30,11 +44,17 @@ private string getSingleLocationFilePath(@element e) {
 */
 overlay[local]
 private string getMultiLocationFilePath(@element e) {
-  // @variable gets its location(s) from its @var_decl(s)
-  exists(@var_decl vd, @location_default loc | var_decls(vd, e, _, _, loc) |
+  exists(@location_default loc |
+    exists(@var_decl vd | var_decls(vd, e, _, _, loc))
+    or
+    exists(@fun_decl fd | fun_decls(fd, e, _, _, loc))
+    or
+    exists(@type_decl td | type_decls(td, e, loc))
+    or
+    exists(@namespace_decl nd | namespace_decls(nd, e, loc, _))
+  |
    result = getLocationFilePath(loc)
  )
-  //TODO: add other kinds of elements with multiple locations
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/internal/OverlayXml.qll
+++ b/cpp/ql/lib/semmle/code/cpp/internal/OverlayXml.qll
@@ -0,0 +1,46 @@
+overlay[local]
+module;
+
+/**
+ * A local predicate that always holds for the overlay variant and never holds for the base variant.
+ * This is used to define local predicates that behave differently for the base and overlay variant.
+ */
+private predicate isOverlay() { databaseMetadata("isOverlay", "true") }
+
+private string getXmlFile(@xmllocatable locatable) {
+  exists(@location_default location, @file file | xmllocations(locatable, location) |
+    locations_default(location, file, _, _, _, _) and
+    files(file, result)
+  )
+}
+
+private string getXmlFileInBase(@xmllocatable locatable) {
+  not isOverlay() and
+  result = getXmlFile(locatable)
+}
+
+/**
+ * Holds if the given `file` was extracted as part of the overlay and was extracted by the HTML/XML
+ * extractor.
+ */
+private predicate overlayXmlExtracted(string file) {
+  isOverlay() and
+  exists(@xmllocatable locatable |
+    not files(locatable, _) and not xmlNs(locatable, _, _, _) and file = getXmlFile(locatable)
+  )
+}
+
+/**
+ * Holds if the given XML `locatable` should be discarded, because it is part of the overlay base
+ * and is in a file that was also extracted as part of the overlay database.
+ */
+overlay[discard_entity]
+private predicate discardXmlLocatable(@xmllocatable locatable) {
+  exists(string file | file = getXmlFileInBase(locatable) |
+    overlayChangedFiles(file)
+    or
+    // The HTML/XML extractor is currently not incremental and may extract more files than those
+    // included in overlayChangedFiles.
+    overlayXmlExtracted(file)
+  )
+}
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
@@ -1051,12 +1051,12 @@ module BarrierGuardWithIntParam<guardChecksNodeSig/4 guardChecksNode> {
  }

  private predicate guardChecksInstr(
-    IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, boolean branch,
+    IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, IRGuards::GuardValue gv,
    int indirectionIndex
  ) {
    exists(Node node |
      nodeHasInstruction(node, instr, indirectionIndex) and
-      guardChecksNode(g, node, branch, indirectionIndex)
+      guardChecksNode(g, node, gv.asBooleanValue(), indirectionIndex)
    )
  }

@@ -1064,8 +1064,8 @@ module BarrierGuardWithIntParam<guardChecksNodeSig/4 guardChecksNode> {
    DataFlowIntegrationInput::Guard g, SsaImpl::Definition def, IRGuards::GuardValue val,
    int indirectionIndex
  ) {
-    IRGuards::Guards_v1::ValidationWrapperWithState<int, guardChecksInstr/4>::guardChecksDef(g, def,
-      val, indirectionIndex)
+    IRGuards::Guards_v1::ParameterizedValidationWrapper<int, guardChecksInstr/4>::guardChecksDef(g,
+      def, val, indirectionIndex)
  }

  Node getABarrierNode(int indirectionIndex) {
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.5.7
+
+No user-facing changes.
+
 ## 1.5.6

 No user-facing changes.
--- a/cpp/ql/src/change-notes/released/1.5.7.md
+++ b/cpp/ql/src/change-notes/released/1.5.7.md
@@ -0,0 +1,3 @@
+## 1.5.7
+
+No user-facing changes.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.6
+lastReleaseVersion: 1.5.7
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.5.7-dev
+version: 1.5.8-dev
 groups:
  - cpp
  - queries
--- a/csharp/.config/dotnet-tools.json
+++ b/csharp/.config/dotnet-tools.json
@@ -3,7 +3,7 @@
  "isRoot": true,
  "tools": {
    "paket": {
-      "version": "9.0.2",
+      "version": "10.0.0-alpha011",
      "commands": [
        "paket"
      ]
--- a/csharp/.vscode/launch.json
+++ b/csharp/.vscode/launch.json
@@ -6,7 +6,7 @@
            "type": "coreclr",
            "request": "launch",
            "preLaunchTask": "dotnet: build",
-            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Standalone/bin/Debug/net9.0/Semmle.Extraction.CSharp.Standalone.dll",
+            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Standalone/bin/Debug/net10.0/Semmle.Extraction.CSharp.Standalone.dll",
            "args": [],
            // Set the path to the folder that should be extracted:
            "cwd": "${workspaceFolder}/ql/test/library-tests/standalone/standalonemode",
@@ -35,7 +35,7 @@
            "type": "coreclr",
            "request": "launch",
            "preLaunchTask": "dotnet: build",
-            "program": "${workspaceFolder}/autobuilder/Semmle.Autobuild.CSharp/bin/Debug/net9.0/Semmle.Autobuild.CSharp.dll",
+            "program": "${workspaceFolder}/autobuilder/Semmle.Autobuild.CSharp/bin/Debug/net10.0/Semmle.Autobuild.CSharp.dll",
            // Set the path to the folder that should be extracted:
            "cwd": "${workspaceFolder}/ql/integration-tests/all-platforms/autobuild",
            "stopAtEntry": true,
@@ -53,7 +53,7 @@
            "type": "coreclr",
            "request": "launch",
            "preLaunchTask": "dotnet: build",
-            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net9.0/Semmle.Extraction.CSharp.Driver.dll",
+            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net10.0/Semmle.Extraction.CSharp.Driver.dll",
            "stopAtEntry": true,
            "args": [
                "--binlog",
@@ -66,7 +66,7 @@
            "type": "coreclr",
            "request": "launch",
            "preLaunchTask": "dotnet: build",
-            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net9.0/Semmle.Extraction.CSharp.Driver.dll",
+            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net10.0/Semmle.Extraction.CSharp.Driver.dll",
            // Set the path to the folder that should be extracted:
            "cwd": "${workspaceFolder}/ql/test/library-tests/dataflow/local",
            "args": [
--- a/csharp/.vscode/settings.json
+++ b/csharp/.vscode/settings.json
@@ -10,5 +10,5 @@
    "omnisharp.enableRoslynAnalyzers": true,
    "csharpFormatUsings.splitGroups": false,
    "csharpFormatUsings.sortOrder": "Xunit System Microsoft Semmle.Util Semmle",
-    "dotnet.defaultSolution": "CSharp.sln"
-}
+    "dotnet.defaultSolution": "CSharp.slnx"
+}
--- a/csharp/CSharp.sln
+++ b/csharp/CSharp.sln
@@ -1,118 +0,0 @@
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 15
-VisualStudioVersion = 15.0.27130.2036
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Util", "extractor\Semmle.Util\Semmle.Util.csproj", "{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp", "extractor\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj", "{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.DependencyFetching", "extractor\Semmle.Extraction.CSharp.DependencyFetching\Semmle.Extraction.CSharp.DependencyFetching.csproj", "{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.Standalone", "extractor\Semmle.Extraction.CSharp.Standalone\Semmle.Extraction.CSharp.Standalone.csproj", "{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.StubGenerator", "extractor\Semmle.Extraction.CSharp.StubGenerator\Semmle.Extraction.CSharp.StubGenerator.csproj", "{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.Util", "extractor\Semmle.Extraction.CSharp.Util\Semmle.Extraction.CSharp.Util.csproj", "{998A0D4C-8BFC-4513-A28D-4816AFB89882}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.Driver", "extractor\Semmle.Extraction.CSharp.Driver\Semmle.Extraction.CSharp.Driver.csproj", "{C36453BF-0C82-448A-B15D-26947503A2D3}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.Tests", "extractor\Semmle.Extraction.Tests\Semmle.Extraction.Tests.csproj", "{CD8D3F90-AD2E-4BB5-8E82-B94AA293864A}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Util.Tests", "extractor\Semmle.Util.Tests\Semmle.Util.Tests.csproj", "{55A620F0-23F6-440D-A5BA-0567613B3C0F}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.Shared", "autobuilder\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj", "{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.CSharp", "autobuilder\Semmle.Autobuild.CSharp\Semmle.Autobuild.CSharp.csproj", "{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.CSharp.Tests", "autobuilder\Semmle.Autobuild.CSharp.Tests\Semmle.Autobuild.CSharp.Tests.csproj", "{34256E8F-866A-46C1-800E-3DF69FD1DCB7}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Extraction.CSharp.DependencyStubGenerator", "extractor\Semmle.Extraction.CSharp.DependencyStubGenerator\Semmle.Extraction.CSharp.DependencyStubGenerator.csproj", "{0EDA21A3-ADD8-4C10-B494-58B12B526B76}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.Cpp", "autobuilder\Semmle.Autobuild.Cpp\Semmle.Autobuild.Cpp.csproj", "{125C4FB7-34DA-442A-9095-3EA1514270CD}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.Cpp.Tests", "autobuilder\Semmle.Autobuild.Cpp.Tests\Semmle.Autobuild.Cpp.Tests.csproj", "{72F369B7-0707-401A-802F-D526F272F9EE}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Any CPU = Debug|Any CPU
-		Release|Any CPU = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}.Release|Any CPU.Build.0 = Release|Any CPU
-		{81EAAD75-4BE1-44E4-91DF-20778216DB64}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{81EAAD75-4BE1-44E4-91DF-20778216DB64}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{81EAAD75-4BE1-44E4-91DF-20778216DB64}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{81EAAD75-4BE1-44E4-91DF-20778216DB64}.Release|Any CPU.Build.0 = Release|Any CPU
-		{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}.Release|Any CPU.Build.0 = Release|Any CPU
-		{399A1579-68F0-40F4-9A23-F241BA697F9C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{399A1579-68F0-40F4-9A23-F241BA697F9C}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{399A1579-68F0-40F4-9A23-F241BA697F9C}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{399A1579-68F0-40F4-9A23-F241BA697F9C}.Release|Any CPU.Build.0 = Release|Any CPU
-		{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}.Release|Any CPU.Build.0 = Release|Any CPU
-		{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}.Release|Any CPU.Build.0 = Release|Any CPU
-		{EFA400B3-C1CE-446F-A4E2-8B44E61EF47C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{EFA400B3-C1CE-446F-A4E2-8B44E61EF47C}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{EFA400B3-C1CE-446F-A4E2-8B44E61EF47C}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{EFA400B3-C1CE-446F-A4E2-8B44E61EF47C}.Release|Any CPU.Build.0 = Release|Any CPU
-		{C36453BF-0C82-448A-B15D-26947503A2D3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{C36453BF-0C82-448A-B15D-26947503A2D3}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{C36453BF-0C82-448A-B15D-26947503A2D3}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{C36453BF-0C82-448A-B15D-26947503A2D3}.Release|Any CPU.Build.0 = Release|Any CPU
-		{CD8D3F90-AD2E-4BB5-8E82-B94AA293864A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{CD8D3F90-AD2E-4BB5-8E82-B94AA293864A}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{CD8D3F90-AD2E-4BB5-8E82-B94AA293864A}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{55A620F0-23F6-440D-A5BA-0567613B3C0F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{55A620F0-23F6-440D-A5BA-0567613B3C0F}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{55A620F0-23F6-440D-A5BA-0567613B3C0F}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}.Release|Any CPU.Build.0 = Release|Any CPU
-		{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}.Release|Any CPU.Build.0 = Release|Any CPU
-		{34256E8F-866A-46C1-800E-3DF69FD1DCB7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{34256E8F-866A-46C1-800E-3DF69FD1DCB7}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{34256E8F-866A-46C1-800E-3DF69FD1DCB7}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{34256E8F-866A-46C1-800E-3DF69FD1DCB7}.Release|Any CPU.Build.0 = Release|Any CPU
-		{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}.Release|Any CPU.Build.0 = Release|Any CPU
-		{998A0D4C-8BFC-4513-A28D-4816AFB89882}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{998A0D4C-8BFC-4513-A28D-4816AFB89882}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{998A0D4C-8BFC-4513-A28D-4816AFB89882}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{998A0D4C-8BFC-4513-A28D-4816AFB89882}.Release|Any CPU.Build.0 = Release|Any CPU
-		{0EDA21A3-ADD8-4C10-B494-58B12B526B76}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{0EDA21A3-ADD8-4C10-B494-58B12B526B76}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{0EDA21A3-ADD8-4C10-B494-58B12B526B76}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{0EDA21A3-ADD8-4C10-B494-58B12B526B76}.Release|Any CPU.Build.0 = Release|Any CPU
-		{125C4FB7-34DA-442A-9095-3EA1514270CD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{125C4FB7-34DA-442A-9095-3EA1514270CD}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{125C4FB7-34DA-442A-9095-3EA1514270CD}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{125C4FB7-34DA-442A-9095-3EA1514270CD}.Release|Any CPU.Build.0 = Release|Any CPU
-		{72F369B7-0707-401A-802F-D526F272F9EE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{72F369B7-0707-401A-802F-D526F272F9EE}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{72F369B7-0707-401A-802F-D526F272F9EE}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{72F369B7-0707-401A-802F-D526F272F9EE}.Release|Any CPU.Build.0 = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-	GlobalSection(ExtensibilityGlobals) = postSolution
-		SolutionGuid = {E2B2BAC0-D55C-45DB-8CB3-8CEBA86FB547}
-	EndGlobalSection
-EndGlobal
--- a/csharp/CSharp.slnx
+++ b/csharp/CSharp.slnx
@@ -0,0 +1,25 @@
+<Solution>
+  <Project Path="autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj">
+    <Build Solution="Release|*" Project="false" />
+  </Project>
+  <Project Path="autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj" />
+  <Project Path="autobuilder/Semmle.Autobuild.CSharp.Tests/Semmle.Autobuild.CSharp.Tests.csproj">
+    <Build Solution="Release|*" Project="false" />
+  </Project>
+  <Project Path="autobuilder/Semmle.Autobuild.CSharp/Semmle.Autobuild.CSharp.csproj" />
+  <Project Path="autobuilder/Semmle.Autobuild.Shared/Semmle.Autobuild.Shared.csproj" />
+  <Project Path="extractor/Semmle.Extraction.CSharp.DependencyFetching/Semmle.Extraction.CSharp.DependencyFetching.csproj" />
+  <Project Path="extractor/Semmle.Extraction.CSharp.DependencyStubGenerator/Semmle.Extraction.CSharp.DependencyStubGenerator.csproj" />
+  <Project Path="extractor/Semmle.Extraction.CSharp.Driver/Semmle.Extraction.CSharp.Driver.csproj" />
+  <Project Path="extractor/Semmle.Extraction.CSharp.Standalone/Semmle.Extraction.CSharp.Standalone.csproj" />
+  <Project Path="extractor/Semmle.Extraction.CSharp.StubGenerator/Semmle.Extraction.CSharp.StubGenerator.csproj" />
+  <Project Path="extractor/Semmle.Extraction.CSharp.Util/Semmle.Extraction.CSharp.Util.csproj" />
+  <Project Path="extractor/Semmle.Extraction.CSharp/Semmle.Extraction.CSharp.csproj" />
+  <Project Path="extractor/Semmle.Extraction.Tests/Semmle.Extraction.Tests.csproj">
+    <Build Solution="Release|*" Project="false" />
+  </Project>
+  <Project Path="extractor/Semmle.Util.Tests/Semmle.Util.Tests.csproj">
+    <Build Solution="Release|*" Project="false" />
+  </Project>
+  <Project Path="extractor/Semmle.Util/Semmle.Util.csproj" />
+</Solution>
--- a/csharp/Directory.Build.props
+++ b/csharp/Directory.Build.props
@@ -1,7 +1,7 @@
 <Project>

  <PropertyGroup>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
    <Nullable>enable</Nullable>
    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
--- a/csharp/actions/create-extractor-pack/action.yml
+++ b/csharp/actions/create-extractor-pack/action.yml
@@ -7,7 +7,7 @@ runs:
    - name: Setup dotnet
      uses: actions/setup-dotnet@v4
      with:
-        dotnet-version: 9.0.300
+        dotnet-version: 10.0.100
    - name: Build Extractor
      shell: bash
      run: scripts/create-extractor-pack.sh
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BUILD.bazel
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BUILD.bazel
@@ -13,6 +13,5 @@ codeql_xunit_test(
        "//csharp/autobuilder/Semmle.Autobuild.CSharp:bin/Semmle.Autobuild.CSharp",
        "//csharp/autobuilder/Semmle.Autobuild.Shared",
        "@paket.main//microsoft.net.test.sdk",
-        "@paket.main//system.io.filesystem",
    ],
 )
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/paket.references
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/paket.references
@@ -1,4 +1,3 @@
-System.IO.FileSystem
 xunit
 xunit.runner.visualstudio
 Microsoft.NET.Test.Sdk
--- a/csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/BUILD.bazel
+++ b/csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/BUILD.bazel
@@ -13,6 +13,5 @@ codeql_xunit_test(
        "//csharp/autobuilder/Semmle.Autobuild.Cpp:bin/Semmle.Autobuild.Cpp",
        "//csharp/autobuilder/Semmle.Autobuild.Shared",
        "@paket.main//microsoft.net.test.sdk",
-        "@paket.main//system.io.filesystem",
    ],
 )
--- a/csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/paket.references
+++ b/csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/paket.references
@@ -1,4 +1,3 @@
-System.IO.FileSystem
 xunit
 xunit.runner.visualstudio
 Microsoft.NET.Test.Sdk
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/Autobuilder.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/Autobuilder.cs
@@ -182,8 +182,16 @@ namespace Semmle.Autobuild.Shared
                if (ret is not null)
                    return ret;

+                // Then look for language specific solution files, e.g. `.slnx` files
+                if (Options.Language.SolutionExtension is string solutionExtension)
+                {
+                    ret = FindFiles(solutionExtension, f => new Solution<TAutobuildOptions>(this, f, false))?.ToList();
+                    if (ret is not null)
+                        return ret;
+                }
+
                // Finally look for language specific project files, e.g. `.csproj` files
-                ret = FindFiles(this.Options.Language.ProjectExtension, f => new Project<TAutobuildOptions>(this, f))?.ToList();
+                ret = FindFiles(Options.Language.ProjectExtension, f => new Project<TAutobuildOptions>(this, f))?.ToList();
                return ret ?? new List<IProjectOrSolution>();
            });

--- a/csharp/autobuilder/Semmle.Autobuild.Shared/BUILD.bazel
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/BUILD.bazel
@@ -12,5 +12,6 @@ codeql_csharp_library(
    deps = [
        "//csharp/extractor/Semmle.Util",
        "@paket.main//microsoft.build",
+        "@paket.main//microsoft.visualstudio.solutionpersistence",
    ],
 )
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/Solution.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/Solution.cs
@@ -4,12 +4,11 @@ using System.IO;
 using System.Linq;
 using Microsoft.Build.Construction;
 using Microsoft.Build.Exceptions;
-using Semmle.Util.Logging;

 namespace Semmle.Autobuild.Shared
 {
    /// <summary>
-    /// A solution file, extension .sln.
+    /// A solution file, extension .sln or .slnx.
    /// </summary>
    public interface ISolution : IProjectOrSolution
    {
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/paket.references
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/paket.references
@@ -1 +1,2 @@
 Microsoft.Build
+Microsoft.VisualStudio.SolutionPersistence
--- a/csharp/documentation/library-coverage/coverage.csv
+++ b/csharp/documentation/library-coverage/coverage.csv
@@ -40,6 +40,7 @@ Microsoft.VisualBasic,,,6,,,,,,,,,,,,,,,,,,,1,5
 Microsoft.Win32,,4,2,,,,,,,,,,,,,,,,,,4,,2
 Mono.Linker,,,278,,,,,,,,,,,,,,,,,,,127,151
 MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,,
+NHibernate,3,,,,,,,,,,,,3,,,,,,,,,,
 Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18
 ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7,
 SourceGenerators,,,5,,,,,,,,,,,,,,,,,,,,5
--- a/csharp/documentation/library-coverage/coverage.rst
+++ b/csharp/documentation/library-coverage/coverage.rst
@@ -9,6 +9,6 @@ C# framework & library support
   Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
   `ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
   System,"``System.*``, ``System``",47,12241,54,5
-   Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Data.SqlClient``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2257,159,4
-   Totals,,107,14505,407,9
+   Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Data.SqlClient``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``NHibernate``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2257,162,4
+   Totals,,107,14505,410,9

--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/BUILD.bazel
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/BUILD.bazel
@@ -15,6 +15,7 @@ codeql_csharp_library(
    deps = [
        "//csharp/extractor/Semmle.Extraction.CSharp",
        "//csharp/extractor/Semmle.Util",
+        "@paket.main//microsoft.visualstudio.solutionpersistence",
        "@paket.main//newtonsoft.json",
        "@paket.main//nuget.versioning",
    ],
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs
@@ -157,7 +157,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
        }

        // The version number should be kept in sync with the version .NET version used for building the application.
-        public const string LatestDotNetSdkVersion = "9.0.300";
+        public const string LatestDotNetSdkVersion = "10.0.100";

        public static ReadOnlyDictionary<string, string> MinimalEnvironment => IDotNetCliInvoker.MinimalEnvironment;

--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FilePathFilter.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FilePathFilter.cs
@@ -55,12 +55,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
                }
                else
                {
-                    logger.LogInfo($"Invalid filter: {filter}");
+                    logger.LogWarning($"Invalid filter: {filter}");
                    continue;
                }

                var regex = new FilePattern(filterText).RegexPattern;
-                logger.LogInfo($"Filtering {(include ? "in" : "out")} files matching '{regex}'. Original glob filter: '{filter}'");
+                logger.LogDebug($"Filtering {(include ? "in" : "out")} files matching '{regex}'. Original glob filter: '{filter}'");
                pathFilters.Add(new PathFilter(new Regex(regex, RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.Singleline), include));
            }

@@ -91,7 +91,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching

                if (!include)
                {
-                    logger.LogInfo($"Excluding '{f.FileInfo.FullName}'");
+                    logger.LogDebug($"Excluding '{f.FileInfo.FullName}'");
                }

                return include;
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FileProvider.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FileProvider.cs
@@ -37,7 +37,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
            smallNonBinary = new Lazy<string[]>(() => ReturnAndLogFiles("small non-binary", SelectSmallFiles(allNonBinary.Value).SelectFileNames().ToArray()));
            sources = new Lazy<string[]>(() => SelectTextFileNamesByExtension("source", ".cs"));
            projects = new Lazy<string[]>(() => SelectTextFileNamesByExtension("project", ".csproj"));
-            solutions = new Lazy<string[]>(() => SelectTextFileNamesByExtension("solution", ".sln"));
+            solutions = new Lazy<string[]>(() => SelectTextFileNamesByExtension("solution", ".sln", ".slnx"));
            dlls = new Lazy<string[]>(() => SelectBinaryFileNamesByExtension("DLL", ".dll"));
            nugetConfigs = new Lazy<string[]>(() => SelectTextFileNamesByName("nuget.config"));
            globalJsons = new Lazy<string[]>(() => SelectTextFileNamesByName("global.json"));
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/SolutionFile.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/SolutionFile.cs
@@ -6,7 +6,7 @@ using Microsoft.Build.Construction;
 namespace Semmle.Extraction.CSharp.DependencyFetching
 {
    /// <summary>
-    /// Access data in a .sln file.
+    /// Access data in a .sln or .slnx file.
    /// </summary>
    internal class SolutionFile
    {
@@ -17,7 +17,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
        /// <summary>
        /// Read the file.
        /// </summary>
-        /// <param name="filename">The filename of the .sln.</param>
+        /// <param name="filename">The filename of the .sln or .slnx.</param>
        public SolutionFile(string filename)
        {
            // SolutionFile.Parse() expects a rooted path.
@@ -26,7 +26,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
        }

        /// <summary>
-        /// Projects directly included in the .sln file.
+        /// Projects directly included in the .sln or .slnx file.
        /// </summary>
        public IEnumerable<string> MsBuildProjects
        {
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/paket.references
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/paket.references
@@ -1,2 +1,3 @@
+Microsoft.VisualStudio.SolutionPersistence
 Newtonsoft.Json
 NuGet.Versioning
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyStubGenerator/Semmle.Extraction.CSharp.DependencyStubGenerator.csproj
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyStubGenerator/Semmle.Extraction.CSharp.DependencyStubGenerator.csproj
@@ -2,7 +2,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <OutputType>Exe</OutputType>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
    <AssemblyName>Semmle.Extraction.CSharp.DependencyStubGenerator</AssemblyName>
    <RootNamespace>Semmle.Extraction.CSharp.DependencyStubGenerator</RootNamespace>
    <ImplicitUsings>enable</ImplicitUsings>
@@ -14,4 +14,4 @@
    <ProjectReference Include="..\Semmle.Extraction.CSharp.StubGenerator\Semmle.Extraction.CSharp.StubGenerator.csproj" />
  </ItemGroup>
  <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>
--- a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/paket.references
+++ b/csharp/extractor/Semmle.Extraction.CSharp.Standalone/paket.references
@@ -1,5 +1 @@
 Microsoft.Build
-Microsoft.Win32.Primitives
-System.Net.Primitives
-System.Security.Principal
-System.Threading.ThreadPool
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs
@@ -74,6 +74,7 @@ namespace Semmle.Extraction.CSharp.Entities
                {
                    case SyntaxKind.BaseConstructorInitializer:
                        initializerType = Symbol.ContainingType.BaseType!;
+                        ExtractObjectInitCall(trapFile);
                        break;
                    case SyntaxKind.ThisConstructorInitializer:
                        initializerType = Symbol.ContainingType;
@@ -90,10 +91,12 @@ namespace Semmle.Extraction.CSharp.Entities
                var primaryInfo = Context.GetSymbolInfo(primaryInitializer);
                var primarySymbol = primaryInfo.Symbol;

+                ExtractObjectInitCall(trapFile);
                ExtractSourceInitializer(trapFile, primarySymbol?.ContainingType, (IMethodSymbol?)primarySymbol, primaryInitializer.ArgumentList, primaryInitializer.GetLocation());
            }
            else if (Symbol.MethodKind is MethodKind.Constructor)
            {
+                ExtractObjectInitCall(trapFile);
                var baseType = Symbol.ContainingType.BaseType;
                if (baseType is null)
                {
@@ -127,6 +130,27 @@ namespace Semmle.Extraction.CSharp.Entities
            }
        }

+        private void ExtractObjectInitCall(TextWriter trapFile)
+        {
+            var target = ObjectInitMethod.Create(Context, ContainingType!);
+
+            var type = Context.Compilation.GetSpecialType(SpecialType.System_Void);
+
+            var info = new ExpressionInfo(Context,
+                AnnotatedTypeSymbol.CreateNotAnnotated(type),
+                Location,
+                Kinds.ExprKind.METHOD_INVOCATION,
+                this,
+                -2,
+                isCompilerGenerated: true,
+                null);
+            var obinitCall = new Expression(info);
+
+            trapFile.expr_call(obinitCall, target);
+
+            Expressions.This.CreateImplicit(Context, Symbol.ContainingType, Location, obinitCall, -1);
+        }
+
        private void ExtractSourceInitializer(TextWriter trapFile, ITypeSymbol? type, IMethodSymbol? symbol, ArgumentListSyntax arguments, Microsoft.CodeAnalysis.Location location)
        {
            var initInfo = new ExpressionInfo(Context,
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/IMethodEntity.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/IMethodEntity.cs
@@ -0,0 +1,9 @@
+namespace Semmle.Extraction.CSharp.Entities
+{
+    /// <summary>
+    /// Marker interface for method entities.
+    /// </summary>
+    public interface IMethodEntity : IEntity
+    {
+    }
+}
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs
@@ -9,7 +9,7 @@ using Semmle.Extraction.CSharp.Populators;

 namespace Semmle.Extraction.CSharp.Entities
 {
-    internal abstract class Method : CachedSymbol<IMethodSymbol>, IExpressionParentEntity, IStatementParentEntity
+    internal abstract class Method : CachedSymbol<IMethodSymbol>, IExpressionParentEntity, IStatementParentEntity, IMethodEntity
    {
        protected Method(Context cx, IMethodSymbol init)
            : base(cx, init) { }
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/ObjectInitMethod.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/ObjectInitMethod.cs
@@ -0,0 +1,56 @@
+using System.IO;
+using Microsoft.CodeAnalysis;
+
+namespace Semmle.Extraction.CSharp.Entities
+{
+    internal sealed class ObjectInitMethod : CachedEntity, IMethodEntity
+    {
+        private Type ContainingType { get; }
+
+        private ObjectInitMethod(Context cx, Type containingType)
+            : base(cx)
+        {
+            this.ContainingType = containingType;
+        }
+
+        private static readonly string Name = "<object initializer>";
+
+        public static ObjectInitMethod Create(Context cx, Type containingType)
+        {
+            return ObjectInitMethodFactory.Instance.CreateEntity(cx, (typeof(ObjectInitMethod), containingType), containingType);
+        }
+
+        public override void Populate(TextWriter trapFile)
+        {
+            var returnType = Type.Create(Context, Context.Compilation.GetSpecialType(SpecialType.System_Void));
+
+            trapFile.methods(this, Name, ContainingType, returnType.TypeRef, this);
+
+            trapFile.compiler_generated(this);
+
+            trapFile.method_location(this, Context.CreateLocation(ReportingLocation));
+        }
+
+        public override void WriteId(EscapingTextWriter trapFile)
+        {
+            trapFile.WriteSubId(ContainingType);
+            trapFile.Write(".");
+            trapFile.Write(Name);
+            trapFile.Write(";method");
+        }
+
+        public override Microsoft.CodeAnalysis.Location? ReportingLocation => ContainingType.ReportingLocation;
+
+        public override bool NeedsPopulation => true;
+
+        public override TrapStackBehaviour TrapStackBehaviour => TrapStackBehaviour.NoLabel;
+
+        private class ObjectInitMethodFactory : CachedEntityFactory<Type, ObjectInitMethod>
+        {
+            public static ObjectInitMethodFactory Instance { get; } = new ObjectInitMethodFactory();
+
+            public override ObjectInitMethod Create(Context cx, Type containingType) =>
+                new ObjectInitMethod(cx, containingType);
+        }
+    }
+}
--- a/csharp/extractor/Semmle.Extraction.CSharp/Trap/Tuples.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Trap/Tuples.cs
@@ -175,7 +175,7 @@ namespace Semmle.Extraction.CSharp
        internal static void expr_argument_name(this TextWriter trapFile, Expression expr, string name) =>
            trapFile.WriteTuple("expr_argument_name", expr, name);

-        internal static void expr_call(this TextWriter trapFile, Expression expr, Method target) =>
+        internal static void expr_call(this TextWriter trapFile, Expression expr, IMethodEntity target) =>
            trapFile.WriteTuple("expr_call", expr, target);

        internal static void expr_flowstate(this TextWriter trapFile, Expression expr, int flowState) =>
@@ -247,10 +247,10 @@ namespace Semmle.Extraction.CSharp
        internal static void localvars(this TextWriter trapFile, LocalVariable key, VariableKind kind, string name, int @var, Type type, Expression expr) =>
            trapFile.WriteTuple("localvars", key, (int)kind, name, @var, type, expr);

-        internal static void method_location(this TextWriter trapFile, Method method, Location location) =>
+        internal static void method_location(this TextWriter trapFile, IMethodEntity method, Location location) =>
            trapFile.WriteTuple("method_location", method, location);

-        internal static void methods(this TextWriter trapFile, Method method, string name, Type declType, Type retType, Method originalDefinition) =>
+        internal static void methods(this TextWriter trapFile, IMethodEntity method, string name, Type declType, Type retType, IMethodEntity originalDefinition) =>
            trapFile.WriteTuple("methods", method, name, declType, retType, originalDefinition);

        internal static void modifiers(this TextWriter trapFile, Label entity, string modifier) =>
--- a/csharp/extractor/Semmle.Extraction.Tests/BUILD.bazel
+++ b/csharp/extractor/Semmle.Extraction.Tests/BUILD.bazel
@@ -16,6 +16,5 @@ codeql_xunit_test(
        "//csharp/extractor/Semmle.Extraction.CSharp.StubGenerator",
        "//csharp/extractor/Semmle.Util",
        "@paket.main//microsoft.net.test.sdk",
-        "@paket.main//system.io.filesystem",
    ],
 )
--- a/csharp/extractor/Semmle.Extraction.Tests/paket.references
+++ b/csharp/extractor/Semmle.Extraction.Tests/paket.references
@@ -1,4 +1,3 @@
-System.IO.FileSystem
 xunit
 xunit.runner.visualstudio
 Microsoft.NET.Test.Sdk
--- a/csharp/extractor/Semmle.Util/Language.cs
+++ b/csharp/extractor/Semmle.Util/Language.cs
@@ -2,21 +2,27 @@
 {
    public sealed class Language
    {
-        public static Language Cpp { get; } = new Language(".vcxproj", "CPP");
-        public static Language CSharp { get; } = new Language(".csproj", "CSHARP");
+        public static Language Cpp { get; } = new Language("CPP", ".vcxproj");
+        public static Language CSharp { get; } = new Language("CSHARP", ".csproj", ".slnx");

        public bool ProjectFileHasThisLanguage(string path) =>
            System.IO.Path.GetExtension(path) == ProjectExtension;

        public string ProjectExtension { get; }
+        public string? SolutionExtension { get; }
        public string UpperCaseName { get; }

-        private Language(string extension, string name)
+        private Language(string name, string projectExtension)
        {
-            ProjectExtension = extension;
+            ProjectExtension = projectExtension;
            UpperCaseName = name;
        }

+        private Language(string name, string projectExtension, string solutionExtension) : this(name, projectExtension)
+        {
+            SolutionExtension = solutionExtension;
+        }
+
        public override string ToString() =>
            ProjectExtension == Cpp.ProjectExtension ? "C/C++" : "C#";
    }
--- a/csharp/paket.dependencies
+++ b/csharp/paket.dependencies
@@ -1,10 +1,10 @@
-framework: net9.0
+framework: net10.0
 storage: none
 source https://api.nuget.org/v3/index.json
 # behave like nuget in choosing transitive dependency versions
 strategy: max

-nuget Basic.CompilerLog.Util 0.9.21
+nuget Basic.CompilerLog.Util 0.9.25
 nuget Mono.Posix.NETStandard
 nuget Newtonsoft.Json
 nuget NuGet.Versioning
@@ -12,11 +12,7 @@ nuget xunit
 nuget xunit.runner.visualstudio
 nuget xunit.runner.utility
 nuget Microsoft.NET.Test.Sdk
-nuget Microsoft.CodeAnalysis.CSharp 4.14.0
-nuget Microsoft.CodeAnalysis 4.14.0
-nuget Microsoft.Build 17.14.28
-nuget Microsoft.Win32.Primitives
-nuget System.Net.Primitives
-nuget System.Security.Principal
-nuget System.Threading.ThreadPool
-nuget System.IO.FileSystem
+nuget Microsoft.CodeAnalysis.CSharp 5.0.0
+nuget Microsoft.CodeAnalysis 5.0.0
+nuget Microsoft.Build 18.0.2
+nuget Microsoft.VisualStudio.SolutionPersistence
--- a/csharp/paket.lock
+++ b/csharp/paket.lock
@@ -1,9 +1,9 @@
 STORAGE: NONE
 STRATEGY: MAX
-RESTRICTION: == net9.0
+RESTRICTION: == net10.0
 NUGET
  remote: https://api.nuget.org/v3/index.json
-    Basic.CompilerLog.Util (0.9.21)
+    Basic.CompilerLog.Util (0.9.25)
      MessagePack (>= 3.1.4)
      Microsoft.Bcl.Memory (>= 9.0.10)
      Microsoft.CodeAnalysis (>= 4.8)
@@ -12,198 +12,133 @@ NUGET
      Microsoft.Extensions.ObjectPool (>= 9.0.10)
      MSBuild.StructuredLogger (>= 2.3.71)
      NaturalSort.Extension (>= 4.4)
-    Humanizer.Core (2.14.1)
+      NuGet.Versioning (>= 6.14)
+    Humanizer.Core (3.0.1)
    MessagePack (3.1.4)
      MessagePack.Annotations (>= 3.1.4)
      MessagePackAnalyzer (>= 3.1.4)
      Microsoft.NET.StringTools (>= 17.11.4)
    MessagePack.Annotations (3.1.4)
    MessagePackAnalyzer (3.1.4)
-    Microsoft.Bcl.AsyncInterfaces (9.0.10)
-    Microsoft.Bcl.Memory (9.0.10)
-    Microsoft.Build (17.14.28)
-      Microsoft.Build.Framework (>= 17.14.28)
-      Microsoft.NET.StringTools (>= 17.14.28)
+    Microsoft.Bcl.AsyncInterfaces (10.0.1)
+    Microsoft.Bcl.Memory (10.0.1)
+    Microsoft.Build (18.0.2)
+      Microsoft.Build.Framework (>= 18.0.2)
+      Microsoft.NET.StringTools (>= 18.0.2)
      System.Configuration.ConfigurationManager (>= 9.0)
      System.Diagnostics.EventLog (>= 9.0)
      System.Reflection.MetadataLoadContext (>= 9.0)
-      System.Security.Cryptography.ProtectedData (>= 9.0)
-    Microsoft.Build.Framework (17.14.28)
-    Microsoft.Build.Utilities.Core (17.14.28)
-      Microsoft.Build.Framework (>= 17.14.28)
-      Microsoft.NET.StringTools (>= 17.14.28)
-      System.Collections.Immutable (>= 9.0)
+      System.Security.Cryptography.ProtectedData (>= 9.0.6)
+    Microsoft.Build.Framework (18.0.2)
+    Microsoft.Build.Utilities.Core (18.0.2)
+      Microsoft.Build.Framework (>= 18.0.2)
+      Microsoft.NET.StringTools (>= 18.0.2)
      System.Configuration.ConfigurationManager (>= 9.0)
      System.Diagnostics.EventLog (>= 9.0)
-      System.Security.Cryptography.ProtectedData (>= 9.0)
-    Microsoft.CodeAnalysis (4.14)
+      System.Security.Cryptography.ProtectedData (>= 9.0.6)
+    Microsoft.CodeAnalysis (5.0)
      Humanizer.Core (>= 2.14.1)
      Microsoft.Bcl.AsyncInterfaces (>= 9.0)
      Microsoft.CodeAnalysis.Analyzers (>= 3.11)
-      Microsoft.CodeAnalysis.CSharp.Workspaces (4.14)
-      Microsoft.CodeAnalysis.VisualBasic.Workspaces (4.14)
-      System.Buffers (>= 4.5.1)
+      Microsoft.CodeAnalysis.CSharp.Workspaces (5.0)
+      Microsoft.CodeAnalysis.VisualBasic.Workspaces (5.0)
+      System.Buffers (>= 4.6)
      System.Collections.Immutable (>= 9.0)
      System.Composition (>= 9.0)
      System.IO.Pipelines (>= 9.0)
-      System.Memory (>= 4.5.5)
-      System.Numerics.Vectors (>= 4.5)
+      System.Memory (>= 4.6)
+      System.Numerics.Vectors (>= 4.6)
      System.Reflection.Metadata (>= 9.0)
-      System.Runtime.CompilerServices.Unsafe (>= 6.0)
-      System.Text.Encoding.CodePages (>= 7.0)
-      System.Threading.Channels (>= 7.0)
-      System.Threading.Tasks.Extensions (>= 4.5.4)
+      System.Runtime.CompilerServices.Unsafe (>= 6.1)
+      System.Text.Encoding.CodePages (>= 8.0)
+      System.Threading.Channels (>= 8.0)
+      System.Threading.Tasks.Extensions (>= 4.6)
    Microsoft.CodeAnalysis.Analyzers (3.11)
-    Microsoft.CodeAnalysis.Common (4.14)
+    Microsoft.CodeAnalysis.Common (5.0)
      Microsoft.CodeAnalysis.Analyzers (>= 3.11)
-      System.Collections.Immutable (>= 9.0)
-      System.Reflection.Metadata (>= 9.0)
-    Microsoft.CodeAnalysis.CSharp (4.14)
+    Microsoft.CodeAnalysis.CSharp (5.0)
      Microsoft.CodeAnalysis.Analyzers (>= 3.11)
-      Microsoft.CodeAnalysis.Common (4.14)
-      System.Collections.Immutable (>= 9.0)
-      System.Reflection.Metadata (>= 9.0)
-    Microsoft.CodeAnalysis.CSharp.Workspaces (4.14)
+      Microsoft.CodeAnalysis.Common (5.0)
+    Microsoft.CodeAnalysis.CSharp.Workspaces (5.0)
      Humanizer.Core (>= 2.14.1)
      Microsoft.CodeAnalysis.Analyzers (>= 3.11)
-      Microsoft.CodeAnalysis.Common (4.14)
-      Microsoft.CodeAnalysis.CSharp (4.14)
-      Microsoft.CodeAnalysis.Workspaces.Common (4.14)
-      System.Collections.Immutable (>= 9.0)
+      Microsoft.CodeAnalysis.Common (5.0)
+      Microsoft.CodeAnalysis.CSharp (5.0)
+      Microsoft.CodeAnalysis.Workspaces.Common (5.0)
      System.Composition (>= 9.0)
-      System.IO.Pipelines (>= 9.0)
-      System.Reflection.Metadata (>= 9.0)
-      System.Threading.Channels (>= 7.0)
-    Microsoft.CodeAnalysis.VisualBasic (4.14)
+    Microsoft.CodeAnalysis.VisualBasic (5.0)
      Microsoft.CodeAnalysis.Analyzers (>= 3.11)
-      Microsoft.CodeAnalysis.Common (4.14)
-      System.Collections.Immutable (>= 9.0)
-      System.Reflection.Metadata (>= 9.0)
-    Microsoft.CodeAnalysis.VisualBasic.Workspaces (4.14)
+      Microsoft.CodeAnalysis.Common (5.0)
+    Microsoft.CodeAnalysis.VisualBasic.Workspaces (5.0)
      Humanizer.Core (>= 2.14.1)
      Microsoft.CodeAnalysis.Analyzers (>= 3.11)
-      Microsoft.CodeAnalysis.Common (4.14)
-      Microsoft.CodeAnalysis.VisualBasic (4.14)
-      Microsoft.CodeAnalysis.Workspaces.Common (4.14)
-      System.Collections.Immutable (>= 9.0)
+      Microsoft.CodeAnalysis.Common (5.0)
+      Microsoft.CodeAnalysis.VisualBasic (5.0)
+      Microsoft.CodeAnalysis.Workspaces.Common (5.0)
      System.Composition (>= 9.0)
-      System.IO.Pipelines (>= 9.0)
-      System.Reflection.Metadata (>= 9.0)
-      System.Threading.Channels (>= 7.0)
-    Microsoft.CodeAnalysis.Workspaces.Common (4.14)
+    Microsoft.CodeAnalysis.Workspaces.Common (5.0)
      Humanizer.Core (>= 2.14.1)
      Microsoft.CodeAnalysis.Analyzers (>= 3.11)
-      Microsoft.CodeAnalysis.Common (4.14)
-      System.Collections.Immutable (>= 9.0)
+      Microsoft.CodeAnalysis.Common (5.0)
      System.Composition (>= 9.0)
-      System.IO.Pipelines (>= 9.0)
-      System.Reflection.Metadata (>= 9.0)
-      System.Threading.Channels (>= 7.0)
-    Microsoft.CodeCoverage (18.0)
-    Microsoft.Extensions.ObjectPool (9.0.10)
-    Microsoft.NET.StringTools (17.14.28)
-    Microsoft.NET.Test.Sdk (18.0)
-      Microsoft.CodeCoverage (>= 18.0)
-      Microsoft.TestPlatform.TestHost (>= 18.0)
-    Microsoft.NETCore.Platforms (7.0.4)
-    Microsoft.NETCore.Targets (5.0)
-    Microsoft.TestPlatform.ObjectModel (18.0)
+    Microsoft.CodeCoverage (18.0.1)
+    Microsoft.Extensions.ObjectPool (10.0.1)
+    Microsoft.NET.StringTools (18.0.2)
+    Microsoft.NET.Test.Sdk (18.0.1)
+      Microsoft.CodeCoverage (>= 18.0.1)
+      Microsoft.TestPlatform.TestHost (>= 18.0.1)
+    Microsoft.TestPlatform.ObjectModel (18.0.1)
      System.Reflection.Metadata (>= 8.0)
-    Microsoft.TestPlatform.TestHost (18.0)
-      Microsoft.TestPlatform.ObjectModel (>= 18.0)
+    Microsoft.TestPlatform.TestHost (18.0.1)
+      Microsoft.TestPlatform.ObjectModel (>= 18.0.1)
      Newtonsoft.Json (>= 13.0.3)
-    Microsoft.Win32.Primitives (4.3)
-      Microsoft.NETCore.Platforms (>= 1.1)
-      Microsoft.NETCore.Targets (>= 1.1)
-      System.Runtime (>= 4.3)
+    Microsoft.VisualStudio.SolutionPersistence (1.0.52)
    Mono.Posix.NETStandard (1.0)
-    MSBuild.StructuredLogger (2.3.71)
+    MSBuild.StructuredLogger (2.3.113)
      Microsoft.Build.Framework (>= 17.5)
      Microsoft.Build.Utilities.Core (>= 17.5)
      System.Collections.Immutable (>= 8.0)
-    NaturalSort.Extension (4.4)
+    NaturalSort.Extension (4.4.1)
    Newtonsoft.Json (13.0.4)
    NuGet.Versioning (7.0.1)
    System.Buffers (4.6.1)
-    System.Collections.Immutable (9.0.10)
-    System.Composition (9.0.10)
-      System.Composition.AttributedModel (>= 9.0.10)
-      System.Composition.Convention (>= 9.0.10)
-      System.Composition.Hosting (>= 9.0.10)
-      System.Composition.Runtime (>= 9.0.10)
-      System.Composition.TypedParts (>= 9.0.10)
-    System.Composition.AttributedModel (9.0.10)
-    System.Composition.Convention (9.0.10)
-      System.Composition.AttributedModel (>= 9.0.10)
-    System.Composition.Hosting (9.0.10)
-      System.Composition.Runtime (>= 9.0.10)
-    System.Composition.Runtime (9.0.10)
-    System.Composition.TypedParts (9.0.10)
-      System.Composition.AttributedModel (>= 9.0.10)
-      System.Composition.Hosting (>= 9.0.10)
-      System.Composition.Runtime (>= 9.0.10)
-    System.Configuration.ConfigurationManager (9.0.10)
-      System.Diagnostics.EventLog (>= 9.0.10)
-      System.Security.Cryptography.ProtectedData (>= 9.0.10)
-    System.Diagnostics.EventLog (9.0.10)
-    System.IO (4.3)
-      Microsoft.NETCore.Platforms (>= 1.1)
-      Microsoft.NETCore.Targets (>= 1.1)
-      System.Runtime (>= 4.3)
-      System.Text.Encoding (>= 4.3)
-      System.Threading.Tasks (>= 4.3)
-    System.IO.FileSystem (4.3)
-      Microsoft.NETCore.Platforms (>= 1.1)
-      Microsoft.NETCore.Targets (>= 1.1)
-      System.IO (>= 4.3)
-      System.IO.FileSystem.Primitives (>= 4.3)
-      System.Runtime (>= 4.3)
-      System.Runtime.Handles (>= 4.3)
-      System.Text.Encoding (>= 4.3)
-      System.Threading.Tasks (>= 4.3)
-    System.IO.FileSystem.Primitives (4.3)
-      System.Runtime (>= 4.3)
-    System.IO.Pipelines (9.0.10)
+    System.Collections.Immutable (10.0.1)
+    System.Composition (10.0.1)
+      System.Composition.AttributedModel (>= 10.0.1)
+      System.Composition.Convention (>= 10.0.1)
+      System.Composition.Hosting (>= 10.0.1)
+      System.Composition.Runtime (>= 10.0.1)
+      System.Composition.TypedParts (>= 10.0.1)
+    System.Composition.AttributedModel (10.0.1)
+    System.Composition.Convention (10.0.1)
+      System.Composition.AttributedModel (>= 10.0.1)
+    System.Composition.Hosting (10.0.1)
+      System.Composition.Runtime (>= 10.0.1)
+    System.Composition.Runtime (10.0.1)
+    System.Composition.TypedParts (10.0.1)
+      System.Composition.AttributedModel (>= 10.0.1)
+      System.Composition.Hosting (>= 10.0.1)
+      System.Composition.Runtime (>= 10.0.1)
+    System.Configuration.ConfigurationManager (10.0.1)
+      System.Diagnostics.EventLog (>= 10.0.1)
+      System.Security.Cryptography.ProtectedData (>= 10.0.1)
+    System.Diagnostics.EventLog (10.0.1)
+    System.IO.Pipelines (10.0.1)
    System.Memory (4.6.3)
-    System.Net.Primitives (4.3.1)
-      Microsoft.NETCore.Platforms (>= 1.1.1)
-      Microsoft.NETCore.Targets (>= 1.1.3)
-      System.Runtime (>= 4.3.1)
-      System.Runtime.Handles (>= 4.3)
    System.Numerics.Vectors (4.6.1)
-    System.Reflection.Metadata (9.0.10)
-    System.Reflection.MetadataLoadContext (9.0.10)
-    System.Runtime (4.3.1)
-      Microsoft.NETCore.Platforms (>= 1.1.1)
-      Microsoft.NETCore.Targets (>= 1.1.3)
+    System.Reflection.Metadata (10.0.1)
+    System.Reflection.MetadataLoadContext (10.0.1)
    System.Runtime.CompilerServices.Unsafe (6.1.2)
-    System.Runtime.Handles (4.3)
-      Microsoft.NETCore.Platforms (>= 1.1)
-      Microsoft.NETCore.Targets (>= 1.1)
-      System.Runtime (>= 4.3)
-    System.Security.Cryptography.ProtectedData (9.0.10)
-    System.Security.Principal (4.3)
-      System.Runtime (>= 4.3)
-    System.Text.Encoding (4.3)
-      Microsoft.NETCore.Platforms (>= 1.1)
-      Microsoft.NETCore.Targets (>= 1.1)
-      System.Runtime (>= 4.3)
-    System.Text.Encoding.CodePages (9.0.10)
-    System.Threading.Channels (9.0.10)
-    System.Threading.Tasks (4.3)
-      Microsoft.NETCore.Platforms (>= 1.1)
-      Microsoft.NETCore.Targets (>= 1.1)
-      System.Runtime (>= 4.3)
+    System.Security.Cryptography.ProtectedData (10.0.1)
+    System.Text.Encoding.CodePages (10.0.1)
+    System.Threading.Channels (10.0.1)
    System.Threading.Tasks.Extensions (4.6.3)
-    System.Threading.ThreadPool (4.3)
-      System.Runtime (>= 4.3)
-      System.Runtime.Handles (>= 4.3)
    xunit (2.9.3)
      xunit.analyzers (>= 1.18)
      xunit.assert (>= 2.9.3)
      xunit.core (2.9.3)
    xunit.abstractions (2.0.3)
-    xunit.analyzers (1.24)
+    xunit.analyzers (1.26)
    xunit.assert (2.9.3)
    xunit.core (2.9.3)
      xunit.extensibility.core (2.9.3)
--- a/csharp/paket.main.bzl
+++ b/csharp/paket.main.bzl
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.55
+
+No user-facing changes.
+
 ## 1.7.54

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.55.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.55.md
@@ -0,0 +1,3 @@
+## 1.7.55
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.54
+lastReleaseVersion: 1.7.55
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.55-dev
+version: 1.7.56-dev
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.55
+
+No user-facing changes.
+
 ## 1.7.54

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.55.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.55.md
@@ -0,0 +1,3 @@
+## 1.7.55
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.54
+lastReleaseVersion: 1.7.55
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.55-dev
+version: 1.7.56-dev
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/integration-tests/all-platforms/autobuild/global.json
+++ b/csharp/ql/integration-tests/all-platforms/autobuild/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.304"
+        "version": "10.0.100"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/autobuild_slnx/Files.expected
+++ b/csharp/ql/integration-tests/all-platforms/autobuild_slnx/Files.expected
@@ -0,0 +1,4 @@
+| proj1/Program.cs:0:0:0:0 | proj1/Program.cs |
+| proj1/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | proj1/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
+| proj1/obj/Debug/net10.0/proj1.AssemblyInfo.cs:0:0:0:0 | proj1/obj/Debug/net10.0/proj1.AssemblyInfo.cs |
+| proj1/obj/Debug/net10.0/proj1.GlobalUsings.g.cs:0:0:0:0 | proj1/obj/Debug/net10.0/proj1.GlobalUsings.g.cs |
--- a/csharp/ql/integration-tests/all-platforms/autobuild_slnx/Files.ql
+++ b/csharp/ql/integration-tests/all-platforms/autobuild_slnx/Files.ql
@@ -0,0 +1,5 @@
+import csharp
+
+from File f
+where f.fromSource()
+select f
--- a/csharp/ql/integration-tests/all-platforms/autobuild_slnx/autobuild_slnx.slnx
+++ b/csharp/ql/integration-tests/all-platforms/autobuild_slnx/autobuild_slnx.slnx
@@ -0,0 +1,5 @@
+<Solution>
+  <!-- proj2/proj2.csproj is deliberately excluded from this solution
+       to test that only proj1 is built from the .slnx file. -->
+  <Project Path="proj1/proj1.csproj" />
+</Solution>
--- a/csharp/ql/integration-tests/all-platforms/autobuild_slnx/global.json
+++ b/csharp/ql/integration-tests/all-platforms/autobuild_slnx/global.json
@@ -0,0 +1,5 @@
+{
+    "sdk": {
+        "version": "10.0.100"
+    }
+}
--- a/csharp/ql/integration-tests/all-platforms/autobuild_slnx/proj1/Program.cs
+++ b/csharp/ql/integration-tests/all-platforms/autobuild_slnx/proj1/Program.cs
@@ -0,0 +1,2 @@
+// See https://aka.ms/new-console-template for more information
+Console.WriteLine("Hello, World!");
--- a/csharp/ql/integration-tests/all-platforms/autobuild_slnx/proj1/proj1.csproj
+++ b/csharp/ql/integration-tests/all-platforms/autobuild_slnx/proj1/proj1.csproj
@@ -0,0 +1,10 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+</Project>
--- a/csharp/ql/integration-tests/all-platforms/autobuild_slnx/proj2/Program.cs
+++ b/csharp/ql/integration-tests/all-platforms/autobuild_slnx/proj2/Program.cs
@@ -0,0 +1,2 @@
+// See https://aka.ms/new-console-template for more information
+Console.WriteLine("Hello, World!");
--- a/csharp/ql/integration-tests/all-platforms/autobuild_slnx/proj2/proj2.csproj
+++ b/csharp/ql/integration-tests/all-platforms/autobuild_slnx/proj2/proj2.csproj
@@ -0,0 +1,10 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+</Project>
--- a/csharp/ql/integration-tests/all-platforms/autobuild_slnx/test.py
+++ b/csharp/ql/integration-tests/all-platforms/autobuild_slnx/test.py
@@ -0,0 +1,3 @@
+def test(codeql, csharp):
+    # Only proj1 is included in the solution, so only it should be built (and extracted).
+    codeql.database.create()
--- a/csharp/ql/integration-tests/all-platforms/binlog/Files.expected
+++ b/csharp/ql/integration-tests/all-platforms/binlog/Files.expected
@@ -1,10 +1,10 @@
 | a/A.cs:0:0:0:0 | a/A.cs |
-| a/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | a/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
-| a/obj/Debug/net9.0/test.AssemblyInfo.cs:0:0:0:0 | a/obj/Debug/net9.0/test.AssemblyInfo.cs |
-| a/obj/Debug/net9.0/test.GlobalUsings.g.cs:0:0:0:0 | a/obj/Debug/net9.0/test.GlobalUsings.g.cs |
+| a/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | a/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
+| a/obj/Debug/net10.0/test.AssemblyInfo.cs:0:0:0:0 | a/obj/Debug/net10.0/test.AssemblyInfo.cs |
+| a/obj/Debug/net10.0/test.GlobalUsings.g.cs:0:0:0:0 | a/obj/Debug/net10.0/test.GlobalUsings.g.cs |
 | b/B.cs:0:0:0:0 | b/B.cs |
-| b/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | b/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
-| b/obj/Debug/net9.0/test.AssemblyInfo.cs:0:0:0:0 | b/obj/Debug/net9.0/test.AssemblyInfo.cs |
-| b/obj/Debug/net9.0/test.GlobalUsings.g.cs:0:0:0:0 | b/obj/Debug/net9.0/test.GlobalUsings.g.cs |
-| generated/a/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/a/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
-| generated/b/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/b/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
+| b/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | b/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
+| b/obj/Debug/net10.0/test.AssemblyInfo.cs:0:0:0:0 | b/obj/Debug/net10.0/test.AssemblyInfo.cs |
+| b/obj/Debug/net10.0/test.GlobalUsings.g.cs:0:0:0:0 | b/obj/Debug/net10.0/test.GlobalUsings.g.cs |
+| generated/a/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/a/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
+| generated/b/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/b/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
--- a/csharp/ql/integration-tests/all-platforms/binlog/a/test.csproj
+++ b/csharp/ql/integration-tests/all-platforms/binlog/a/test.csproj
@@ -2,7 +2,7 @@

  <PropertyGroup>
    <OutputType>Exe</OutputType>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
  </PropertyGroup>
--- a/csharp/ql/integration-tests/all-platforms/binlog/b/test.csproj
+++ b/csharp/ql/integration-tests/all-platforms/binlog/b/test.csproj
@@ -2,7 +2,7 @@

  <PropertyGroup>
    <OutputType>Exe</OutputType>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
  </PropertyGroup>
--- a/csharp/ql/integration-tests/all-platforms/binlog/global.json
+++ b/csharp/ql/integration-tests/all-platforms/binlog/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.304"
+        "version": "10.0.100"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/binlog_multiple/Files.expected
+++ b/csharp/ql/integration-tests/all-platforms/binlog_multiple/Files.expected
@@ -1,10 +1,10 @@
 | a/A.cs:0:0:0:0 | a/A.cs |
-| a/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | a/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
-| a/obj/Debug/net9.0/test.AssemblyInfo.cs:0:0:0:0 | a/obj/Debug/net9.0/test.AssemblyInfo.cs |
-| a/obj/Debug/net9.0/test.GlobalUsings.g.cs:0:0:0:0 | a/obj/Debug/net9.0/test.GlobalUsings.g.cs |
+| a/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | a/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
+| a/obj/Debug/net10.0/test.AssemblyInfo.cs:0:0:0:0 | a/obj/Debug/net10.0/test.AssemblyInfo.cs |
+| a/obj/Debug/net10.0/test.GlobalUsings.g.cs:0:0:0:0 | a/obj/Debug/net10.0/test.GlobalUsings.g.cs |
 | b/B.cs:0:0:0:0 | b/B.cs |
-| b/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | b/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
-| b/obj/Debug/net9.0/test.AssemblyInfo.cs:0:0:0:0 | b/obj/Debug/net9.0/test.AssemblyInfo.cs |
-| b/obj/Debug/net9.0/test.GlobalUsings.g.cs:0:0:0:0 | b/obj/Debug/net9.0/test.GlobalUsings.g.cs |
-| generated/a/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/a/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
-| generated/b/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/b/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
+| b/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | b/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
+| b/obj/Debug/net10.0/test.AssemblyInfo.cs:0:0:0:0 | b/obj/Debug/net10.0/test.AssemblyInfo.cs |
+| b/obj/Debug/net10.0/test.GlobalUsings.g.cs:0:0:0:0 | b/obj/Debug/net10.0/test.GlobalUsings.g.cs |
+| generated/a/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/a/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
+| generated/b/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/b/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
--- a/csharp/ql/integration-tests/all-platforms/binlog_multiple/a/test.csproj
+++ b/csharp/ql/integration-tests/all-platforms/binlog_multiple/a/test.csproj
@@ -2,7 +2,7 @@

  <PropertyGroup>
    <OutputType>Exe</OutputType>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
  </PropertyGroup>
--- a/csharp/ql/integration-tests/all-platforms/binlog_multiple/b/test.csproj
+++ b/csharp/ql/integration-tests/all-platforms/binlog_multiple/b/test.csproj
@@ -2,7 +2,7 @@

  <PropertyGroup>
    <OutputType>Exe</OutputType>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
  </PropertyGroup>
--- a/csharp/ql/integration-tests/all-platforms/binlog_multiple/global.json
+++ b/csharp/ql/integration-tests/all-platforms/binlog_multiple/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.304"
+        "version": "10.0.100"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/BlazorTest.csproj
+++ b/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/BlazorTest.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">

  <PropertyGroup>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
    <Nullable>enable</Nullable>
    <ImplicitUsings>enable</ImplicitUsings>
  </PropertyGroup>
--- a/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/global.json
+++ b/csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.304"
+        "version": "10.0.100"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/blazor/Files.expected
+++ b/csharp/ql/integration-tests/all-platforms/blazor/Files.expected
@@ -8,15 +8,18 @@
 | BlazorTest/Components/Routes.razor:0:0:0:0 | BlazorTest/Components/Routes.razor |
 | BlazorTest/Components/_Imports.razor:0:0:0:0 | BlazorTest/Components/_Imports.razor |
 | BlazorTest/Program.cs:0:0:0:0 | BlazorTest/Program.cs |
-| BlazorTest/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
-| BlazorTest/obj/Debug/net9.0/BlazorTest.AssemblyInfo.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/BlazorTest.AssemblyInfo.cs |
-| BlazorTest/obj/Debug/net9.0/BlazorTest.GlobalUsings.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/BlazorTest.GlobalUsings.g.cs |
-| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_App_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_App_razor.g.cs |
-| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_MainLayout_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_MainLayout_razor.g.cs |
-| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_NavMenu_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_NavMenu_razor.g.cs |
-| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyInput_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyInput_razor.g.cs |
-| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyOutput_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyOutput_razor.g.cs |
-| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_Error_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_Error_razor.g.cs |
-| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs |
-| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Routes_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Routes_razor.g.cs |
-| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components__Imports_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components__Imports_razor.g.cs |
+| BlazorTest/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
+| BlazorTest/obj/Debug/net10.0/BlazorTest.AssemblyInfo.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/BlazorTest.AssemblyInfo.cs |
+| BlazorTest/obj/Debug/net10.0/BlazorTest.GlobalUsings.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/BlazorTest.GlobalUsings.g.cs |
+| BlazorTest/obj/Debug/net10.0/EmbeddedAttribute.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/EmbeddedAttribute.cs |
+| BlazorTest/obj/Debug/net10.0/ValidatableTypeAttribute.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/ValidatableTypeAttribute.cs |
+| BlazorTest/obj/Debug/net10.0/generated/Microsoft.AspNetCore.App.SourceGenerators/Microsoft.AspNetCore.SourceGenerators.PublicProgramSourceGenerator/PublicTopLevelProgram.Generated.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.AspNetCore.App.SourceGenerators/Microsoft.AspNetCore.SourceGenerators.PublicProgramSourceGenerator/PublicTopLevelProgram.Generated.g.cs |
+| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_App_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_App_razor.g.cs |
+| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_MainLayout_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_MainLayout_razor.g.cs |
+| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_NavMenu_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_NavMenu_razor.g.cs |
+| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyInput_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyInput_razor.g.cs |
+| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyOutput_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyOutput_razor.g.cs |
+| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_Error_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_Error_razor.g.cs |
+| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs |
+| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Routes_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Routes_razor.g.cs |
+| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components__Imports_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components__Imports_razor.g.cs |
--- a/csharp/ql/integration-tests/all-platforms/blazor/XSS.expected
+++ b/csharp/ql/integration-tests/all-platforms/blazor/XSS.expected
@@ -3,8 +3,8 @@
 | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value |
 | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value |
 edges
-| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | provenance | Src:MaD:2 MaD:3 |
-| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 |
+| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | provenance | Src:MaD:2 MaD:3 |
+| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 |
 models
 | 1 | Sink: Microsoft.AspNetCore.Components; MarkupString; false; MarkupString; (System.String); ; Argument[0]; html-injection; manual |
 | 2 | Source: Microsoft.AspNetCore.Components; SupplyParameterFromQueryAttribute; false; ; ; Attribute.Getter; ReturnValue; remote; manual |
@@ -14,5 +14,5 @@ nodes
 | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam |
 | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam |
 | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | semmle.label | access to property QueryParam : String |
-| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | semmle.label | call to method TypeCheck<String> : String |
+| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | semmle.label | call to method TypeCheck<String> : String |
 subpaths
--- a/csharp/ql/integration-tests/all-platforms/blazor/global.json
+++ b/csharp/ql/integration-tests/all-platforms/blazor/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.304"
+        "version": "10.0.100"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/BlazorTest.csproj
+++ b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/BlazorTest.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">

  <PropertyGroup>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
    <Nullable>enable</Nullable>
    <ImplicitUsings>enable</ImplicitUsings>
  </PropertyGroup>
--- a/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/global.json
+++ b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.304"
+        "version": "10.0.100"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/global.json
+++ b/csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.304"
+        "version": "10.0.100"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/conditional_compilation/global.json
+++ b/csharp/ql/integration-tests/all-platforms/conditional_compilation/global.json
@@ -1,5 +1,5 @@
 {
    "sdk": {
-        "version": "9.0.304"
+        "version": "10.0.100"
    }
 }
--- a/csharp/ql/integration-tests/all-platforms/conditional_compilation/test.csproj
+++ b/csharp/ql/integration-tests/all-platforms/conditional_compilation/test.csproj
@@ -2,7 +2,7 @@

  <PropertyGroup>
    <OutputType>Exe</OutputType>
-    <TargetFramework>net9.0</TargetFramework>
+    <TargetFramework>net10.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
  </PropertyGroup>
--- a/csharp/ql/integration-tests/all-platforms/cshtml/Files.expected
+++ b/csharp/ql/integration-tests/all-platforms/cshtml/Files.expected
@@ -1,7 +1,8 @@
 | Program.cs:0:0:0:0 | Program.cs |
 | Views/Home/Index.cshtml:0:0:0:0 | Views/Home/Index.cshtml |
-| obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
-| obj/Debug/net9.0/cshtml.AssemblyInfo.cs:0:0:0:0 | obj/Debug/net9.0/cshtml.AssemblyInfo.cs |
-| obj/Debug/net9.0/cshtml.GlobalUsings.g.cs:0:0:0:0 | obj/Debug/net9.0/cshtml.GlobalUsings.g.cs |
-| obj/Debug/net9.0/cshtml.RazorAssemblyInfo.cs:0:0:0:0 | obj/Debug/net9.0/cshtml.RazorAssemblyInfo.cs |
-| obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Views_Home_Index_cshtml.g.cs:0:0:0:0 | obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Views_Home_Index_cshtml.g.cs |
+| obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
+| obj/Debug/net10.0/cshtml.AssemblyInfo.cs:0:0:0:0 | obj/Debug/net10.0/cshtml.AssemblyInfo.cs |
+| obj/Debug/net10.0/cshtml.GlobalUsings.g.cs:0:0:0:0 | obj/Debug/net10.0/cshtml.GlobalUsings.g.cs |
+| obj/Debug/net10.0/cshtml.RazorAssemblyInfo.cs:0:0:0:0 | obj/Debug/net10.0/cshtml.RazorAssemblyInfo.cs |
+| obj/Debug/net10.0/generated/Microsoft.AspNetCore.App.SourceGenerators/Microsoft.AspNetCore.SourceGenerators.PublicProgramSourceGenerator/PublicTopLevelProgram.Generated.g.cs:0:0:0:0 | obj/Debug/net10.0/generated/Microsoft.AspNetCore.App.SourceGenerators/Microsoft.AspNetCore.SourceGenerators.PublicProgramSourceGenerator/PublicTopLevelProgram.Generated.g.cs |
+| obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Views_Home_Index_cshtml.g.cs:0:0:0:0 | obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Views_Home_Index_cshtml.g.cs |
--- a/Show More
+++ b/Show More