ModelEditor: More robust path resolution

Can handle both old and new style paths We now transform a (type,path) pair into a dotted path and compare with a computed dotted path Tests now pass
ModelEditor: add modelKind
2026-05-24 08:07:07 +02:00 · 2024-05-23 16:27:24 +02:00 · 2024-05-22 12:27:37 +02:00 · 2024-05-22 12:06:32 +02:00 · 2024-05-22 11:36:54 +02:00 · 2024-05-22 11:17:56 +02:00
232 changed files with 4958 additions and 4475 deletions
--- a/.bazelrc
+++ b/.bazelrc
@@ -11,8 +11,7 @@ common --override_module=semmle_code=%workspace%/misc/bazel/semmle_code_stub
 build --repo_env=CC=clang --repo_env=CXX=clang++

 build:linux --cxxopt=-std=c++20
-# we currently cannot built the swift extractor for ARM
-build:macos --cxxopt=-std=c++20 --copt=-arch --copt=x86_64 --linkopt=-arch --linkopt=x86_64
+build:macos --cxxopt=-std=c++20 --cpu=darwin_x86_64
 build:windows --cxxopt=/std:c++20 --cxxopt=/Zc:preprocessor

 # this requires developer mode, but is required to have pack installer functioning
--- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
+++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll
@@ -565,7 +565,7 @@ class IRGuardCondition extends Instruction {
  /** Holds if (determined by this guard) `op == k` evaluates to `areEqual` if this expression evaluates to `value`. */
  cached
  predicate comparesEq(Operand op, int k, boolean areEqual, AbstractValue value) {
-    unary_compares_eq(this, op, k, areEqual, false, value)
+    compares_eq(this, op, k, areEqual, value)
  }

  /**
@@ -586,7 +586,7 @@ class IRGuardCondition extends Instruction {
  cached
  predicate ensuresEq(Operand op, int k, IRBlock block, boolean areEqual) {
    exists(AbstractValue value |
-      unary_compares_eq(this, op, k, areEqual, false, value) and this.valueControls(block, value)
+      compares_eq(this, op, k, areEqual, value) and this.valueControls(block, value)
    )
  }

@@ -611,7 +611,7 @@ class IRGuardCondition extends Instruction {
  cached
  predicate ensuresEqEdge(Operand op, int k, IRBlock pred, IRBlock succ, boolean areEqual) {
    exists(AbstractValue value |
-      unary_compares_eq(this, op, k, areEqual, false, value) and
+      compares_eq(this, op, k, areEqual, value) and
      this.valueControlsEdge(pred, succ, value)
    )
  }
@@ -737,66 +737,26 @@ private predicate compares_eq(
  )
 }

-/**
- * Holds if `op == k` is `areEqual` given that `test` is equal to `value`.
- *
- * Many internal predicates in this file have a `inNonZeroCase` column.
- * Ideally, the `k` column would be a type such as `Option<int>::Option`, to
- * represent whether we have a concrete value `k` such that `op == k`, or whether
- * we only know that `op != 0`.
- * However, cannot instantiate `Option` with an infinite type. Thus the boolean
- * `inNonZeroCase` is used to distinquish the `Some` (where we have a concrete
- * value `k`) and `None` cases (where we only know that `op != 0`).
- *
- * Thus, if `inNonZeroCase = true` then `op != 0` and the value of `k` is
- * meaningless.
- *
- * To see why `inNonZeroCase` is needed consider the following C program:
- * ```c
- * char* p = ...;
- * if(p) {
- *   use(p);
- * }
- * ```
- * in C++ there would be an int-to-bool conversion on `p`. However, since C
- * does not have booleans there is no conversion. We want to be able to
- * conclude that `p` is non-zero in the true branch, so we need to give `k`
- * some value. However, simply setting `k = 1` would make the rest of the
- * analysis think that `k == 1` holds inside the branch. So we distinquish
- * between the above case and
- * ```c
- * if(p == 1) {
- *   use(p)
- * }
- * ```
- * by setting `inNonZeroCase` to `true` in the former case, but not in the
- * latter.
- */
-private predicate unary_compares_eq(
-  Instruction test, Operand op, int k, boolean areEqual, boolean inNonZeroCase, AbstractValue value
+/** Holds if `op == k` is `areEqual` given that `test` is equal to `value`. */
+private predicate compares_eq(
+  Instruction test, Operand op, int k, boolean areEqual, AbstractValue value
 ) {
  /* The simple case where the test *is* the comparison so areEqual = testIsTrue xor eq. */
-  exists(AbstractValue v | unary_simple_comparison_eq(test, op, k, inNonZeroCase, v) |
+  exists(AbstractValue v | simple_comparison_eq(test, op, k, v) |
    areEqual = true and value = v
    or
    areEqual = false and value = v.getDualValue()
  )
  or
-  unary_complex_eq(test, op, k, areEqual, inNonZeroCase, value)
+  complex_eq(test, op, k, areEqual, value)
  or
  /* (x is true => (op == k)) => (!x is false => (op == k)) */
-  exists(AbstractValue dual, boolean inNonZeroCase0 |
-    value = dual.getDualValue() and
-    unary_compares_eq(test.(LogicalNotInstruction).getUnary(), op, k, inNonZeroCase0, areEqual, dual)
-  |
-    k = 0 and inNonZeroCase = inNonZeroCase0
-    or
-    k != 0 and inNonZeroCase = true
+  exists(AbstractValue dual | value = dual.getDualValue() |
+    compares_eq(test.(LogicalNotInstruction).getUnary(), op, k, areEqual, dual)
  )
  or
  // ((test is `areEqual` => op == const + k2) and const == `k1`) =>
  // test is `areEqual` => op == k1 + k2
-  inNonZeroCase = false and
  exists(int k1, int k2, ConstantInstruction const |
    compares_eq(test, op, const.getAUse(), k2, areEqual, value) and
    int_value(const) = k1 and
@@ -821,53 +781,35 @@ private predicate simple_comparison_eq(
  value.(BooleanValue).getValue() = false
 }

-/**
- * Holds if `test` is an instruction that is part of test that eventually is
- * used in a conditional branch.
- */
-private predicate relevantUnaryComparison(Instruction test) {
-  not test instanceof CompareInstruction and
-  exists(IRType type, ConditionalBranchInstruction branch |
-    type instanceof IRAddressType or type instanceof IRIntegerType
-  |
-    type = test.getResultIRType() and
-    branch.getCondition() = test
-  )
-  or
-  exists(LogicalNotInstruction logicalNot |
-    relevantUnaryComparison(logicalNot) and
-    test = logicalNot.getUnary()
-  )
-}
-
-/**
- * Rearrange various simple comparisons into `op == k` form.
- */
-private predicate unary_simple_comparison_eq(
-  Instruction test, Operand op, int k, boolean inNonZeroCase, AbstractValue value
-) {
+/** Rearrange various simple comparisons into `op == k` form. */
+private predicate simple_comparison_eq(Instruction test, Operand op, int k, AbstractValue value) {
  exists(SwitchInstruction switch, CaseEdge case |
    test = switch.getExpression() and
    op.getDef() = test and
    case = value.(MatchValue).getCase() and
    exists(switch.getSuccessor(case)) and
-    case.getValue().toInt() = k and
-    inNonZeroCase = false
+    case.getValue().toInt() = k
  )
  or
  // There's no implicit CompareInstruction in files compiled as C since C
  // doesn't have implicit boolean conversions. So instead we check whether
  // there's a branch on a value of pointer or integer type.
-  relevantUnaryComparison(test) and
-  op.getDef() = test and
-  (
-    k = 1 and
-    value.(BooleanValue).getValue() = true and
-    inNonZeroCase = true
-    or
+  exists(ConditionalBranchInstruction branch, IRType type |
+    not test instanceof CompareInstruction and
+    type = test.getResultIRType() and
+    (type instanceof IRAddressType or type instanceof IRIntegerType) and
+    test = branch.getCondition() and
+    op.getDef() = test
+  |
+    // We'd like to also include a case such as:
+    // ```
+    // k = 1 and
+    // value.(BooleanValue).getValue() = true
+    // ```
+    // but all we know is that the value is non-zero in the true branch.
+    // So we can only conclude something in the false branch.
    k = 0 and
-    value.(BooleanValue).getValue() = false and
-    inNonZeroCase = false
+    value.(BooleanValue).getValue() = false
  )
 }

@@ -879,12 +821,12 @@ private predicate complex_eq(
  add_eq(cmp, left, right, k, areEqual, value)
 }

-private predicate unary_complex_eq(
-  Instruction test, Operand op, int k, boolean areEqual, boolean inNonZeroCase, AbstractValue value
+private predicate complex_eq(
+  Instruction test, Operand op, int k, boolean areEqual, AbstractValue value
 ) {
-  unary_sub_eq(test, op, k, areEqual, inNonZeroCase, value)
+  sub_eq(test, op, k, areEqual, value)
  or
-  unary_add_eq(test, op, k, areEqual, inNonZeroCase, value)
+  add_eq(test, op, k, areEqual, value)
 }

 /*
@@ -1148,20 +1090,16 @@ private predicate sub_eq(
 }

 // op - x == c => op == (c+x)
-private predicate unary_sub_eq(
-  Instruction test, Operand op, int k, boolean areEqual, boolean inNonZeroCase, AbstractValue value
-) {
-  inNonZeroCase = false and
+private predicate sub_eq(Instruction test, Operand op, int k, boolean areEqual, AbstractValue value) {
  exists(SubInstruction sub, int c, int x |
-    unary_compares_eq(test, sub.getAUse(), c, areEqual, inNonZeroCase, value) and
+    compares_eq(test, sub.getAUse(), c, areEqual, value) and
    op = sub.getLeftOperand() and
    x = int_value(sub.getRight()) and
    k = c + x
  )
  or
-  inNonZeroCase = false and
  exists(PointerSubInstruction sub, int c, int x |
-    unary_compares_eq(test, sub.getAUse(), c, areEqual, inNonZeroCase, value) and
+    compares_eq(test, sub.getAUse(), c, areEqual, value) and
    op = sub.getLeftOperand() and
    x = int_value(sub.getRight()) and
    k = c + x
@@ -1215,13 +1153,11 @@ private predicate add_eq(
 }

 // left + x == right + c => left == right + (c-x)
-private predicate unary_add_eq(
-  Instruction test, Operand left, int k, boolean areEqual, boolean inNonZeroCase,
-  AbstractValue value
+private predicate add_eq(
+  Instruction test, Operand left, int k, boolean areEqual, AbstractValue value
 ) {
-  inNonZeroCase = false and
  exists(AddInstruction lhs, int c, int x |
-    unary_compares_eq(test, lhs.getAUse(), c, areEqual, inNonZeroCase, value) and
+    compares_eq(test, lhs.getAUse(), c, areEqual, value) and
    (
      left = lhs.getLeftOperand() and x = int_value(lhs.getRight())
      or
@@ -1230,9 +1166,8 @@ private predicate unary_add_eq(
    k = c - x
  )
  or
-  inNonZeroCase = false and
  exists(PointerAddInstruction lhs, int c, int x |
-    unary_compares_eq(test, lhs.getAUse(), c, areEqual, inNonZeroCase, value) and
+    compares_eq(test, lhs.getAUse(), c, areEqual, value) and
    (
      left = lhs.getLeftOperand() and x = int_value(lhs.getRight())
      or
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll
@@ -317,7 +317,6 @@ private module Cached {
  }

  cached
-  pragma[no_dynamic_join_order]
  Instruction getChiInstructionTotalOperand(ChiInstruction chiInstr) {
    exists(
      Alias::VirtualVariable vvar, OldInstruction oldInstr, OldBlock defBlock, int defRank,
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll
@@ -317,7 +317,6 @@ private module Cached {
  }

  cached
-  pragma[no_dynamic_join_order]
  Instruction getChiInstructionTotalOperand(ChiInstruction chiInstr) {
    exists(
      Alias::VirtualVariable vvar, OldInstruction oldInstr, OldBlock defBlock, int defRank,
--- a/Management/AllocaInLoop.ql
+++ b/Management/AllocaInLoop.ql
@@ -37,19 +37,6 @@ class AllocaCall extends FunctionCall {
  }
 }

-/**
- * Gets an expression associated with a dataflow node.
- */
-private Expr getExpr(DataFlow::Node node) {
-  result = node.asInstruction().getAst()
-  or
-  result = node.asOperand().getUse().getAst()
-  or
-  result = node.(DataFlow::RawIndirectInstruction).getInstruction().getAst()
-  or
-  result = node.(DataFlow::RawIndirectOperand).getOperand().getUse().getAst()
-}
-
 /**
 * A loop that contains an `alloca` call.
 */
@@ -198,6 +185,19 @@ class LoopWithAlloca extends Stmt {
    not this.conditionReachesWithoutUpdate(var, this.(Loop).getCondition())
  }

+  /**
+   * Gets an expression associated with a dataflow node.
+   */
+  private Expr getExpr(DataFlow::Node node) {
+    result = node.asInstruction().getAst()
+    or
+    result = node.asOperand().getUse().getAst()
+    or
+    result = node.(DataFlow::RawIndirectInstruction).getInstruction().getAst()
+    or
+    result = node.(DataFlow::RawIndirectOperand).getOperand().getUse().getAst()
+  }
+
  /**
   * Gets a definition that may be the most recent definition of the
   * controlling variable `var` before this loop.
@@ -210,7 +210,7 @@ class LoopWithAlloca extends Stmt {
      // Phi nodes will be preceded by nodes that represent actual definitions
      not result instanceof DataFlow::SsaPhiNode and
      // A source is outside the loop if it's not inside the loop
-      not exists(Expr e | e = getExpr(result) | this = getAnEnclosingLoopOfExpr(e))
+      not exists(Expr e | e = this.getExpr(result) | this = getAnEnclosingLoopOfExpr(e))
    )
  }

@@ -221,9 +221,9 @@ class LoopWithAlloca extends Stmt {
  private int getAControllingVarInitialValue(Variable var, DataFlow::Node source) {
    source = this.getAPrecedingDef(var) and
    (
-      result = getExpr(source).getValue().toInt()
+      result = this.getExpr(source).getValue().toInt()
      or
-      result = getExpr(source).(Assignment).getRValue().getValue().toInt()
+      result = this.getExpr(source).(Assignment).getRValue().getValue().toInt()
    )
  }

--- a/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
+++ b/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
@@ -30,8 +30,6 @@ where
  outlivesFullExpr(c) and
  not c.isFromUninstantiatedTemplate(_) and
  isUniquePointerDerefFunction(c.getTarget()) and
-  // Exclude cases where the pointer is implicitly converted to a non-pointer type
-  not c.getActualType() instanceof IntegralType and
  isTemporary(c.getQualifier().getFullyConverted())
 select c,
  "The underlying unique pointer object is destroyed after the call to '" + c.getTarget() +
--- a/cpp/ql/src/change-notes/2024-05-22-use-of-unique-pointer-after-lifetime-ends-fp.md
+++ b/cpp/ql/src/change-notes/2024-05-22-use-of-unique-pointer-after-lifetime-ends-fp.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The "Use of unique pointer after lifetime ends" query (`cpp/use-of-unique-pointer-after-lifetime-ends`) no longer reports an alert when the pointer is converted to a boolean
--- a/cpp/ql/src/experimental/Likely
+++ b/cpp/ql/src/experimental/Likely
@@ -1,23 +0,0 @@
-char * create (int arg) {
-    if (arg > 42) {
-        // this function may return NULL
-        return NULL;
-    }
-    char * r = malloc(arg);
-    snprintf(r, arg -1, "Hello");
-    return r;
-}
-
-void process(char *str) {
-    // str is dereferenced
-    if (str[0] == 'H') {
-        printf("Hello H\n");
-    }
-}
-
-void test(int arg) {
-    // first function returns a pointer that may be NULL
-    char *str = create(arg);
-    // str is not checked for nullness before being passed to process function
-    process(str);
-}
--- a/cpp/ql/src/experimental/Likely
+++ b/cpp/ql/src/experimental/Likely
@@ -1,26 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-
-<overview>
-<p>This rule finds a dereference of a function parameter, whose value comes from another function call that may return NULL, without checks in the meantime.</p>
-</overview>
-
-<recommendation>
-<p>A check should be added between the return of the function which may return NULL, and its use by the function dereferencing ths pointer.</p>
-</recommendation>
-
-<example>
-<sample src="DerefNullResult.cpp" />
-</example>
-
-<references>
-<li>
-  <a href="https://www.owasp.org/index.php/Null_Dereference">
-    Null Dereference
-  </a> 
-</li>
-</references>
-
-</qhelp>
--- a/cpp/ql/src/experimental/Likely
+++ b/cpp/ql/src/experimental/Likely
@@ -1,34 +0,0 @@
-/**
- * @name Null dereference from a function result
- * @description A function parameter is dereferenced,
- *              while it comes from a function that may return NULL,
- *              and is not checked for nullness by the caller.
- * @kind problem
- * @id cpp/deref-null-result
- * @problem.severity recommendation
- * @tags reliability
- *       security
- *       external/cwe/cwe-476
- */
-
-import cpp
-import semmle.code.cpp.dataflow.new.DataFlow
-
-from Function nuller, Parameter pd, FunctionCall fc, Variable v
-where
-  mayReturnNull(nuller) and
-  functionDereferences(pd.getFunction(), pd.getIndex()) and
-  // there is a function call which will deref parameter pd
-  fc.getTarget() = pd.getFunction() and
-  // the parameter pd comes from a variable v
-  DataFlow::localFlow(DataFlow::exprNode(v.getAnAccess()),
-    DataFlow::exprNode(fc.getArgument(pd.getIndex()))) and
-  // this variable v was assigned by a call to the nuller function
-  unique( | | v.getAnAssignedValue()) = nuller.getACallToThisFunction() and
-  // this variable v is not accessed for an operation (check for NULLness)
-  not exists(VariableAccess vc |
-    vc.getTarget() = v and
-    (vc.getParent() instanceof Operation or vc.getParent() instanceof IfStmt)
-  )
-select fc, "This function call may deref $@ when it can be NULL from $@", v, v.getName(), nuller,
-  nuller.getName()
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected
@@ -1,55 +1,55 @@
 edges
-| test.cpp:34:10:34:12 | buf | test.cpp:34:5:34:24 | access to array | provenance | Config |
-| test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:22 | access to array | provenance | Config |
-| test.cpp:36:10:36:12 | buf | test.cpp:36:5:36:24 | access to array | provenance | Config |
-| test.cpp:39:14:39:16 | buf | test.cpp:39:9:39:19 | access to array | provenance | Config |
-| test.cpp:43:14:43:16 | buf | test.cpp:43:9:43:19 | access to array | provenance | Config |
-| test.cpp:48:10:48:12 | buf | test.cpp:48:5:48:24 | access to array | provenance | Config |
-| test.cpp:49:10:49:12 | buf | test.cpp:49:5:49:22 | access to array | provenance | Config |
-| test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:24 | access to array | provenance | Config |
-| test.cpp:53:14:53:16 | buf | test.cpp:53:9:53:19 | access to array | provenance | Config |
-| test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:19 | access to array | provenance | Config |
-| test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:19 | access to array | provenance | Config |
-| test.cpp:70:33:70:33 | p | test.cpp:71:5:71:17 | access to array | provenance | Config |
-| test.cpp:70:33:70:33 | p | test.cpp:72:5:72:15 | access to array | provenance | Config |
+| test.cpp:34:10:34:12 | buf | test.cpp:34:5:34:24 | access to array | provenance |  |
+| test.cpp:35:10:35:12 | buf | test.cpp:35:5:35:22 | access to array | provenance |  |
+| test.cpp:36:10:36:12 | buf | test.cpp:36:5:36:24 | access to array | provenance |  |
+| test.cpp:39:14:39:16 | buf | test.cpp:39:9:39:19 | access to array | provenance |  |
+| test.cpp:43:14:43:16 | buf | test.cpp:43:9:43:19 | access to array | provenance |  |
+| test.cpp:48:10:48:12 | buf | test.cpp:48:5:48:24 | access to array | provenance |  |
+| test.cpp:49:10:49:12 | buf | test.cpp:49:5:49:22 | access to array | provenance |  |
+| test.cpp:50:10:50:12 | buf | test.cpp:50:5:50:24 | access to array | provenance |  |
+| test.cpp:53:14:53:16 | buf | test.cpp:53:9:53:19 | access to array | provenance |  |
+| test.cpp:57:14:57:16 | buf | test.cpp:57:9:57:19 | access to array | provenance |  |
+| test.cpp:61:14:61:16 | buf | test.cpp:61:9:61:19 | access to array | provenance |  |
+| test.cpp:70:33:70:33 | p | test.cpp:71:5:71:17 | access to array | provenance |  |
+| test.cpp:70:33:70:33 | p | test.cpp:72:5:72:15 | access to array | provenance |  |
 | test.cpp:76:26:76:46 | & ... | test.cpp:66:32:66:32 | p | provenance |  |
-| test.cpp:76:32:76:34 | buf | test.cpp:76:26:76:46 | & ... | provenance | Config |
+| test.cpp:76:32:76:34 | buf | test.cpp:76:26:76:46 | & ... | provenance |  |
 | test.cpp:77:26:77:44 | & ... | test.cpp:66:32:66:32 | p | provenance |  |
-| test.cpp:77:32:77:34 | buf | test.cpp:77:26:77:44 | & ... | provenance | Config |
+| test.cpp:77:32:77:34 | buf | test.cpp:77:26:77:44 | & ... | provenance |  |
 | test.cpp:79:27:79:34 | buf | test.cpp:70:33:70:33 | p | provenance |  |
 | test.cpp:79:32:79:34 | buf | test.cpp:79:27:79:34 | buf | provenance |  |
-| test.cpp:85:21:85:36 | buf | test.cpp:87:5:87:31 | access to array | provenance | Config |
-| test.cpp:85:21:85:36 | buf | test.cpp:88:5:88:27 | access to array | provenance | Config |
+| test.cpp:85:21:85:36 | buf | test.cpp:87:5:87:31 | access to array | provenance |  |
+| test.cpp:85:21:85:36 | buf | test.cpp:88:5:88:27 | access to array | provenance |  |
 | test.cpp:85:34:85:36 | buf | test.cpp:85:21:85:36 | buf | provenance |  |
-| test.cpp:96:13:96:15 | arr | test.cpp:96:13:96:18 | access to array | provenance | Config |
-| test.cpp:111:17:111:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
-| test.cpp:111:17:111:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
-| test.cpp:111:17:111:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
-| test.cpp:115:35:115:37 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
-| test.cpp:115:35:115:37 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
-| test.cpp:115:35:115:37 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
-| test.cpp:119:17:119:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
-| test.cpp:119:17:119:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
-| test.cpp:119:17:119:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
-| test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | provenance | Config |
-| test.cpp:134:25:134:27 | arr | test.cpp:136:9:136:16 | ... += ... | provenance | Config |
+| test.cpp:96:13:96:15 | arr | test.cpp:96:13:96:18 | access to array | provenance |  |
+| test.cpp:111:17:111:19 | arr | test.cpp:111:17:111:22 | access to array | provenance |  |
+| test.cpp:111:17:111:19 | arr | test.cpp:115:35:115:40 | access to array | provenance |  |
+| test.cpp:111:17:111:19 | arr | test.cpp:119:17:119:22 | access to array | provenance |  |
+| test.cpp:115:35:115:37 | arr | test.cpp:111:17:111:22 | access to array | provenance |  |
+| test.cpp:115:35:115:37 | arr | test.cpp:115:35:115:40 | access to array | provenance |  |
+| test.cpp:115:35:115:37 | arr | test.cpp:119:17:119:22 | access to array | provenance |  |
+| test.cpp:119:17:119:19 | arr | test.cpp:111:17:111:22 | access to array | provenance |  |
+| test.cpp:119:17:119:19 | arr | test.cpp:115:35:115:40 | access to array | provenance |  |
+| test.cpp:119:17:119:19 | arr | test.cpp:119:17:119:22 | access to array | provenance |  |
+| test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | provenance |  |
+| test.cpp:134:25:134:27 | arr | test.cpp:136:9:136:16 | ... += ... | provenance |  |
 | test.cpp:136:9:136:16 | ... += ... | test.cpp:136:9:136:16 | ... += ... | provenance |  |
 | test.cpp:136:9:136:16 | ... += ... | test.cpp:138:13:138:15 | arr | provenance |  |
 | test.cpp:143:18:143:21 | asdf | test.cpp:134:25:134:27 | arr | provenance |  |
 | test.cpp:143:18:143:21 | asdf | test.cpp:143:18:143:21 | asdf | provenance |  |
 | test.cpp:146:26:146:26 | *p | test.cpp:147:4:147:9 | -- ... | provenance |  |
-| test.cpp:156:12:156:14 | buf | test.cpp:156:12:156:18 | ... + ... | provenance | Config |
+| test.cpp:156:12:156:14 | buf | test.cpp:156:12:156:18 | ... + ... | provenance |  |
 | test.cpp:156:12:156:18 | ... + ... | test.cpp:156:12:156:18 | ... + ... | provenance |  |
 | test.cpp:156:12:156:18 | ... + ... | test.cpp:158:17:158:18 | *& ... | provenance |  |
 | test.cpp:158:17:158:18 | *& ... | test.cpp:146:26:146:26 | *p | provenance |  |
-| test.cpp:218:16:218:28 | buffer | test.cpp:220:5:220:11 | access to array | provenance | Config |
-| test.cpp:218:16:218:28 | buffer | test.cpp:221:5:221:11 | access to array | provenance | Config |
+| test.cpp:218:16:218:28 | buffer | test.cpp:220:5:220:11 | access to array | provenance |  |
+| test.cpp:218:16:218:28 | buffer | test.cpp:221:5:221:11 | access to array | provenance |  |
 | test.cpp:218:23:218:28 | buffer | test.cpp:218:16:218:28 | buffer | provenance |  |
-| test.cpp:229:17:229:29 | array | test.cpp:231:5:231:10 | access to array | provenance | Config |
-| test.cpp:229:17:229:29 | array | test.cpp:232:5:232:10 | access to array | provenance | Config |
+| test.cpp:229:17:229:29 | array | test.cpp:231:5:231:10 | access to array | provenance |  |
+| test.cpp:229:17:229:29 | array | test.cpp:232:5:232:10 | access to array | provenance |  |
 | test.cpp:229:25:229:29 | array | test.cpp:229:17:229:29 | array | provenance |  |
-| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | Config |
-| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | Config |
+| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance |  |
+| test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance |  |
 | test.cpp:274:14:274:20 | buffer3 | test.cpp:245:30:245:30 | p | provenance |  |
 | test.cpp:274:14:274:20 | buffer3 | test.cpp:274:14:274:20 | buffer3 | provenance |  |
 | test.cpp:277:35:277:35 | p | test.cpp:278:14:278:14 | p | provenance |  |
@@ -60,21 +60,21 @@ edges
 | test.cpp:286:19:286:25 | buffer2 | test.cpp:286:19:286:25 | buffer2 | provenance |  |
 | test.cpp:289:19:289:25 | buffer3 | test.cpp:277:35:277:35 | p | provenance |  |
 | test.cpp:289:19:289:25 | buffer3 | test.cpp:289:19:289:25 | buffer3 | provenance |  |
-| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance | Config |
-| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance | Config |
+| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance |  |
+| test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance |  |
 | test.cpp:306:20:306:23 | arr1 | test.cpp:292:25:292:27 | arr | provenance |  |
 | test.cpp:306:20:306:23 | arr1 | test.cpp:306:20:306:23 | arr1 | provenance |  |
 | test.cpp:309:20:309:23 | arr2 | test.cpp:292:25:292:27 | arr | provenance |  |
 | test.cpp:309:20:309:23 | arr2 | test.cpp:309:20:309:23 | arr2 | provenance |  |
 | test.cpp:319:13:319:27 | ... = ... | test.cpp:325:24:325:26 | end | provenance |  |
-| test.cpp:319:19:319:22 | temp | test.cpp:319:19:319:27 | ... + ... | provenance | Config |
-| test.cpp:319:19:319:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
+| test.cpp:319:19:319:22 | temp | test.cpp:319:19:319:27 | ... + ... | provenance |  |
+| test.cpp:319:19:319:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance |  |
 | test.cpp:319:19:319:27 | ... + ... | test.cpp:319:13:319:27 | ... = ... | provenance |  |
 | test.cpp:322:13:322:27 | ... = ... | test.cpp:325:24:325:26 | end | provenance |  |
-| test.cpp:322:19:322:22 | temp | test.cpp:322:19:322:27 | ... + ... | provenance | Config |
-| test.cpp:322:19:322:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
+| test.cpp:322:19:322:22 | temp | test.cpp:322:19:322:27 | ... + ... | provenance |  |
+| test.cpp:322:19:322:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance |  |
 | test.cpp:322:19:322:27 | ... + ... | test.cpp:322:13:322:27 | ... = ... | provenance |  |
-| test.cpp:324:23:324:26 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
+| test.cpp:324:23:324:26 | temp | test.cpp:324:23:324:32 | ... + ... | provenance |  |
 | test.cpp:324:23:324:32 | ... + ... | test.cpp:324:23:324:32 | ... + ... | provenance |  |
 | test.cpp:324:23:324:32 | ... + ... | test.cpp:325:15:325:19 | temp2 | provenance |  |
 nodes
--- a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected
+++ b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected
@@ -160,9 +160,6 @@ astGuardsCompare
 | 137 | 0 == 0 when 0 is false |
 | 146 | ! ... != 0 when ! ... is true |
 | 146 | ! ... == 0 when ! ... is false |
-| 146 | x != 0 when ! ... is false |
-| 146 | x != 0 when x is true |
-| 146 | x == 0 when x is false |
 | 152 | x != 0 when ... && ... is true |
 | 152 | x != 0 when x is true |
 | 152 | x == 0 when x is false |
@@ -521,7 +518,6 @@ astGuardsEnsure_const
 | test.c:131:7:131:7 | b | test.c:131:7:131:7 | b | != | 0 | 131 | 132 |
 | test.c:137:7:137:7 | 0 | test.c:137:7:137:7 | 0 | == | 0 | 142 | 136 |
 | test.c:146:7:146:8 | ! ... | test.c:146:7:146:8 | ! ... | != | 0 | 146 | 147 |
-| test.c:146:8:146:8 | x | test.c:146:8:146:8 | x | == | 0 | 146 | 147 |
 | test.c:152:10:152:10 | x | test.c:152:10:152:10 | x | != | 0 | 151 | 152 |
 | test.c:152:10:152:10 | x | test.c:152:10:152:10 | x | != | 0 | 152 | 152 |
 | test.c:152:10:152:15 | ... && ... | test.c:152:10:152:10 | x | != | 0 | 151 | 152 |
@@ -693,9 +689,6 @@ irGuardsCompare
 | 137 | 0 == 0 when Constant: 0 is false |
 | 146 | ! ... != 0 when LogicalNot: ! ... is true |
 | 146 | ! ... == 0 when LogicalNot: ! ... is false |
-| 146 | x != 0 when Load: x is true |
-| 146 | x != 0 when LogicalNot: ! ... is false |
-| 146 | x == 0 when Load: x is false |
 | 152 | x != 0 when Load: x is true |
 | 152 | x == 0 when Load: x is false |
 | 152 | y != 0 when Load: y is true |
@@ -1070,7 +1063,6 @@ irGuardsEnsure_const
 | test.c:131:7:131:7 | Load: b | test.c:131:7:131:7 | Load: b | != | 0 | 132 | 132 |
 | test.c:137:7:137:7 | Constant: 0 | test.c:137:7:137:7 | Constant: 0 | == | 0 | 142 | 142 |
 | test.c:146:7:146:8 | LogicalNot: ! ... | test.c:146:7:146:8 | LogicalNot: ! ... | != | 0 | 147 | 147 |
-| test.c:146:8:146:8 | Load: x | test.c:146:8:146:8 | Load: x | == | 0 | 147 | 147 |
 | test.c:152:10:152:10 | Load: x | test.c:152:10:152:10 | Load: x | != | 0 | 152 | 152 |
 | test.c:152:15:152:15 | Load: y | test.c:152:15:152:15 | Load: y | != | 0 | 152 | 152 |
 | test.c:175:13:175:32 | CompareEQ: ... == ... | test.c:175:13:175:15 | Call: call to foo | != | 0 | 175 | 175 |
--- a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected
+++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected
@@ -161,20 +161,11 @@
 | 137 | 0 == 0 when 0 is false |
 | 146 | ! ... != 0 when ! ... is true |
 | 146 | ! ... == 0 when ! ... is false |
-| 146 | x != 0 when ! ... is false |
-| 146 | x != 0 when x is true |
-| 146 | x == 0 when x is false |
 | 152 | p != 0 when p is true |
 | 152 | p == 0 when p is false |
 | 158 | ! ... != 0 when ! ... is true |
 | 158 | ! ... == 0 when ! ... is false |
-| 158 | p != 0 when ! ... is false |
-| 158 | p != 0 when p is true |
-| 158 | p == 0 when p is false |
 | 164 | s != 0 when s is true |
 | 164 | s == 0 when s is false |
 | 170 | ! ... != 0 when ! ... is true |
 | 170 | ! ... == 0 when ! ... is false |
-| 170 | s != 0 when ! ... is false |
-| 170 | s != 0 when s is true |
-| 170 | s == 0 when s is false |
--- a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected
+++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected
@@ -245,13 +245,10 @@ unary
 | test.c:131:7:131:7 | b | test.c:131:7:131:7 | b | != | 0 | 131 | 132 |
 | test.c:137:7:137:7 | 0 | test.c:137:7:137:7 | 0 | == | 0 | 142 | 136 |
 | test.c:146:7:146:8 | ! ... | test.c:146:7:146:8 | ! ... | != | 0 | 146 | 147 |
-| test.c:146:8:146:8 | x | test.c:146:8:146:8 | x | == | 0 | 146 | 147 |
 | test.c:152:8:152:8 | p | test.c:152:8:152:8 | p | != | 0 | 152 | 154 |
 | test.c:158:8:158:9 | ! ... | test.c:158:8:158:9 | ! ... | != | 0 | 158 | 160 |
-| test.c:158:9:158:9 | p | test.c:158:9:158:9 | p | == | 0 | 158 | 160 |
 | test.c:164:8:164:8 | s | test.c:164:8:164:8 | s | != | 0 | 164 | 166 |
 | test.c:170:8:170:9 | ! ... | test.c:170:8:170:9 | ! ... | != | 0 | 170 | 172 |
-| test.c:170:9:170:9 | s | test.c:170:9:170:9 | s | == | 0 | 170 | 172 |
 | test.cpp:18:8:18:10 | call to get | test.cpp:18:8:18:10 | call to get | != | 0 | 19 | 19 |
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | -1 | 30 | 30 |
 | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | -1 | 34 | 34 |
--- a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
+++ b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
@@ -15,7 +15,7 @@ edges
 | A.cpp:31:20:31:20 | c | A.cpp:23:10:23:10 | c | provenance |  |
 | A.cpp:31:20:31:20 | c | A.cpp:31:14:31:21 | call to B [c] | provenance |  |
 | A.cpp:41:5:41:6 | insert output argument | A.cpp:43:10:43:12 | *& ... | provenance |  |
-| A.cpp:41:15:41:21 | new | A.cpp:41:5:41:6 | insert output argument | provenance | Config |
+| A.cpp:41:15:41:21 | new | A.cpp:41:5:41:6 | insert output argument | provenance |  |
 | A.cpp:47:12:47:18 | new | A.cpp:47:12:47:18 | new | provenance |  |
 | A.cpp:47:12:47:18 | new | A.cpp:48:20:48:20 | c | provenance |  |
 | A.cpp:48:12:48:18 | *call to make [c] | A.cpp:48:12:48:18 | *call to make [c] | provenance |  |
--- a/cpp/ql/test/library-tests/dataflow/fields/path-flow.expected
+++ b/cpp/ql/test/library-tests/dataflow/fields/path-flow.expected
@@ -12,9 +12,8 @@ edges
 | A.cpp:31:20:31:20 | c | A.cpp:23:10:23:10 | c | provenance |  |
 | A.cpp:31:20:31:20 | c | A.cpp:31:14:31:21 | call to B [c] | provenance |  |
 | A.cpp:41:5:41:6 | ref arg ct | A.cpp:43:11:43:12 | ct | provenance |  |
-| A.cpp:41:15:41:21 | new | A.cpp:41:5:41:6 | ref arg ct | provenance | Config |
+| A.cpp:41:15:41:21 | new | A.cpp:41:5:41:6 | ref arg ct | provenance |  |
 | A.cpp:43:11:43:12 | ct | A.cpp:43:10:43:12 | & ... | provenance |  |
-| A.cpp:43:11:43:12 | ct | A.cpp:43:10:43:12 | & ... | provenance | Config |
 | A.cpp:47:12:47:18 | new | A.cpp:48:20:48:20 | c | provenance |  |
 | A.cpp:48:12:48:18 | call to make [c] | A.cpp:49:10:49:10 | b [c] | provenance |  |
 | A.cpp:48:20:48:20 | c | A.cpp:29:23:29:23 | c | provenance |  |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected
@@ -3,7 +3,7 @@ edges
 | tests.cpp:33:34:33:39 | *call to getenv | tests.cpp:33:34:33:39 | *call to getenv | provenance |  |
 | tests.cpp:33:34:33:39 | *call to getenv | tests.cpp:38:39:38:49 | *environment | provenance |  |
 | tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:42:12:42:15 | *data | provenance |  |
-| tests.cpp:38:39:38:49 | *environment | tests.cpp:38:25:38:36 | strncat output argument | provenance | Config |
+| tests.cpp:38:39:38:49 | *environment | tests.cpp:38:25:38:36 | strncat output argument | provenance |  |
 | tests.cpp:42:12:42:15 | *data | tests.cpp:26:15:26:23 | **badSource | provenance |  |
 | tests.cpp:51:5:51:26 | *... = ... | tests.cpp:53:16:53:19 | *data | provenance |  |
 | tests.cpp:51:12:51:20 | *call to badSource | tests.cpp:51:5:51:26 | *... = ... | provenance |  |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
@@ -2,72 +2,72 @@ edges
 | test.cpp:15:27:15:30 | **argv | test.cpp:16:20:16:26 | *access to array | provenance |  |
 | test.cpp:16:20:16:26 | *access to array | test.cpp:22:45:22:52 | *userName | provenance |  |
 | test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | *command1 | provenance |  |
-| test.cpp:22:45:22:52 | *userName | test.cpp:22:13:22:20 | sprintf output argument | provenance | Config |
+| test.cpp:22:45:22:52 | *userName | test.cpp:22:13:22:20 | sprintf output argument | provenance |  |
 | test.cpp:47:21:47:26 | *call to getenv | test.cpp:47:21:47:26 | *call to getenv | provenance |  |
 | test.cpp:47:21:47:26 | *call to getenv | test.cpp:50:35:50:43 | *envCflags | provenance |  |
 | test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | *command | provenance |  |
-| test.cpp:50:35:50:43 | *envCflags | test.cpp:50:11:50:17 | sprintf output argument | provenance | Config |
+| test.cpp:50:35:50:43 | *envCflags | test.cpp:50:11:50:17 | sprintf output argument | provenance |  |
 | test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | *filename | provenance |  |
 | test.cpp:64:11:64:17 | strncat output argument | test.cpp:65:10:65:16 | *command | provenance |  |
-| test.cpp:64:20:64:27 | *filename | test.cpp:64:11:64:17 | strncat output argument | provenance | Config |
+| test.cpp:64:20:64:27 | *filename | test.cpp:64:11:64:17 | strncat output argument | provenance |  |
 | test.cpp:82:9:82:16 | fread output argument | test.cpp:84:20:84:27 | *filename | provenance |  |
 | test.cpp:84:11:84:17 | strncat output argument | test.cpp:85:32:85:38 | *command | provenance |  |
-| test.cpp:84:20:84:27 | *filename | test.cpp:84:11:84:17 | strncat output argument | provenance | Config |
+| test.cpp:84:20:84:27 | *filename | test.cpp:84:11:84:17 | strncat output argument | provenance |  |
 | test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | *filename | provenance |  |
 | test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | *path | provenance |  |
-| test.cpp:93:17:93:24 | *filename | test.cpp:93:11:93:14 | strncat output argument | provenance | Config |
+| test.cpp:93:17:93:24 | *filename | test.cpp:93:11:93:14 | strncat output argument | provenance |  |
 | test.cpp:106:20:106:38 | *call to getenv | test.cpp:107:33:107:36 | *path | provenance | TaintFunction |
 | test.cpp:107:31:107:31 | call to operator+ | test.cpp:107:31:107:31 | call to operator+ | provenance |  |
 | test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:18:108:22 | *call to c_str | provenance | TaintFunction |
-| test.cpp:107:33:107:36 | *path | test.cpp:107:31:107:31 | call to operator+ | provenance | Config |
+| test.cpp:107:33:107:36 | *path | test.cpp:107:31:107:31 | call to operator+ | provenance |  |
 | test.cpp:113:20:113:38 | *call to getenv | test.cpp:114:19:114:22 | *path | provenance | TaintFunction |
 | test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | TaintFunction |
 | test.cpp:114:10:114:23 | call to operator+ | test.cpp:114:25:114:29 | *call to c_str | provenance | TaintFunction |
 | test.cpp:114:17:114:17 | call to operator+ | test.cpp:114:10:114:23 | call to operator+ | provenance |  |
-| test.cpp:114:19:114:22 | *path | test.cpp:114:10:114:23 | call to operator+ | provenance | Config |
-| test.cpp:114:19:114:22 | *path | test.cpp:114:17:114:17 | call to operator+ | provenance | Config |
+| test.cpp:114:19:114:22 | *path | test.cpp:114:10:114:23 | call to operator+ | provenance |  |
+| test.cpp:114:19:114:22 | *path | test.cpp:114:17:114:17 | call to operator+ | provenance |  |
 | test.cpp:119:20:119:38 | *call to getenv | test.cpp:120:19:120:22 | *path | provenance | TaintFunction |
 | test.cpp:120:17:120:17 | call to operator+ | test.cpp:120:10:120:30 | *call to data | provenance | TaintFunction |
-| test.cpp:120:19:120:22 | *path | test.cpp:120:17:120:17 | call to operator+ | provenance | Config |
+| test.cpp:120:19:120:22 | *path | test.cpp:120:17:120:17 | call to operator+ | provenance |  |
 | test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | *str | provenance |  |
 | test.cpp:142:11:142:17 | sprintf output argument | test.cpp:143:10:143:16 | *command | provenance |  |
-| test.cpp:142:31:142:33 | *str | test.cpp:142:11:142:17 | sprintf output argument | provenance | Config |
+| test.cpp:142:31:142:33 | *str | test.cpp:142:11:142:17 | sprintf output argument | provenance |  |
 | test.cpp:174:9:174:16 | fread output argument | test.cpp:177:20:177:27 | *filename | provenance |  |
 | test.cpp:174:9:174:16 | fread output argument | test.cpp:180:22:180:29 | *filename | provenance |  |
 | test.cpp:177:13:177:17 | strncat output argument | test.cpp:178:22:178:26 | *flags | provenance |  |
 | test.cpp:177:13:177:17 | strncat output argument | test.cpp:178:22:178:26 | *flags | provenance |  |
-| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | Config |
+| test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance |  |
 | test.cpp:177:20:177:27 | *filename | test.cpp:177:13:177:17 | strncat output argument | provenance | TaintFunction |
 | test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance |  |
 | test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance |  |
-| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | Config |
+| test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance |  |
 | test.cpp:178:22:178:26 | *flags | test.cpp:178:13:178:19 | strncat output argument | provenance | TaintFunction |
 | test.cpp:180:13:180:19 | strncat output argument | test.cpp:183:32:183:38 | *command | provenance |  |
-| test.cpp:180:22:180:29 | *filename | test.cpp:180:13:180:19 | strncat output argument | provenance | Config |
+| test.cpp:180:22:180:29 | *filename | test.cpp:180:13:180:19 | strncat output argument | provenance |  |
 | test.cpp:186:47:186:54 | *filename | test.cpp:187:18:187:25 | *filename | provenance |  |
 | test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | *flags | provenance |  |
 | test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:20:188:24 | *flags | provenance |  |
-| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | Config |
+| test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance |  |
 | test.cpp:187:18:187:25 | *filename | test.cpp:187:11:187:15 | strncat output argument | provenance | TaintFunction |
 | test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command | provenance |  |
 | test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command | provenance |  |
 | test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command [Return] | provenance |  |
 | test.cpp:188:11:188:17 | strncat output argument | test.cpp:186:19:186:25 | *command [Return] | provenance |  |
-| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | Config |
+| test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance |  |
 | test.cpp:188:20:188:24 | *flags | test.cpp:188:11:188:17 | strncat output argument | provenance | TaintFunction |
 | test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | *filename | provenance |  |
 | test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | *command | provenance |  |
 | test.cpp:196:10:196:16 | concat output argument | test.cpp:198:32:198:38 | *command | provenance |  |
 | test.cpp:196:26:196:33 | *filename | test.cpp:186:47:186:54 | *filename | provenance |  |
-| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | Config |
+| test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | TaintFunction |
 | test.cpp:196:26:196:33 | *filename | test.cpp:196:10:196:16 | concat output argument | provenance | TaintFunction |
 | test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | *filename | provenance |  |
 | test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | TaintFunction |
 | test.cpp:220:10:220:16 | strncat output argument | test.cpp:220:10:220:16 | strncat output argument | provenance | TaintFunction |
 | test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | *command | provenance |  |
 | test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | *command | provenance |  |
-| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance | Config |
-| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance | Config |
+| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance |  |
+| test.cpp:220:19:220:26 | *filename | test.cpp:220:10:220:16 | strncat output argument | provenance |  |
 | test.cpp:220:19:220:26 | *filename | test.cpp:220:19:220:26 | *filename | provenance |  |
 nodes
 | test.cpp:15:27:15:30 | **argv | semmle.label | **argv |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerDeref.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerDeref.expected
@@ -1,138 +1,138 @@
 edges
 | test.cpp:4:15:4:33 | call to malloc | test.cpp:4:15:4:33 | call to malloc | provenance |  |
-| test.cpp:4:15:4:33 | call to malloc | test.cpp:5:15:5:22 | ... + ... | provenance | Config |
+| test.cpp:4:15:4:33 | call to malloc | test.cpp:5:15:5:22 | ... + ... | provenance |  |
 | test.cpp:5:15:5:22 | ... + ... | test.cpp:5:15:5:22 | ... + ... | provenance |  |
-| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | Config |
-| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | Config |
-| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | Config |
-| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance | Config |
-| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | * ... | provenance | Config |
-| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | * ... | provenance | Config |
+| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance |  |
+| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance |  |
+| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance |  |
+| test.cpp:5:15:5:22 | ... + ... | test.cpp:6:14:6:15 | * ... | provenance |  |
+| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | * ... | provenance |  |
+| test.cpp:5:15:5:22 | ... + ... | test.cpp:8:14:8:21 | * ... | provenance |  |
 | test.cpp:6:14:6:15 | * ... | test.cpp:8:14:8:21 | * ... | provenance |  |
 | test.cpp:16:15:16:33 | call to malloc | test.cpp:16:15:16:33 | call to malloc | provenance |  |
-| test.cpp:16:15:16:33 | call to malloc | test.cpp:20:14:20:21 | * ... | provenance | Config |
+| test.cpp:16:15:16:33 | call to malloc | test.cpp:20:14:20:21 | * ... | provenance |  |
 | test.cpp:28:15:28:37 | call to malloc | test.cpp:28:15:28:37 | call to malloc | provenance |  |
-| test.cpp:28:15:28:37 | call to malloc | test.cpp:29:15:29:28 | ... + ... | provenance | Config |
+| test.cpp:28:15:28:37 | call to malloc | test.cpp:29:15:29:28 | ... + ... | provenance |  |
 | test.cpp:29:15:29:28 | ... + ... | test.cpp:29:15:29:28 | ... + ... | provenance |  |
-| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | Config |
-| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | Config |
-| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | Config |
-| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance | Config |
-| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | * ... | provenance | Config |
-| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | * ... | provenance | Config |
+| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance |  |
+| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance |  |
+| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance |  |
+| test.cpp:29:15:29:28 | ... + ... | test.cpp:30:14:30:15 | * ... | provenance |  |
+| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | * ... | provenance |  |
+| test.cpp:29:15:29:28 | ... + ... | test.cpp:32:14:32:21 | * ... | provenance |  |
 | test.cpp:30:14:30:15 | * ... | test.cpp:32:14:32:21 | * ... | provenance |  |
 | test.cpp:51:33:51:35 | *end | test.cpp:60:34:60:37 | mk_array output argument | provenance |  |
 | test.cpp:52:19:52:37 | call to malloc | test.cpp:52:19:52:37 | call to malloc | provenance |  |
-| test.cpp:52:19:52:37 | call to malloc | test.cpp:53:12:53:23 | ... + ... | provenance | Config |
+| test.cpp:52:19:52:37 | call to malloc | test.cpp:53:12:53:23 | ... + ... | provenance |  |
 | test.cpp:53:5:53:23 | ... = ... | test.cpp:51:33:51:35 | *end | provenance |  |
 | test.cpp:53:12:53:23 | ... + ... | test.cpp:53:5:53:23 | ... = ... | provenance |  |
-| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:67:9:67:14 | ... = ... | provenance | Config |
+| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:67:9:67:14 | ... = ... | provenance |  |
 | test.cpp:205:15:205:33 | call to malloc | test.cpp:205:15:205:33 | call to malloc | provenance |  |
-| test.cpp:205:15:205:33 | call to malloc | test.cpp:206:17:206:23 | ... + ... | provenance | Config |
+| test.cpp:205:15:205:33 | call to malloc | test.cpp:206:17:206:23 | ... + ... | provenance |  |
 | test.cpp:206:17:206:23 | ... + ... | test.cpp:206:17:206:23 | ... + ... | provenance |  |
-| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | provenance | Config |
-| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | provenance | Config |
+| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | provenance |  |
+| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... | provenance |  |
 | test.cpp:260:13:260:24 | new[] | test.cpp:260:13:260:24 | new[] | provenance |  |
-| test.cpp:260:13:260:24 | new[] | test.cpp:261:14:261:21 | ... + ... | provenance | Config |
+| test.cpp:260:13:260:24 | new[] | test.cpp:261:14:261:21 | ... + ... | provenance |  |
 | test.cpp:261:14:261:21 | ... + ... | test.cpp:261:14:261:21 | ... + ... | provenance |  |
-| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | Config |
-| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | Config |
-| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | Config |
-| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance | Config |
+| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance |  |
+| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance |  |
+| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance |  |
+| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... | provenance |  |
 | test.cpp:262:31:262:33 | *... ++ | test.cpp:264:13:264:14 | * ... | provenance |  |
 | test.cpp:262:31:262:33 | *... ++ | test.cpp:264:13:264:14 | * ... | provenance |  |
 | test.cpp:264:13:264:14 | * ... | test.cpp:262:31:262:33 | *... ++ | provenance |  |
 | test.cpp:270:13:270:24 | new[] | test.cpp:270:13:270:24 | new[] | provenance |  |
-| test.cpp:270:13:270:24 | new[] | test.cpp:271:14:271:21 | ... + ... | provenance | Config |
+| test.cpp:270:13:270:24 | new[] | test.cpp:271:14:271:21 | ... + ... | provenance |  |
 | test.cpp:271:14:271:21 | ... + ... | test.cpp:271:14:271:21 | ... + ... | provenance |  |
-| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance | Config |
-| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance | Config |
+| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance |  |
+| test.cpp:271:14:271:21 | ... + ... | test.cpp:274:5:274:10 | ... = ... | provenance |  |
 | test.cpp:355:14:355:27 | new[] | test.cpp:355:14:355:27 | new[] | provenance |  |
-| test.cpp:355:14:355:27 | new[] | test.cpp:356:15:356:23 | ... + ... | provenance | Config |
+| test.cpp:355:14:355:27 | new[] | test.cpp:356:15:356:23 | ... + ... | provenance |  |
 | test.cpp:356:15:356:23 | ... + ... | test.cpp:356:15:356:23 | ... + ... | provenance |  |
-| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... | provenance | Config |
-| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... | provenance | Config |
-| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... | provenance | Config |
-| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... | provenance | Config |
+| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... | provenance |  |
+| test.cpp:356:15:356:23 | ... + ... | test.cpp:358:14:358:26 | * ... | provenance |  |
+| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... | provenance |  |
+| test.cpp:356:15:356:23 | ... + ... | test.cpp:359:14:359:32 | * ... | provenance |  |
 | test.cpp:377:14:377:27 | new[] | test.cpp:377:14:377:27 | new[] | provenance |  |
-| test.cpp:377:14:377:27 | new[] | test.cpp:378:15:378:23 | ... + ... | provenance | Config |
+| test.cpp:377:14:377:27 | new[] | test.cpp:378:15:378:23 | ... + ... | provenance |  |
 | test.cpp:378:15:378:23 | ... + ... | test.cpp:378:15:378:23 | ... + ... | provenance |  |
-| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... | provenance | Config |
-| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... | provenance | Config |
+| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... | provenance |  |
+| test.cpp:378:15:378:23 | ... + ... | test.cpp:384:13:384:16 | * ... | provenance |  |
 | test.cpp:410:14:410:27 | new[] | test.cpp:410:14:410:27 | new[] | provenance |  |
-| test.cpp:410:14:410:27 | new[] | test.cpp:411:15:411:23 | & ... | provenance | Config |
-| test.cpp:410:14:410:27 | new[] | test.cpp:415:7:415:15 | ... = ... | provenance | Config |
+| test.cpp:410:14:410:27 | new[] | test.cpp:411:15:411:23 | & ... | provenance |  |
+| test.cpp:410:14:410:27 | new[] | test.cpp:415:7:415:15 | ... = ... | provenance |  |
 | test.cpp:411:15:411:23 | & ... | test.cpp:411:15:411:23 | & ... | provenance |  |
-| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... | provenance | Config |
-| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... | provenance | Config |
+| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... | provenance |  |
+| test.cpp:411:15:411:23 | & ... | test.cpp:415:7:415:15 | ... = ... | provenance |  |
 | test.cpp:421:14:421:27 | new[] | test.cpp:421:14:421:27 | new[] | provenance |  |
-| test.cpp:421:14:421:27 | new[] | test.cpp:422:15:422:23 | & ... | provenance | Config |
-| test.cpp:421:14:421:27 | new[] | test.cpp:426:7:426:15 | ... = ... | provenance | Config |
+| test.cpp:421:14:421:27 | new[] | test.cpp:422:15:422:23 | & ... | provenance |  |
+| test.cpp:421:14:421:27 | new[] | test.cpp:426:7:426:15 | ... = ... | provenance |  |
 | test.cpp:422:15:422:23 | & ... | test.cpp:422:15:422:23 | & ... | provenance |  |
-| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... | provenance | Config |
-| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... | provenance | Config |
+| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... | provenance |  |
+| test.cpp:422:15:422:23 | & ... | test.cpp:426:7:426:15 | ... = ... | provenance |  |
 | test.cpp:432:14:432:27 | new[] | test.cpp:432:14:432:27 | new[] | provenance |  |
-| test.cpp:432:14:432:27 | new[] | test.cpp:433:15:433:23 | & ... | provenance | Config |
-| test.cpp:432:14:432:27 | new[] | test.cpp:438:7:438:15 | ... = ... | provenance | Config |
+| test.cpp:432:14:432:27 | new[] | test.cpp:433:15:433:23 | & ... | provenance |  |
+| test.cpp:432:14:432:27 | new[] | test.cpp:438:7:438:15 | ... = ... | provenance |  |
 | test.cpp:433:15:433:23 | & ... | test.cpp:433:15:433:23 | & ... | provenance |  |
-| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... | provenance | Config |
-| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... | provenance | Config |
+| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... | provenance |  |
+| test.cpp:433:15:433:23 | & ... | test.cpp:438:7:438:15 | ... = ... | provenance |  |
 | test.cpp:444:14:444:27 | new[] | test.cpp:444:14:444:27 | new[] | provenance |  |
-| test.cpp:444:14:444:27 | new[] | test.cpp:445:15:445:23 | & ... | provenance | Config |
-| test.cpp:444:14:444:27 | new[] | test.cpp:450:7:450:15 | ... = ... | provenance | Config |
+| test.cpp:444:14:444:27 | new[] | test.cpp:445:15:445:23 | & ... | provenance |  |
+| test.cpp:444:14:444:27 | new[] | test.cpp:450:7:450:15 | ... = ... | provenance |  |
 | test.cpp:445:15:445:23 | & ... | test.cpp:445:15:445:23 | & ... | provenance |  |
-| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... | provenance | Config |
-| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... | provenance | Config |
+| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... | provenance |  |
+| test.cpp:445:15:445:23 | & ... | test.cpp:450:7:450:15 | ... = ... | provenance |  |
 | test.cpp:480:14:480:27 | new[] | test.cpp:480:14:480:27 | new[] | provenance |  |
-| test.cpp:480:14:480:27 | new[] | test.cpp:481:15:481:23 | & ... | provenance | Config |
-| test.cpp:480:14:480:27 | new[] | test.cpp:486:7:486:15 | ... = ... | provenance | Config |
+| test.cpp:480:14:480:27 | new[] | test.cpp:481:15:481:23 | & ... | provenance |  |
+| test.cpp:480:14:480:27 | new[] | test.cpp:486:7:486:15 | ... = ... | provenance |  |
 | test.cpp:481:15:481:23 | & ... | test.cpp:481:15:481:23 | & ... | provenance |  |
-| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... | provenance | Config |
-| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... | provenance | Config |
+| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... | provenance |  |
+| test.cpp:481:15:481:23 | & ... | test.cpp:486:7:486:15 | ... = ... | provenance |  |
 | test.cpp:543:14:543:27 | new[] | test.cpp:543:14:543:27 | new[] | provenance |  |
-| test.cpp:543:14:543:27 | new[] | test.cpp:548:5:548:19 | ... = ... | provenance | Config |
+| test.cpp:543:14:543:27 | new[] | test.cpp:548:5:548:19 | ... = ... | provenance |  |
 | test.cpp:554:14:554:27 | new[] | test.cpp:554:14:554:27 | new[] | provenance |  |
-| test.cpp:554:14:554:27 | new[] | test.cpp:559:5:559:19 | ... = ... | provenance | Config |
+| test.cpp:554:14:554:27 | new[] | test.cpp:559:5:559:19 | ... = ... | provenance |  |
 | test.cpp:642:14:642:31 | new[] | test.cpp:642:14:642:31 | new[] | provenance |  |
-| test.cpp:642:14:642:31 | new[] | test.cpp:647:5:647:19 | ... = ... | provenance | Config |
+| test.cpp:642:14:642:31 | new[] | test.cpp:647:5:647:19 | ... = ... | provenance |  |
 | test.cpp:730:12:730:28 | new[] | test.cpp:730:12:730:28 | new[] | provenance |  |
-| test.cpp:730:12:730:28 | new[] | test.cpp:732:16:732:26 | ... + ... | provenance | Config |
+| test.cpp:730:12:730:28 | new[] | test.cpp:732:16:732:26 | ... + ... | provenance |  |
 | test.cpp:732:16:732:26 | ... + ... | test.cpp:732:16:732:26 | ... + ... | provenance |  |
-| test.cpp:732:16:732:26 | ... + ... | test.cpp:733:5:733:12 | ... = ... | provenance | Config |
-| test.cpp:732:16:732:26 | ... + ... | test.cpp:733:5:733:12 | ... = ... | provenance | Config |
+| test.cpp:732:16:732:26 | ... + ... | test.cpp:733:5:733:12 | ... = ... | provenance |  |
+| test.cpp:732:16:732:26 | ... + ... | test.cpp:733:5:733:12 | ... = ... | provenance |  |
 | test.cpp:754:18:754:31 | new[] | test.cpp:754:18:754:31 | new[] | provenance |  |
-| test.cpp:754:18:754:31 | new[] | test.cpp:767:16:767:29 | access to array | provenance | Config |
-| test.cpp:754:18:754:31 | new[] | test.cpp:767:16:767:29 | access to array | provenance | Config |
-| test.cpp:754:18:754:31 | new[] | test.cpp:772:16:772:29 | access to array | provenance | Config |
-| test.cpp:754:18:754:31 | new[] | test.cpp:772:16:772:29 | access to array | provenance | Config |
+| test.cpp:754:18:754:31 | new[] | test.cpp:767:16:767:29 | access to array | provenance |  |
+| test.cpp:754:18:754:31 | new[] | test.cpp:767:16:767:29 | access to array | provenance |  |
+| test.cpp:754:18:754:31 | new[] | test.cpp:772:16:772:29 | access to array | provenance |  |
+| test.cpp:754:18:754:31 | new[] | test.cpp:772:16:772:29 | access to array | provenance |  |
 | test.cpp:781:14:781:27 | new[] | test.cpp:781:14:781:27 | new[] | provenance |  |
-| test.cpp:781:14:781:27 | new[] | test.cpp:786:18:786:27 | access to array | provenance | Config |
+| test.cpp:781:14:781:27 | new[] | test.cpp:786:18:786:27 | access to array | provenance |  |
 | test.cpp:792:60:792:62 | *end | test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | provenance |  |
 | test.cpp:792:60:792:62 | *end | test.cpp:832:40:832:43 | mk_array_no_field_flow output argument | provenance |  |
-| test.cpp:793:5:793:32 | ... = ... | test.cpp:794:12:794:24 | ... + ... | provenance | Config |
+| test.cpp:793:5:793:32 | ... = ... | test.cpp:794:12:794:24 | ... + ... | provenance |  |
 | test.cpp:793:14:793:32 | call to malloc | test.cpp:793:5:793:32 | ... = ... | provenance |  |
 | test.cpp:794:5:794:24 | ... = ... | test.cpp:792:60:792:62 | *end | provenance |  |
 | test.cpp:794:12:794:24 | ... + ... | test.cpp:794:5:794:24 | ... = ... | provenance |  |
-| test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | test.cpp:807:7:807:12 | ... = ... | provenance | Config |
+| test.cpp:800:40:800:43 | mk_array_no_field_flow output argument | test.cpp:807:7:807:12 | ... = ... | provenance |  |
 | test.cpp:815:52:815:54 | end | test.cpp:815:52:815:54 | end | provenance |  |
-| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance | Config |
-| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance | Config |
+| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance |  |
+| test.cpp:815:52:815:54 | end | test.cpp:821:7:821:12 | ... = ... | provenance |  |
 | test.cpp:832:40:832:43 | mk_array_no_field_flow output argument | test.cpp:833:37:833:39 | end | provenance |  |
 | test.cpp:833:37:833:39 | end | test.cpp:815:52:815:54 | end | provenance |  |
 | test.cpp:841:18:841:35 | call to malloc | test.cpp:841:18:841:35 | call to malloc | provenance |  |
-| test.cpp:841:18:841:35 | call to malloc | test.cpp:842:3:842:20 | ... = ... | provenance | Config |
+| test.cpp:841:18:841:35 | call to malloc | test.cpp:842:3:842:20 | ... = ... | provenance |  |
 | test.cpp:848:20:848:37 | call to malloc | test.cpp:848:20:848:37 | call to malloc | provenance |  |
-| test.cpp:848:20:848:37 | call to malloc | test.cpp:849:5:849:22 | ... = ... | provenance | Config |
+| test.cpp:848:20:848:37 | call to malloc | test.cpp:849:5:849:22 | ... = ... | provenance |  |
 | test.cpp:856:12:856:35 | call to malloc | test.cpp:856:12:856:35 | call to malloc | provenance |  |
-| test.cpp:856:12:856:35 | call to malloc | test.cpp:857:16:857:29 | ... + ... | provenance | Config |
+| test.cpp:856:12:856:35 | call to malloc | test.cpp:857:16:857:29 | ... + ... | provenance |  |
 | test.cpp:857:16:857:29 | ... + ... | test.cpp:857:16:857:29 | ... + ... | provenance |  |
-| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | provenance | Config |
-| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | provenance | Config |
+| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | provenance |  |
+| test.cpp:857:16:857:29 | ... + ... | test.cpp:860:5:860:11 | ... = ... | provenance |  |
 | test.cpp:868:15:868:35 | call to g_malloc | test.cpp:868:15:868:35 | call to g_malloc | provenance |  |
-| test.cpp:868:15:868:35 | call to g_malloc | test.cpp:869:15:869:22 | ... + ... | provenance | Config |
+| test.cpp:868:15:868:35 | call to g_malloc | test.cpp:869:15:869:22 | ... + ... | provenance |  |
 | test.cpp:869:15:869:22 | ... + ... | test.cpp:869:15:869:22 | ... + ... | provenance |  |
-| test.cpp:869:15:869:22 | ... + ... | test.cpp:870:14:870:15 | * ... | provenance | Config |
-| test.cpp:869:15:869:22 | ... + ... | test.cpp:870:14:870:15 | * ... | provenance | Config |
+| test.cpp:869:15:869:22 | ... + ... | test.cpp:870:14:870:15 | * ... | provenance |  |
+| test.cpp:869:15:869:22 | ... + ... | test.cpp:870:14:870:15 | * ... | provenance |  |
 nodes
 | test.cpp:4:15:4:33 | call to malloc | semmle.label | call to malloc |
 | test.cpp:4:15:4:33 | call to malloc | semmle.label | call to malloc |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/UseOfUniquePtrAfterLifetimeEnds/test.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/UseOfUniquePtrAfterLifetimeEnds/test.cpp
@@ -203,12 +203,4 @@ void test2(bool b1, bool b2) {
  auto s11 = b2 ? nullptr : sRefRef.get(); // GOOD
  const S* s12;
  s12 = sRefRef.get(); // GOOD
-}
-
-void test_convert_to_bool() {
-  bool b = get_unique_ptr().get(); // GOOD
-
-  if(get_unique_ptr().get()) { // GOOD
-
-  }
 }
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected
@@ -2,7 +2,6 @@ edges
 | tests2.cpp:20:17:20:31 | *new | tests2.cpp:22:2:22:2 | *p | provenance |  |
 | tests2.cpp:20:17:20:31 | call to SAXParser | tests2.cpp:20:17:20:31 | *new | provenance |  |
 | tests2.cpp:33:17:33:31 | *new | tests2.cpp:37:2:37:2 | *p | provenance |  |
-| tests2.cpp:33:17:33:31 | *new | tests2.cpp:37:2:37:2 | *p | provenance | Config |
 | tests2.cpp:33:17:33:31 | call to SAXParser | tests2.cpp:33:17:33:31 | *new | provenance |  |
 | tests2.cpp:49:12:49:12 | call to SAXParser | tests2.cpp:51:2:51:2 | *p | provenance |  |
 | tests3.cpp:23:21:23:53 | *call to createXMLReader | tests3.cpp:23:21:23:53 | *call to createXMLReader | provenance |  |
@@ -15,51 +14,46 @@ edges
 | tests3.cpp:48:24:48:56 | *call to createXMLReader | tests3.cpp:48:24:48:56 | *call to createXMLReader | provenance |  |
 | tests3.cpp:60:21:60:53 | *call to createXMLReader | tests3.cpp:60:21:60:53 | *call to createXMLReader | provenance |  |
 | tests3.cpp:60:21:60:53 | *call to createXMLReader | tests3.cpp:63:2:63:2 | *p | provenance |  |
-| tests3.cpp:60:21:60:53 | *call to createXMLReader | tests3.cpp:63:2:63:2 | *p | provenance | Config |
 | tests3.cpp:67:21:67:53 | *call to createXMLReader | tests3.cpp:67:21:67:53 | *call to createXMLReader | provenance |  |
 | tests3.cpp:67:21:67:53 | *call to createXMLReader | tests3.cpp:70:2:70:2 | *p | provenance |  |
 | tests5.cpp:27:25:27:38 | *call to createLSParser | tests5.cpp:27:25:27:38 | *call to createLSParser | provenance |  |
 | tests5.cpp:27:25:27:38 | *call to createLSParser | tests5.cpp:29:2:29:2 | *p | provenance |  |
 | tests5.cpp:40:25:40:38 | *call to createLSParser | tests5.cpp:40:25:40:38 | *call to createLSParser | provenance |  |
 | tests5.cpp:40:25:40:38 | *call to createLSParser | tests5.cpp:43:2:43:2 | *p | provenance |  |
-| tests5.cpp:40:25:40:38 | *call to createLSParser | tests5.cpp:43:2:43:2 | *p | provenance | Config |
 | tests5.cpp:55:25:55:38 | *call to createLSParser | tests5.cpp:55:25:55:38 | *call to createLSParser | provenance |  |
 | tests5.cpp:55:25:55:38 | *call to createLSParser | tests5.cpp:59:2:59:2 | *p | provenance |  |
-| tests5.cpp:55:25:55:38 | *call to createLSParser | tests5.cpp:59:2:59:2 | *p | provenance | Config |
 | tests5.cpp:63:21:63:24 | **g_p2 | tests5.cpp:77:2:77:5 | *g_p2 | provenance |  |
 | tests5.cpp:70:2:70:32 | *... = ... | tests5.cpp:63:21:63:24 | **g_p2 | provenance |  |
 | tests5.cpp:70:17:70:30 | *call to createLSParser | tests5.cpp:70:2:70:32 | *... = ... | provenance |  |
 | tests5.cpp:81:25:81:38 | *call to createLSParser | tests5.cpp:81:25:81:38 | *call to createLSParser | provenance |  |
 | tests5.cpp:81:25:81:38 | *call to createLSParser | tests5.cpp:83:2:83:2 | *p | provenance |  |
 | tests5.cpp:81:25:81:38 | *call to createLSParser | tests5.cpp:83:2:83:2 | *p | provenance |  |
-| tests5.cpp:83:2:83:2 | *p | tests5.cpp:85:2:85:2 | *p | provenance | Config |
+| tests5.cpp:83:2:83:2 | *p | tests5.cpp:85:2:85:2 | *p | provenance |  |
 | tests5.cpp:85:2:85:2 | *p | tests5.cpp:86:2:86:2 | *p | provenance |  |
-| tests5.cpp:86:2:86:2 | *p | tests5.cpp:88:2:88:2 | *p | provenance | Config |
+| tests5.cpp:86:2:86:2 | *p | tests5.cpp:88:2:88:2 | *p | provenance |  |
 | tests5.cpp:88:2:88:2 | *p | tests5.cpp:89:2:89:2 | *p | provenance |  |
 | tests.cpp:15:23:15:43 | *new | tests.cpp:17:2:17:2 | *p | provenance |  |
 | tests.cpp:15:23:15:43 | call to XercesDOMParser | tests.cpp:15:23:15:43 | *new | provenance |  |
 | tests.cpp:28:23:28:43 | *new | tests.cpp:31:2:31:2 | *p | provenance |  |
-| tests.cpp:28:23:28:43 | *new | tests.cpp:31:2:31:2 | *p | provenance | Config |
 | tests.cpp:28:23:28:43 | call to XercesDOMParser | tests.cpp:28:23:28:43 | *new | provenance |  |
 | tests.cpp:35:23:35:43 | *new | tests.cpp:37:2:37:2 | *p | provenance |  |
 | tests.cpp:35:23:35:43 | call to XercesDOMParser | tests.cpp:35:23:35:43 | *new | provenance |  |
-| tests.cpp:37:2:37:2 | *p | tests.cpp:37:2:37:2 | *p | provenance | Config |
+| tests.cpp:37:2:37:2 | *p | tests.cpp:37:2:37:2 | *p | provenance |  |
 | tests.cpp:37:2:37:2 | *p | tests.cpp:38:2:38:2 | *p | provenance |  |
-| tests.cpp:38:2:38:2 | *p | tests.cpp:38:2:38:2 | *p | provenance | Config |
+| tests.cpp:38:2:38:2 | *p | tests.cpp:38:2:38:2 | *p | provenance |  |
 | tests.cpp:38:2:38:2 | *p | tests.cpp:39:2:39:2 | *p | provenance |  |
 | tests.cpp:51:23:51:43 | *new | tests.cpp:53:2:53:2 | *p | provenance |  |
 | tests.cpp:51:23:51:43 | call to XercesDOMParser | tests.cpp:51:23:51:43 | *new | provenance |  |
-| tests.cpp:53:2:53:2 | *p | tests.cpp:53:2:53:2 | *p | provenance | Config |
+| tests.cpp:53:2:53:2 | *p | tests.cpp:53:2:53:2 | *p | provenance |  |
 | tests.cpp:53:2:53:2 | *p | tests.cpp:55:2:55:2 | *p | provenance |  |
-| tests.cpp:55:2:55:2 | *p | tests.cpp:55:2:55:2 | *p | provenance | Config |
+| tests.cpp:55:2:55:2 | *p | tests.cpp:55:2:55:2 | *p | provenance |  |
 | tests.cpp:55:2:55:2 | *p | tests.cpp:56:2:56:2 | *p | provenance |  |
 | tests.cpp:55:2:55:2 | *p | tests.cpp:57:2:57:2 | *p | provenance |  |
-| tests.cpp:57:2:57:2 | *p | tests.cpp:57:2:57:2 | *p | provenance | Config |
+| tests.cpp:57:2:57:2 | *p | tests.cpp:57:2:57:2 | *p | provenance |  |
 | tests.cpp:57:2:57:2 | *p | tests.cpp:59:2:59:2 | *p | provenance |  |
-| tests.cpp:59:2:59:2 | *p | tests.cpp:59:2:59:2 | *p | provenance | Config |
+| tests.cpp:59:2:59:2 | *p | tests.cpp:59:2:59:2 | *p | provenance |  |
 | tests.cpp:59:2:59:2 | *p | tests.cpp:60:2:60:2 | *p | provenance |  |
 | tests.cpp:66:23:66:43 | *new | tests.cpp:69:2:69:2 | *p | provenance |  |
-| tests.cpp:66:23:66:43 | *new | tests.cpp:69:2:69:2 | *p | provenance | Config |
 | tests.cpp:66:23:66:43 | call to XercesDOMParser | tests.cpp:66:23:66:43 | *new | provenance |  |
 | tests.cpp:73:23:73:43 | *new | tests.cpp:80:2:80:2 | *p | provenance |  |
 | tests.cpp:73:23:73:43 | call to XercesDOMParser | tests.cpp:73:23:73:43 | *new | provenance |  |
--- a/csharp/Directory.Build.props
+++ b/csharp/Directory.Build.props
@@ -1,16 +0,0 @@
-<Project>
-
-  <PropertyGroup>
-    <TargetFramework>net8.0</TargetFramework>
-    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
-    <Nullable>enable</Nullable>
-    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
-
-    <Company>GitHub</Company>
-    <Copyright>Copyright © $([System.DateTime]::Now.Year) $(Company)</Copyright>
-    <Version>1.0.0.0</Version>
-    <AssemblyVersion>1.0.0.0</AssemblyVersion>
-    <FileVersion>1.0.0.0</FileVersion>
-  </PropertyGroup>
-
-</Project>
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BuildScripts.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BuildScripts.cs
@@ -544,6 +544,51 @@ namespace Semmle.Autobuild.CSharp.Tests
            Assert.Equal(2, vcvarsfiles.Length);
        }

+        [Fact]
+        public void TestLinuxBuildlessExtractionSuccess()
+        {
+            actions.RunProcess[@"C:\codeql\csharp/tools/linux64/Semmle.Extraction.CSharp.Standalone"] = 0;
+            actions.FileExists["csharp.log"] = true;
+            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_TRAP_DIR"] = "";
+            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SOURCE_ARCHIVE_DIR"] = "";
+            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SCRATCH_DIR"] = "scratch";
+            actions.EnumerateFiles[@"C:\Project"] = "foo.cs\ntest.sln";
+            actions.EnumerateDirectories[@"C:\Project"] = "";
+
+            var autobuilder = CreateAutoBuilder(false, buildless: "true");
+            TestAutobuilderScript(autobuilder, 0, 1);
+        }
+
+        [Fact]
+        public void TestLinuxBuildlessExtractionFailed()
+        {
+            actions.RunProcess[@"C:\codeql\csharp/tools/linux64/Semmle.Extraction.CSharp.Standalone"] = 10;
+            actions.FileExists["csharp.log"] = true;
+            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_TRAP_DIR"] = "";
+            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SOURCE_ARCHIVE_DIR"] = "";
+            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SCRATCH_DIR"] = "scratch";
+            actions.EnumerateFiles[@"C:\Project"] = "foo.cs\ntest.sln";
+            actions.EnumerateDirectories[@"C:\Project"] = "";
+
+            var autobuilder = CreateAutoBuilder(false, buildless: "true");
+            TestAutobuilderScript(autobuilder, 10, 1);
+        }
+
+        [Fact]
+        public void TestLinuxBuildlessExtractionSolution()
+        {
+            actions.RunProcess[@"C:\codeql\csharp/tools/linux64/Semmle.Extraction.CSharp.Standalone"] = 0;
+            actions.FileExists["csharp.log"] = true;
+            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_TRAP_DIR"] = "";
+            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SOURCE_ARCHIVE_DIR"] = "";
+            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SCRATCH_DIR"] = "scratch";
+            actions.EnumerateFiles[@"C:\Project"] = "foo.cs\ntest.sln";
+            actions.EnumerateDirectories[@"C:\Project"] = "";
+
+            var autobuilder = CreateAutoBuilder(false, buildless: "true");
+            TestAutobuilderScript(autobuilder, 0, 1);
+        }
+
        private void TestAutobuilderScript(CSharpAutobuilder autobuilder, int expectedOutput, int commandsRun)
        {
            Assert.Equal(expectedOutput, autobuilder.GetBuildScript().Run(actions, StartCallback, EndCallback));
@@ -632,6 +677,21 @@ namespace Semmle.Autobuild.CSharp.Tests
            TestAutobuilderScript(autobuilder, 0, 1);
        }

+        [Fact]
+        public void TestSkipNugetBuildless()
+        {
+            actions.RunProcess[@"C:\codeql\csharp/tools/linux64/Semmle.Extraction.CSharp.Standalone"] = 0;
+            actions.FileExists["csharp.log"] = true;
+            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_TRAP_DIR"] = "";
+            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SOURCE_ARCHIVE_DIR"] = "";
+            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SCRATCH_DIR"] = "scratch";
+            actions.EnumerateFiles[@"C:\Project"] = "foo.cs\ntest.sln";
+            actions.EnumerateDirectories[@"C:\Project"] = "";
+
+            var autobuilder = CreateAutoBuilder(false, buildless: "true");
+            TestAutobuilderScript(autobuilder, 0, 1);
+        }
+
        [Fact]
        public void TestDotnetVersionNotInstalled()
        {
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/Semmle.Autobuild.CSharp.Tests.csproj
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/Semmle.Autobuild.CSharp.Tests.csproj
@@ -1,8 +1,14 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
-	<ItemGroup>
-		<ProjectReference Include="..\Semmle.Autobuild.CSharp\Semmle.Autobuild.CSharp.csproj" />
-		<ProjectReference Include="..\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj" />
-	</ItemGroup>
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\Semmle.Autobuild.CSharp\Semmle.Autobuild.CSharp.csproj" />
+    <ProjectReference Include="..\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj" />
+  </ItemGroup>
  <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp/Properties/AssemblyInfo.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp/Properties/AssemblyInfo.cs
@@ -0,0 +1,32 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Semmle.Autobuild.CSharp")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("GitHub")]
+[assembly: AssemblyProduct("CodeQL autobuilder for C#")]
+[assembly: AssemblyCopyright("Copyright © GitHub 2020")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp/Semmle.Autobuild.CSharp.csproj
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp/Semmle.Autobuild.CSharp.csproj
@@ -1,11 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AssemblyName>Semmle.Autobuild.CSharp</AssemblyName>
+    <RootNamespace>Semmle.Autobuild.CSharp</RootNamespace>
+    <ApplicationIcon />
    <OutputType>Exe</OutputType>
+    <StartupObject />
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
  </PropertyGroup>
+  <ItemGroup>
+    <Folder Include="Properties\" />
+  </ItemGroup>
  <ItemGroup>
    <ProjectReference Include="..\..\extractor\Semmle.Util\Semmle.Util.csproj" />
    <ProjectReference Include="..\..\extractor\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj" />
-    <ProjectReference Include="..\..\extractor\Semmle.Extraction.CSharp.Standalone\Semmle.Extraction.CSharp.Standalone.csproj" />
    <ProjectReference Include="..\..\extractor\Semmle.Extraction.CSharp.DependencyFetching\Semmle.Extraction.CSharp.DependencyFetching.csproj" />
    <ProjectReference Include="..\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj" />
  </ItemGroup>
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp/StandaloneBuildRule.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp/StandaloneBuildRule.cs
@@ -10,7 +10,17 @@ namespace Semmle.Autobuild.CSharp
    {
        public BuildScript Analyse(IAutobuilder<CSharpAutobuildOptions> builder, bool auto)
        {
-            return BuildScript.Create(_ => Semmle.Extraction.CSharp.Standalone.Program.Main([]));
+            if (builder.CodeQLExtractorLangRoot is null
+                || builder.CodeQlPlatform is null)
+            {
+                return BuildScript.Failure;
+            }
+
+            var standalone = builder.Actions.PathCombine(builder.CodeQLExtractorLangRoot, "tools", builder.CodeQlPlatform, "Semmle.Extraction.CSharp.Standalone");
+            var cmd = new CommandBuilder(builder.Actions);
+            cmd.RunCommand(standalone);
+
+            return cmd.Script;
        }
    }
 }
--- a/csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj
+++ b/csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj
@@ -2,6 +2,10 @@
 <Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <OutputType>Exe</OutputType>
+    <TargetFramework>net8.0</TargetFramework>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
  </PropertyGroup>
  <ItemGroup>
    <ProjectReference Include="..\Semmle.Autobuild.Cpp\Semmle.Autobuild.Cpp.csproj" />
--- a/csharp/autobuilder/Semmle.Autobuild.Cpp/Properties/AssemblyInfo.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Cpp/Properties/AssemblyInfo.cs
@@ -0,0 +1,32 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Semmle.Autobuild.Cpp")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("GitHub")]
+[assembly: AssemblyProduct("CodeQL autobuilder for C++")]
+[assembly: AssemblyCopyright("Copyright © GitHub 2020")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
--- a/csharp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj
+++ b/csharp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj
@@ -1,8 +1,19 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AssemblyName>Semmle.Autobuild.Cpp</AssemblyName>
+    <RootNamespace>Semmle.Autobuild.Cpp</RootNamespace>
+    <ApplicationIcon />
    <OutputType>Exe</OutputType>
+    <StartupObject />
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
  </PropertyGroup>
+  <ItemGroup>
+    <Folder Include="Properties\" />
+  </ItemGroup>
  <ItemGroup>
    <ProjectReference Include="..\..\extractor\Semmle.Util\Semmle.Util.csproj" />
    <ProjectReference Include="..\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj" />
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/Autobuilder.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/Autobuilder.cs
@@ -73,6 +73,16 @@ namespace Semmle.Autobuild.Shared
        /// A logger.
        /// </summary>
        ILogger Logger { get; }
+
+        /// <summary>
+        /// Value of CODEQL_EXTRACTOR_<LANG>_ROOT environment variable.
+        /// </summary>
+        string? CodeQLExtractorLangRoot { get; }
+
+        /// <summary>
+        /// Value of CODEQL_PLATFORM environment variable.
+        /// </summary>
+        string? CodeQlPlatform { get; }
    }

    /// <summary>
@@ -187,6 +197,9 @@ namespace Semmle.Autobuild.Shared
                return ret ?? new List<IProjectOrSolution>();
            });

+            CodeQLExtractorLangRoot = Actions.GetEnvironmentVariable(EnvVars.Root(this.Options.Language));
+            CodeQlPlatform = Actions.GetEnvironmentVariable(EnvVars.Platform);
+
            TrapDir = RequireEnvironmentVariable(EnvVars.TrapDir(this.Options.Language));
            SourceArchiveDir = RequireEnvironmentVariable(EnvVars.SourceArchiveDir(this.Options.Language));
            DiagnosticsDir = RequireEnvironmentVariable(EnvVars.DiagnosticDir(this.Options.Language));
@@ -351,5 +364,15 @@ namespace Semmle.Autobuild.Shared
                diagnostics.Dispose();
            }
        }
+
+        /// <summary>
+        /// Value of CODEQL_EXTRACTOR_<LANG>_ROOT environment variable.
+        /// </summary>
+        public string? CodeQLExtractorLangRoot { get; }
+
+        /// <summary>
+        /// Value of CODEQL_PLATFORM environment variable.
+        /// </summary>
+        public string? CodeQlPlatform { get; }
    }
 }
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/Properties/AssemblyInfo.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/Properties/AssemblyInfo.cs
@@ -0,0 +1,35 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Semmle.Autobuild.Shared")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("GitHub")]
+[assembly: AssemblyProduct("CodeQL autobuilder")]
+[assembly: AssemblyCopyright("Copyright © GitHub 2020")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("1d9920ad-7b00-4df1-8b01-9ff5b687828e")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/Semmle.Autobuild.Shared.csproj
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/Semmle.Autobuild.Shared.csproj
@@ -1,7 +1,18 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
-	<ItemGroup>
-		<ProjectReference Include="..\..\extractor\Semmle.Util\Semmle.Util.csproj" />
-	</ItemGroup>
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AssemblyName>Semmle.Autobuild.Shared</AssemblyName>
+    <RootNamespace>Semmle.Autobuild.Shared</RootNamespace>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+  <ItemGroup>
+    <Folder Include="Properties\" />
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\extractor\Semmle.Util\Semmle.Util.csproj" />
+  </ItemGroup>
  <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/EnvironmentVariableNames.cs
@@ -60,11 +60,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
        /// </summary>
        public const string FallbackNugetFeeds = "CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_FALLBACK";

-        /// <summary>
-        /// Controls whether to include NuGet feeds from nuget.config files in the fallback restore logic.
-        /// </summary>
-        public const string AddNugetConfigFeedsToFallback = "CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_FALLBACK_INCLUDE_NUGET_CONFIG_FEEDS";
-
        /// <summary>
        /// Specifies the path to the nuget executable to be used for package restoration.
        /// </summary>
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
@@ -98,14 +98,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
            logger.LogInfo($"Checking NuGet feed responsiveness: {checkNugetFeedResponsiveness}");
            compilationInfoContainer.CompilationInfos.Add(("NuGet feed responsiveness checked", checkNugetFeedResponsiveness ? "1" : "0"));

-            HashSet<string>? explicitFeeds = null;
-
            try
            {
-                if (checkNugetFeedResponsiveness && !CheckFeeds(out explicitFeeds))
+                if (checkNugetFeedResponsiveness && !CheckFeeds())
                {
                    // todo: we could also check the reachability of the inherited nuget feeds, but to use those in the fallback we would need to handle authentication too.
-                    var unresponsiveMissingPackageLocation = DownloadMissingPackagesFromSpecificFeeds(explicitFeeds);
+                    var unresponsiveMissingPackageLocation = DownloadMissingPackagesFromSpecificFeeds();
                    return unresponsiveMissingPackageLocation is null
                        ? []
                        : [unresponsiveMissingPackageLocation];
@@ -165,7 +163,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
            LogAllUnusedPackages(dependencies);

            var missingPackageLocation = checkNugetFeedResponsiveness
-                ? DownloadMissingPackagesFromSpecificFeeds(explicitFeeds)
+                ? DownloadMissingPackagesFromSpecificFeeds()
                : DownloadMissingPackages();

            if (missingPackageLocation is not null)
@@ -175,24 +173,13 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
            return assemblyLookupLocations;
        }

-        private List<string> GetReachableFallbackNugetFeeds(HashSet<string>? feedsFromNugetConfigs)
+        private List<string> GetReachableFallbackNugetFeeds()
        {
            var fallbackFeeds = EnvironmentVariables.GetURLs(EnvironmentVariableNames.FallbackNugetFeeds).ToHashSet();
            if (fallbackFeeds.Count == 0)
            {
                fallbackFeeds.Add(PublicNugetOrgFeed);
-                logger.LogInfo($"No fallback Nuget feeds specified. Adding default feed: {PublicNugetOrgFeed}");
-
-                var shouldAddNugetConfigFeeds = EnvironmentVariables.GetBooleanOptOut(EnvironmentVariableNames.AddNugetConfigFeedsToFallback);
-                logger.LogInfo($"Adding feeds from nuget.config to fallback restore: {shouldAddNugetConfigFeeds}");
-
-                if (shouldAddNugetConfigFeeds && feedsFromNugetConfigs?.Count > 0)
-                {
-                    // There are some feeds in `feedsFromNugetConfigs` that have already been checked for reachability, we could skip those.
-                    // But we might use different responsiveness testing settings when we try them in the fallback logic, so checking them again is safer.
-                    fallbackFeeds.UnionWith(feedsFromNugetConfigs);
-                    logger.LogInfo($"Using Nuget feeds from nuget.config files as fallback feeds: {string.Join(", ", feedsFromNugetConfigs.OrderBy(f => f))}");
-                }
+                logger.LogInfo($"No fallback Nuget feeds specified. Using default feed: {PublicNugetOrgFeed}");
            }

            logger.LogInfo($"Checking fallback Nuget feed reachability on feeds: {string.Join(", ", fallbackFeeds.OrderBy(f => f))}");
@@ -207,8 +194,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
                logger.LogInfo($"Reachable fallback Nuget feeds: {string.Join(", ", reachableFallbackFeeds.OrderBy(f => f))}");
            }

-            compilationInfoContainer.CompilationInfos.Add(("Reachable fallback Nuget feed count", reachableFallbackFeeds.Count.ToString()));
-
            return reachableFallbackFeeds;
        }

@@ -287,9 +272,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
            compilationInfoContainer.CompilationInfos.Add(("Failed project restore with package source error", nugetSourceFailures.ToString()));
        }

-        private AssemblyLookupLocation? DownloadMissingPackagesFromSpecificFeeds(HashSet<string>? feedsFromNugetConfigs)
+        private AssemblyLookupLocation? DownloadMissingPackagesFromSpecificFeeds()
        {
-            var reachableFallbackFeeds = GetReachableFallbackNugetFeeds(feedsFromNugetConfigs);
+            var reachableFallbackFeeds = GetReachableFallbackNugetFeeds();
            if (reachableFallbackFeeds.Count > 0)
            {
                return DownloadMissingPackages(fallbackNugetFeeds: reachableFallbackFeeds);
@@ -638,10 +623,10 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
            return (timeoutMilliSeconds, tryCount);
        }

-        private bool CheckFeeds(out HashSet<string> explicitFeeds)
+        private bool CheckFeeds()
        {
            logger.LogInfo("Checking Nuget feeds...");
-            (explicitFeeds, var allFeeds) = GetAllFeeds();
+            var (explicitFeeds, allFeeds) = GetAllFeeds();

            var excludedFeeds = EnvironmentVariables.GetURLs(EnvironmentVariableNames.ExcludedNugetFeedsFromResponsivenessCheck)
                .ToHashSet() ?? [];
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Properties/AssemblyInfo.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Properties/AssemblyInfo.cs
@@ -1,4 +1,39 @@
-using System.Runtime.CompilerServices;
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Semmle.Extraction.CSharp.DependencyFetching")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("Semmle.Extraction.CSharp.DependencyFetching")]
+[assembly: AssemblyCopyright("Copyright ©  2023")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("8e902d1e-f639-4f9f-a6d2-71e8ade7c5a3")]

 // Expose internals for testing purposes.
 [assembly: InternalsVisibleTo("Semmle.Extraction.Tests")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
--- a/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Semmle.Extraction.CSharp.DependencyFetching.csproj
+++ b/csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Semmle.Extraction.CSharp.DependencyFetching.csproj
@@ -1,11 +1,21 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AssemblyName>Semmle.Extraction.CSharp.DependencyFetching</AssemblyName>
+    <RootNamespace>Semmle.Extraction.CSharp.DependencyFetching</RootNamespace>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
    <NoWarn>$(NoWarn);CA1822</NoWarn>
  </PropertyGroup>
  <ItemGroup>
    <ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
    <ProjectReference Include="..\Semmle.Extraction\Semmle.Extraction.csproj" />
  </ItemGroup>
+  <ItemGroup>
+    <Folder Include="Properties\" />
+  </ItemGroup>
  <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>
--- a/csharp/extractor/Semmle.Extraction.CSharp.Driver/Properties/AssemblyInfo.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.Driver/Properties/AssemblyInfo.cs
@@ -0,0 +1,35 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Semmle.Extraction.CSharp.Driver")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("Semmle.Extraction.CSharp.Driver")]
+[assembly: AssemblyCopyright("Copyright ©  2015")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("c02a2b0e-8884-4b82-8275-ea282403a775")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
--- a/csharp/extractor/Semmle.Extraction.CSharp.Driver/Semmle.Extraction.CSharp.Driver.csproj
+++ b/csharp/extractor/Semmle.Extraction.CSharp.Driver/Semmle.Extraction.CSharp.Driver.csproj
@@ -2,6 +2,11 @@
 <Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <OutputType>Exe</OutputType>
+    <TargetFramework>net8.0</TargetFramework>
+    <AssemblyName>Semmle.Extraction.CSharp.Driver</AssemblyName>
+    <RootNamespace>Semmle.Extraction.CSharp.Driver</RootNamespace>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
  </PropertyGroup>
  <ItemGroup>
    <ProjectReference Include="..\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj" />
--- a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Properties/AssemblyInfo.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Properties/AssemblyInfo.cs
@@ -0,0 +1,35 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Semmle.Extraction.CSharp.Standalone")]
+[assembly: AssemblyDescription("Standalone extractor for C#")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("Semmle Ltd.")]
+[assembly: AssemblyProduct("Semmle.Extraction.CSharp.Standalone")]
+[assembly: AssemblyCopyright("Copyright © Semmle 2016")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("bb71e9da-7e0a-43e8-989c-c8e87c828e7c")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
--- a/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Semmle.Extraction.CSharp.Standalone.csproj
+++ b/csharp/extractor/Semmle.Extraction.CSharp.Standalone/Semmle.Extraction.CSharp.Standalone.csproj
@@ -1,14 +1,23 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
-	<PropertyGroup>
-		<OutputType>Exe</OutputType>
-		<TreatWarningsAsErrors>false</TreatWarningsAsErrors>
-		<WarningsAsErrors />
-	</PropertyGroup>
-	<ItemGroup>
-		<ProjectReference Include="..\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj" />
-		<ProjectReference Include="..\Semmle.Extraction.CSharp.DependencyFetching\Semmle.Extraction.CSharp.DependencyFetching.csproj" />
-		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
-	</ItemGroup>
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net8.0</TargetFramework>
+    <AssemblyName>Semmle.Extraction.CSharp.Standalone</AssemblyName>
+    <RootNamespace>Semmle.Extraction.CSharp.Standalone</RootNamespace>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <TreatWarningsAsErrors>false</TreatWarningsAsErrors>
+    <WarningsAsErrors />
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj" />
+    <ProjectReference Include="..\Semmle.Extraction.CSharp.DependencyFetching\Semmle.Extraction.CSharp.DependencyFetching.csproj" />
+    <ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
+  </ItemGroup>
+  <ItemGroup>
+    <Folder Include="Properties\" />
+  </ItemGroup>
  <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>
--- a/csharp/extractor/Semmle.Extraction.CSharp.StubGenerator/Properties/AssemblyInfo.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp.StubGenerator/Properties/AssemblyInfo.cs
@@ -1,4 +1,39 @@
-using System.Runtime.CompilerServices;
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Semmle.Extraction.CSharp.StubGenerator")]
+[assembly: AssemblyDescription("Stub generator for C#")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("Semmle.Extraction.CSharp.StubGenerator")]
+[assembly: AssemblyCopyright("Copyright ©  2023")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("6d55ca39-615a-4c1b-a648-a4010995e1ea")]

 // Expose internals for testing purposes.
 [assembly: InternalsVisibleTo("Semmle.Extraction.Tests")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
--- a/csharp/extractor/Semmle.Extraction.CSharp.StubGenerator/Semmle.Extraction.CSharp.StubGenerator.csproj
+++ b/csharp/extractor/Semmle.Extraction.CSharp.StubGenerator/Semmle.Extraction.CSharp.StubGenerator.csproj
@@ -1,9 +1,17 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
-	<ItemGroup>
-		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
-		<ProjectReference Include="..\Semmle.Extraction.CSharp.DependencyFetching\Semmle.Extraction.CSharp.DependencyFetching.csproj" />
-		<ProjectReference Include="..\Semmle.Extraction.CSharp.Util\Semmle.Extraction.CSharp.Util.csproj" />
-	</ItemGroup>
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AssemblyName>Semmle.Extraction.CSharp.StubGenerator</AssemblyName>
+    <RootNamespace>Semmle.Extraction.CSharp.StubGenerator</RootNamespace>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
+    <ProjectReference Include="..\Semmle.Extraction.CSharp.DependencyFetching\Semmle.Extraction.CSharp.DependencyFetching.csproj" />
+    <ProjectReference Include="..\Semmle.Extraction.CSharp.Util\Semmle.Extraction.CSharp.Util.csproj" />
+  </ItemGroup>
  <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>
--- a/csharp/extractor/Semmle.Extraction.CSharp.Util/Semmle.Extraction.CSharp.Util.csproj
+++ b/csharp/extractor/Semmle.Extraction.CSharp.Util/Semmle.Extraction.CSharp.Util.csproj
@@ -1,7 +1,16 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AssemblyName>Semmle.Extraction.CSharp.Util</AssemblyName>
+    <RootNamespace>Semmle.Extraction.CSharp.Util</RootNamespace>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
  <ItemGroup>
    <ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
  </ItemGroup>
  <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>
--- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs
@@ -11,20 +11,26 @@ namespace Semmle.Extraction.CSharp.Entities
    {
        internal readonly ConcurrentDictionary<string, int> messageCounts = new();

-        private readonly string cwd;
-        private readonly string[] args;
-        private readonly int hashCode;
+        private static (string Cwd, string[] Args) settings;
+        private static int hashCode;
+
+        public static (string Cwd, string[] Args) Settings
+        {
+            get { return settings; }
+            set
+            {
+                settings = value;
+                hashCode = settings.Cwd.GetHashCode();
+                for (var i = 0; i < settings.Args.Length; i++)
+                {
+                    hashCode = HashCode.Combine(hashCode, settings.Args[i].GetHashCode());
+                }
+            }
+        }

 #nullable disable warnings
        private Compilation(Context cx) : base(cx, null)
        {
-            cwd = cx.Extractor.Cwd;
-            args = cx.Extractor.Args;
-            hashCode = cwd.GetHashCode();
-            for (var i = 0; i < args.Length; i++)
-            {
-                hashCode = HashCode.Combine(hashCode, args[i].GetHashCode());
-            }
        }
 #nullable restore warnings

@@ -32,14 +38,14 @@ namespace Semmle.Extraction.CSharp.Entities
        {
            var assembly = Assembly.CreateOutputAssembly(Context);

-            trapFile.compilations(this, FileUtils.ConvertToUnix(cwd));
+            trapFile.compilations(this, FileUtils.ConvertToUnix(Compilation.Settings.Cwd));
            trapFile.compilation_assembly(this, assembly);

            // Arguments
            var expandedIndex = 0;
-            for (var i = 0; i < args.Length; i++)
+            for (var i = 0; i < Compilation.Settings.Args.Length; i++)
            {
-                var arg = args[i];
+                var arg = Compilation.Settings.Args[i];
                trapFile.compilation_args(this, i, arg);

                if (CommandLineExtensions.IsFileArgument(arg))
--- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs
@@ -97,8 +97,7 @@ namespace Semmle.Extraction.CSharp
            stopwatch.Start();

            var options = Options.CreateWithEnvironment(args);
-            var workingDirectory = Directory.GetCurrentDirectory();
-            var compilerArgs = options.CompilerArguments.ToArray();
+            Entities.Compilation.Settings = (Directory.GetCurrentDirectory(), options.CompilerArguments.ToArray());

            using var logger = MakeLogger(options.Verbosity, options.Console);

@@ -124,7 +123,7 @@ namespace Semmle.Extraction.CSharp

                var compilerArguments = CSharpCommandLineParser.Default.Parse(
                    compilerVersion.ArgsWithResponse,
-                    workingDirectory,
+                    Entities.Compilation.Settings.Cwd,
                    compilerVersion.FrameworkPath,
                    compilerVersion.AdditionalReferenceDirectories
                    );
@@ -132,7 +131,7 @@ namespace Semmle.Extraction.CSharp
                if (compilerArguments is null)
                {
                    var sb = new StringBuilder();
-                    sb.Append("  Failed to parse command line: ").AppendList(" ", compilerArgs);
+                    sb.Append("  Failed to parse command line: ").AppendList(" ", Entities.Compilation.Settings.Args);
                    logger.Log(Severity.Error, sb.ToString());
                    ++analyser.CompilationErrors;
                    return ExitCode.Failed;
@@ -144,7 +143,7 @@ namespace Semmle.Extraction.CSharp
                    return ExitCode.Ok;
                }

-                return AnalyseTracing(workingDirectory, compilerArgs, analyser, compilerArguments, options, canonicalPathCache, stopwatch);
+                return AnalyseTracing(analyser, compilerArguments, options, canonicalPathCache, stopwatch);
            }
            catch (Exception ex)  // lgtm[cs/catch-of-all-exceptions]
            {
@@ -377,8 +376,6 @@ namespace Semmle.Extraction.CSharp
        }

        private static ExitCode AnalyseTracing(
-            string cwd,
-            string[] args,
            TracingAnalyser analyser,
            CSharpCommandLineArguments compilerArguments,
            Options options,
@@ -423,7 +420,7 @@ namespace Semmle.Extraction.CSharp
                            .WithMetadataImportOptions(MetadataImportOptions.All)
                        );
                },
-                (compilation, options) => analyser.EndInitialize(compilerArguments, options, compilation, cwd, args),
+                (compilation, options) => analyser.EndInitialize(compilerArguments, options, compilation),
                () => { });
        }

--- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/StandaloneAnalyser.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/StandaloneAnalyser.cs
@@ -16,10 +16,12 @@ namespace Semmle.Extraction.CSharp
        public void Initialize(string outputPath, IEnumerable<(string, string)> compilationInfos, CSharpCompilation compilationIn, CommonOptions options)
        {
            compilation = compilationIn;
-            extractor = new StandaloneExtractor(Directory.GetCurrentDirectory(), outputPath, compilationInfos, Logger, PathTransformer, options);
+            extractor = new StandaloneExtractor(outputPath, compilationInfos, Logger, PathTransformer, options);
            this.options = options;
            LogExtractorInfo(Extraction.Extractor.Version);
            SetReferencePaths();
+
+            Entities.Compilation.Settings = (Directory.GetCurrentDirectory(), Array.Empty<string>());
        }

 #nullable disable warnings
--- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs
@@ -38,15 +38,13 @@ namespace Semmle.Extraction.CSharp
        public void EndInitialize(
           CSharpCommandLineArguments commandLineArguments,
           CommonOptions options,
-           CSharpCompilation compilation,
-           string cwd,
-           string[] args)
+           CSharpCompilation compilation)
        {
            if (!init)
                throw new InternalError("EndInitialize called without BeginInitialize returning true");
            this.options = options;
            this.compilation = compilation;
-            this.extractor = new TracingExtractor(cwd, args, GetOutputName(compilation, commandLineArguments), Logger, PathTransformer, options);
+            this.extractor = new TracingExtractor(GetOutputName(compilation, commandLineArguments), Logger, PathTransformer, options);
            LogDiagnostics();

            SetReferencePaths();
--- a/csharp/extractor/Semmle.Extraction.CSharp/Properties/AssemblyInfo.cs
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Properties/AssemblyInfo.cs
@@ -0,0 +1,35 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Semmle.Extraction.CSharp")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("Semmle.Extraction.CSharp")]
+[assembly: AssemblyCopyright("Copyright ©  2015")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("09d7c55d-5ed3-4af8-9b9f-8f9342533ee9")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
--- a/csharp/extractor/Semmle.Extraction.CSharp/Semmle.Extraction.CSharp.csproj
+++ b/csharp/extractor/Semmle.Extraction.CSharp/Semmle.Extraction.CSharp.csproj
@@ -1,9 +1,21 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
-	<ItemGroup>
-		<ProjectReference Include="..\Semmle.Extraction\Semmle.Extraction.csproj" />
-		<ProjectReference Include="..\Semmle.Extraction.CSharp.Util\Semmle.Extraction.CSharp.Util.csproj" />
-		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
-	</ItemGroup>
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AssemblyName>Semmle.Extraction.CSharp</AssemblyName>
+    <RootNamespace>Semmle.Extraction.CSharp</RootNamespace>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\Semmle.Extraction\Semmle.Extraction.csproj" />
+    <ProjectReference Include="..\Semmle.Extraction.CSharp.Util\Semmle.Extraction.CSharp.Util.csproj" />
+    <ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
+  </ItemGroup>
+  <ItemGroup>
+    <Folder Include="Properties\" />
+  </ItemGroup>
  <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>
--- a/csharp/extractor/Semmle.Extraction.Tests/Properties/AssemblyInfo.cs
+++ b/csharp/extractor/Semmle.Extraction.Tests/Properties/AssemblyInfo.cs
@@ -0,0 +1,35 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Semmle.Extraction.Tests")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("Semmle.Extraction.Tests")]
+[assembly: AssemblyCopyright("Copyright ©  2016")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("23237396-31ef-41f8-b466-ee96ddd7b7bc")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
--- a/csharp/extractor/Semmle.Extraction.Tests/Semmle.Extraction.Tests.csproj
+++ b/csharp/extractor/Semmle.Extraction.Tests/Semmle.Extraction.Tests.csproj
@@ -1,5 +1,11 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
  <ItemGroup>
    <ProjectReference Include="..\Semmle.Extraction.CSharp.StubGenerator\Semmle.Extraction.CSharp.StubGenerator.csproj" />
    <ProjectReference Include="..\Semmle.Extraction.CSharp.Standalone\Semmle.Extraction.CSharp.Standalone.csproj" />
@@ -8,4 +14,4 @@
    <ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
  </ItemGroup>
  <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>
--- a/csharp/extractor/Semmle.Extraction/Extractor/Extractor.cs
+++ b/csharp/extractor/Semmle.Extraction/Extractor/Extractor.cs
@@ -10,8 +10,6 @@ namespace Semmle.Extraction
    /// </summary>
    public abstract class Extractor
    {
-        public string Cwd { get; init; }
-        public string[] Args { get; init; }
        public abstract ExtractorMode Mode { get; }
        public string OutputPath { get; }
        public IEnumerable<CompilationInfo> CompilationInfos { get; }
@@ -21,14 +19,12 @@ namespace Semmle.Extraction
        /// </summary>
        /// <param name="logger">The object used for logging.</param>
        /// <param name="pathTransformer">The object used for path transformations.</param>
-        protected Extractor(string cwd, string[] args, string outputPath, IEnumerable<CompilationInfo> compilationInfos, ILogger logger, PathTransformer pathTransformer)
+        protected Extractor(string outputPath, IEnumerable<CompilationInfo> compilationInfos, ILogger logger, PathTransformer pathTransformer)
        {
            OutputPath = outputPath;
            Logger = logger;
            PathTransformer = pathTransformer;
            CompilationInfos = compilationInfos;
-            Cwd = cwd;
-            Args = args;
        }

        // Limit the number of error messages in the log file
--- a/csharp/extractor/Semmle.Extraction/Extractor/StandaloneExtractor.cs
+++ b/csharp/extractor/Semmle.Extraction/Extractor/StandaloneExtractor.cs
@@ -12,8 +12,7 @@ namespace Semmle.Extraction
        /// </summary>
        /// <param name="logger">The object used for logging.</param>
        /// <param name="pathTransformer">The object used for path transformations.</param>
-        public StandaloneExtractor(string cwd, string outputPath, IEnumerable<(string, string)> compilationInfos, ILogger logger, PathTransformer pathTransformer, CommonOptions options)
-            : base(cwd, [], outputPath, compilationInfos, logger, pathTransformer)
+        public StandaloneExtractor(string outputPath, IEnumerable<(string, string)> compilationInfos, ILogger logger, PathTransformer pathTransformer, CommonOptions options) : base(outputPath, compilationInfos, logger, pathTransformer)
        {
            Mode = ExtractorMode.Standalone;
            if (options.QlTest)
--- a/csharp/extractor/Semmle.Extraction/Extractor/TracingExtractor.cs
+++ b/csharp/extractor/Semmle.Extraction/Extractor/TracingExtractor.cs
@@ -1,3 +1,4 @@
+using System.Linq;
 using Semmle.Util.Logging;

 namespace Semmle.Extraction
@@ -12,8 +13,7 @@ namespace Semmle.Extraction
        /// <param name="outputPath">The name of the output DLL/EXE, or null if not specified (standalone extraction).</param>
        /// <param name="logger">The object used for logging.</param>
        /// <param name="pathTransformer">The object used for path transformations.</param>
-        public TracingExtractor(string cwd, string[] args, string outputPath, ILogger logger, PathTransformer pathTransformer, CommonOptions options)
-            : base(cwd, args, outputPath, [], logger, pathTransformer)
+        public TracingExtractor(string outputPath, ILogger logger, PathTransformer pathTransformer, CommonOptions options) : base(outputPath, Enumerable.Empty<(string, string)>(), logger, pathTransformer)
        {
            Mode = ExtractorMode.None;
            if (options.QlTest)
--- a/csharp/extractor/Semmle.Extraction/Properties/AssemblyInfo.cs
+++ b/csharp/extractor/Semmle.Extraction/Properties/AssemblyInfo.cs
@@ -0,0 +1,35 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Semmle.Extraction")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("Semmle.Extraction")]
+[assembly: AssemblyCopyright("Copyright ©  2015")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("3ccd1a26-1621-4f4d-afc3-21ef67eee1da")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
--- a/csharp/extractor/Semmle.Extraction/Semmle.Extraction.csproj
+++ b/csharp/extractor/Semmle.Extraction/Semmle.Extraction.csproj
@@ -1,10 +1,19 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
-	<PropertyGroup>
-    	<CodeAnalysisRuleSet>Semmle.Extraction.ruleset</CodeAnalysisRuleSet>
-	</PropertyGroup>
-	<ItemGroup>
-		<ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
-	</ItemGroup>
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AssemblyName>Semmle.Extraction</AssemblyName>
+    <RootNamespace>Semmle.Extraction</RootNamespace>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <CodeAnalysisRuleSet>Semmle.Extraction.ruleset</CodeAnalysisRuleSet>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
+    <DefineConstants>TRACE;DEBUG;DEBUG_LABELS</DefineConstants>
+  </PropertyGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
+  </ItemGroup>
  <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>
--- a/csharp/extractor/Semmle.Util.Tests/Properties/AssemblyInfo.cs
+++ b/csharp/extractor/Semmle.Util.Tests/Properties/AssemblyInfo.cs
@@ -0,0 +1,35 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Semmle.Util.Tests")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("Semmle.Util.Tests")]
+[assembly: AssemblyCopyright("Copyright ©  2015")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("0d16a323-fde2-4231-9c60-4c593e151736")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
--- a/csharp/extractor/Semmle.Util.Tests/Semmle.Util.Tests.csproj
+++ b/csharp/extractor/Semmle.Util.Tests/Semmle.Util.Tests.csproj
@@ -1,7 +1,13 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
  <ItemGroup>
    <ProjectReference Include="..\Semmle.Util\Semmle.Util.csproj" />
  </ItemGroup>
  <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>
--- a/csharp/extractor/Semmle.Util/Properties/AssemblyInfo.cs
+++ b/csharp/extractor/Semmle.Util/Properties/AssemblyInfo.cs
@@ -0,0 +1,35 @@
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("Semmle.Util")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("Semmle.Util")]
+[assembly: AssemblyCopyright("Copyright ©  2015")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("bafbef7d-b40e-4b6c-a7fc-c8add8413c56")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
--- a/csharp/extractor/Semmle.Util/Semmle.Util.csproj
+++ b/csharp/extractor/Semmle.Util/Semmle.Util.csproj
@@ -1,5 +1,15 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AssemblyName>Semmle.Util</AssemblyName>
+    <RootNamespace>Semmle.Util</RootNamespace>
+    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
+    <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+  <ItemGroup>
+    <Folder Include="Properties\" />
+  </ItemGroup>
  <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
-
+</Project>
--- a/csharp/ql/Directory.Build.props
+++ b/csharp/ql/Directory.Build.props
@@ -1,6 +0,0 @@
-<Project>
-  <!--
-    This .props file contains an intentionally empty <Project> node. It's resetting the top level Directory.Build.props
-    so that the settings are ignored in QL (integration) tests.
-  -->
-</Project>
--- a/csharp/ql/integration-tests/all-platforms/standalone_resx/CompilationInfo.expected
+++ b/csharp/ql/integration-tests/all-platforms/standalone_resx/CompilationInfo.expected
@@ -3,7 +3,6 @@
 | Failed solution restore with package source error | 0.0 |
 | NuGet feed responsiveness checked | 1.0 |
 | Project files on filesystem | 1.0 |
-| Reachable fallback Nuget feed count | 1.0 |
 | Resource extraction enabled | 1.0 |
 | Restored .NET framework variants | 1.0 |
 | Restored projects through solution files | 0.0 |
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_error/CompilationInfo.expected
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_error/CompilationInfo.expected
@@ -4,7 +4,6 @@
 | Fallback nuget restore | 1.0 |
 | NuGet feed responsiveness checked | 1.0 |
 | Project files on filesystem | 1.0 |
-| Reachable fallback Nuget feed count | 1.0 |
 | Resolved assembly conflicts | 7.0 |
 | Resource extraction enabled | 0.0 |
 | Restored .NET framework variants | 0.0 |
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_error_timeout/CompilationInfo.expected
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_error_timeout/CompilationInfo.expected
@@ -3,7 +3,6 @@
 | Inherited Nuget feed count | 1.0 |
 | NuGet feed responsiveness checked | 1.0 |
 | Project files on filesystem | 1.0 |
-| Reachable fallback Nuget feed count | 1.0 |
 | Resolved assembly conflicts | 7.0 |
 | Resource extraction enabled | 0.0 |
 | Restored .NET framework variants | 0.0 |
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/Assemblies.expected
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/Assemblies.expected
@@ -1 +0,0 @@
-| [...]/newtonsoft.json/13.0.3/lib/net6.0/Newtonsoft.Json.dll |
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/Assemblies.ql
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/Assemblies.ql
@@ -1,11 +0,0 @@
-import csharp
-
-private string getPath(Assembly a) {
-  not a.getCompilation().getOutputAssembly() = a and
-  exists(string s | s = a.getFile().getAbsolutePath() |
-    result = "[...]/" + s.substring(s.indexOf("newtonsoft.json"), s.length())
-  )
-}
-
-from Assembly a
-select getPath(a)
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/CompilationInfo.expected
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/CompilationInfo.expected
@@ -1,16 +0,0 @@
-| All Nuget feeds reachable | 0.0 |
-| Fallback nuget restore | 1.0 |
-| NuGet feed responsiveness checked | 1.0 |
-| Project files on filesystem | 1.0 |
-| Reachable fallback Nuget feed count | 2.0 |
-| Resolved assembly conflicts | 7.0 |
-| Resource extraction enabled | 0.0 |
-| Restored .NET framework variants | 0.0 |
-| Solution files on filesystem | 1.0 |
-| Source files generated | 0.0 |
-| Source files on filesystem | 1.0 |
-| Successfully ran fallback nuget restore | 1.0 |
-| Unresolved references | 0.0 |
-| UseWPF set | 0.0 |
-| UseWindowsForms set | 0.0 |
-| WebView extraction enabled | 1.0 |
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/CompilationInfo.ql
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/CompilationInfo.ql
@@ -1,15 +0,0 @@
-import csharp
-import semmle.code.csharp.commons.Diagnostics
-
-query predicate compilationInfo(string key, float value) {
-  key != "Resolved references" and
-  not key.matches("Compiler diagnostic count for%") and
-  exists(Compilation c, string infoKey, string infoValue | infoValue = c.getInfo(infoKey) |
-    key = infoKey and
-    value = infoValue.toFloat()
-    or
-    not exists(infoValue.toFloat()) and
-    key = infoKey + ": " + infoValue and
-    value = 1
-  )
-}
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/diagnostics.expected
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/diagnostics.expected
@@ -1,42 +0,0 @@
-{
-  "markdownMessage": "C# analysis with build-mode 'none' completed.",
-  "severity": "unknown",
-  "source": {
-    "extractorName": "csharp",
-    "id": "csharp/autobuilder/buildless/complete",
-    "name": "C# analysis with build-mode 'none' completed"
-  },
-  "visibility": {
-    "cliSummaryTable": true,
-    "statusPage": false,
-    "telemetry": true
-  }
-}
-{
-  "markdownMessage": "C# with build-mode set to 'none'. This means that all C# source in the working directory will be scanned, with build tools, such as Nuget and Dotnet CLIs, only contributing information about external dependencies.",
-  "severity": "note",
-  "source": {
-    "extractorName": "csharp",
-    "id": "csharp/autobuilder/buildless/mode-active",
-    "name": "C# with build-mode set to 'none'"
-  },
-  "visibility": {
-    "cliSummaryTable": true,
-    "statusPage": true,
-    "telemetry": true
-  }
-}
-{
-  "markdownMessage": "Found unreachable Nuget feed in C# analysis with build-mode 'none'. This may cause missing dependencies in the analysis.",
-  "severity": "warning",
-  "source": {
-    "extractorName": "csharp",
-    "id": "csharp/autobuilder/buildless/unreachable-feed",
-    "name": "Found unreachable Nuget feed in C# analysis with build-mode 'none'"
-  },
-  "visibility": {
-    "cliSummaryTable": true,
-    "statusPage": true,
-    "telemetry": true
-  }
-}
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/Program.cs
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/Program.cs
@@ -1,6 +0,0 @@
-class Program
-{
-    static void Main(string[] args)
-    {
-    }
-}
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/nuget.config
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/nuget.config
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<configuration>
-  <packageSources>
-    <clear />
-    <add key="x" value="https://www.nuget.org/api/v2/" />
-  </packageSources>
-</configuration>
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/proj.csproj
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/proj/proj.csproj
@@ -1,16 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <PropertyGroup>
-    <OutputType>Exe</OutputType>
-    <TargetFrameworks>net8.0</TargetFrameworks>
-  </PropertyGroup>
-
-  <Target Name="DeleteBinObjFolders" BeforeTargets="Clean">
-    <RemoveDir Directories=".\bin" />
-    <RemoveDir Directories=".\obj" />
-  </Target>
-
-  <ItemGroup>
-    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-  </ItemGroup>
-</Project>
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/standalone.sln
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/standalone.sln
@@ -1,19 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 17
-VisualStudioVersion = 17.5.002.0
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "proj", "proj\proj.csproj", "{6ED00460-7666-4AE9-A405-4B6C8B02279A}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Any CPU = Debug|Any CPU
-		Release|Any CPU = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-	GlobalSection(ExtensibilityGlobals) = postSolution
-		SolutionGuid = {4ED55A1C-066C-43DF-B32E-7EAA035985EE}
-	EndGlobalSection
-EndGlobal
--- a/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/test.py
+++ b/csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget_config_fallback/test.py
@@ -1,14 +0,0 @@
-from create_database_utils import *
-from diagnostics_test_utils import *
-import os
-
-# os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK"] = "true"        # Nuget feed check is enabled by default
-os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_TIMEOUT"] = "1"     # 1ms, the GET request should fail with such short timeout
-os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_LIMIT"] = "1"       # Limit the count of checks to 1
-
-# Making sure the reachability test succeeds when doing a fallback restore:
-os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_TIMEOUT"] = "1000"
-os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_LIMIT"] = "5"
-
-run_codeql_database_create([], lang="csharp", extra_args=["--build-mode=none"])
-check_diagnostics()
--- a/Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll
+++ b/Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll
@@ -125,17 +125,26 @@ class TokenValidationParametersProperty extends Property {
 predicate callableHasAReturnStmtAndAlwaysReturnsTrue(Callable c) {
  c.getReturnType() instanceof BoolType and
  not callableMayThrowException(c) and
-  forex(ReturnStmt rs | rs.getEnclosingCallable() = c |
+  forall(ReturnStmt rs | rs.getEnclosingCallable() = c |
    rs.getNumberOfChildren() = 1 and
    isExpressionAlwaysTrue(rs.getChildExpr(0))
-  )
+  ) and
+  exists(ReturnStmt rs | rs.getEnclosingCallable() = c)
 }

 /**
 * Holds if the lambda expression `le` always returns true
 */
 predicate lambdaExprReturnsOnlyLiteralTrue(AnonymousFunctionExpr le) {
-  isExpressionAlwaysTrue(le.getExpressionBody())
+  le.getExpressionBody().(BoolLiteral).getBoolValue() = true
+  or
+  // special scenarios where the expression is not a `BoolLiteral`, but it will evaluatue to `true`
+  exists(Expr e | le.getExpressionBody() = e |
+    not e instanceof Call and
+    not e instanceof Literal and
+    e.getType() instanceof BoolType and
+    e.getValue() = "true"
+  )
 }

 class CallableAlwaysReturnsTrue extends Callable {
@@ -143,6 +152,12 @@ class CallableAlwaysReturnsTrue extends Callable {
    callableHasAReturnStmtAndAlwaysReturnsTrue(this)
    or
    lambdaExprReturnsOnlyLiteralTrue(this)
+    or
+    exists(AnonymousFunctionExpr le, Call call, Callable callable | this = le |
+      callable.getACall() = call and
+      call = le.getExpressionBody() and
+      callableHasAReturnStmtAndAlwaysReturnsTrue(callable)
+    )
  }
 }

@@ -156,6 +171,32 @@ predicate callableOnlyThrowsArgumentNullException(Callable c) {
  )
 }

+/**
+ * A specialization of `CallableAlwaysReturnsTrue` that takes into consideration exceptions being thrown for higher precision.
+ */
+class CallableAlwaysReturnsTrueHigherPrecision extends CallableAlwaysReturnsTrue {
+  CallableAlwaysReturnsTrueHigherPrecision() {
+    callableOnlyThrowsArgumentNullException(this) and
+    (
+      forall(Call call, Callable callable | call.getEnclosingCallable() = this |
+        callable.getACall() = call and
+        callable instanceof CallableAlwaysReturnsTrueHigherPrecision
+      )
+      or
+      exists(AnonymousFunctionExpr le, Call call, CallableAlwaysReturnsTrueHigherPrecision cat |
+        this = le
+      |
+        le.canReturn(call) and
+        cat.getACall() = call
+      )
+      or
+      exists(LambdaExpr le | le = this |
+        le.getBody() instanceof CallableAlwaysReturnsTrueHigherPrecision
+      )
+    )
+  }
+}
+
 /**
 * A callable that returns a `string` and has a `string` as 1st argument
 */
--- a/Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql
+++ b/Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql
@@ -17,7 +17,9 @@ import DataFlow
 import JsonWebTokenHandlerLib
 import semmle.code.csharp.commons.QualifiedName

-from TokenValidationParametersProperty p, CallableAlwaysReturnsTrue e, string qualifier, string name
+from
+  TokenValidationParametersProperty p, CallableAlwaysReturnsTrueHigherPrecision e, string qualifier,
+  string name
 where e = p.getAnAssignedValue() and p.hasFullyQualifiedName(qualifier, name)
 select e,
  "JsonWebTokenHandler security-sensitive property $@ is being delegated to this callable that always returns \"true\".",
--- a/Features/CWE-759/HashWithoutSalt.expected
+++ b/Features/CWE-759/HashWithoutSalt.expected
@@ -1,7 +1,7 @@
 edges
 | HashWithoutSalt.cs:18:17:18:24 | access to local variable passBuff : IBuffer | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | provenance |  |
 | HashWithoutSalt.cs:18:28:18:105 | call to method ConvertStringToBinary : IBuffer | HashWithoutSalt.cs:18:17:18:24 | access to local variable passBuff : IBuffer | provenance |  |
-| HashWithoutSalt.cs:18:70:18:77 | access to parameter password : String | HashWithoutSalt.cs:18:28:18:105 | call to method ConvertStringToBinary : IBuffer | provenance | Config |
+| HashWithoutSalt.cs:18:70:18:77 | access to parameter password : String | HashWithoutSalt.cs:18:28:18:105 | call to method ConvertStringToBinary : IBuffer | provenance |  |
 | HashWithoutSalt.cs:38:16:38:24 | access to local variable passBytes : Byte[] | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | provenance |  |
 | HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | HashWithoutSalt.cs:38:16:38:24 | access to local variable passBytes : Byte[] | provenance |  |
 | HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | provenance | MaD:1869 |
--- a/Features/CWE-209/ExceptionInformationExposure.expected
+++ b/Features/CWE-209/ExceptionInformationExposure.expected
@@ -1,5 +1,5 @@
 edges
-| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | Config Sink:MaD:2150 |
+| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance |  Sink:MaD:2150 |
 | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | MaD:13296 Sink:MaD:2150 |
 | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | MaD:22263 Sink:MaD:2150 |
 | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | MaD:22265 Sink:MaD:2150 |
@@ -10,7 +10,7 @@ edges
 | ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | provenance | MaD:49829 Sink:MaD:2150 |
 | ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException : Exception | ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | provenance | MaD:49829 |
 | ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | provenance | MaD:49829 |
-| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | Config |
+| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance |  |
 | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:13296 |
 | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:22263 |
 | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:22265 |
@@ -18,7 +18,7 @@ edges
 | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:31763 |
 | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:49748 |
 | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:49780 |
-| ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | Config Sink:MaD:2150 |
+| ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance |  Sink:MaD:2150 |
 nodes
 | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | semmle.label | access to local variable ex : Exception |
 | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | semmle.label | call to method ToString |
--- a/Features/CWE-338/InsecureRandomness.expected
+++ b/Features/CWE-338/InsecureRandomness.expected
@@ -10,13 +10,13 @@ edges
 | InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | provenance |  |
 | InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | InsecureRandomness.cs:62:16:62:21 | access to local variable result : String | provenance |  |
 | InsecureRandomness.cs:60:23:60:40 | access to array element : String | InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | provenance |  |
-| InsecureRandomness.cs:60:31:60:39 | call to method Next : Int32 | InsecureRandomness.cs:60:23:60:40 | access to array element : String | provenance | Config |
+| InsecureRandomness.cs:60:31:60:39 | call to method Next : Int32 | InsecureRandomness.cs:60:23:60:40 | access to array element : String | provenance |  |
 | InsecureRandomness.cs:62:16:62:21 | access to local variable result : String | InsecureRandomness.cs:62:16:62:32 | call to method ToString : String | provenance | MaD:2752 |
 | InsecureRandomness.cs:62:16:62:32 | call to method ToString : String | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | provenance |  |
 | InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | provenance |  |
 | InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | InsecureRandomness.cs:74:16:74:21 | access to local variable result : String | provenance |  |
 | InsecureRandomness.cs:72:23:72:40 | access to indexer : String | InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | provenance |  |
-| InsecureRandomness.cs:72:31:72:39 | call to method Next : Int32 | InsecureRandomness.cs:72:23:72:40 | access to indexer : String | provenance | Config |
+| InsecureRandomness.cs:72:31:72:39 | call to method Next : Int32 | InsecureRandomness.cs:72:23:72:40 | access to indexer : String | provenance |  |
 | InsecureRandomness.cs:74:16:74:21 | access to local variable result : String | InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | provenance |  |
 nodes
 | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | semmle.label | call to method InsecureRandomString |
--- a/csharp/scripts/stubs/helpers.py
+++ b/csharp/scripts/stubs/helpers.py
@@ -77,14 +77,6 @@ class Generator:
                         self.projectNameIn, '--output', self.projectDirIn])
        remove_files(self.projectDirIn, '.cs')

-        # Clear possibly inherited Directory.Build.props and Directory.Build.targets:
-        with open(os.path.join(self.workDir, 'Directory.Build.props'), 'w') as f:
-            f.write('<Project>\n')
-            f.write('</Project>\n')
-        with open(os.path.join(self.workDir, 'Directory.Build.targets'), 'w') as f:
-            f.write('<Project>\n')
-            f.write('</Project>\n')
-
    def run_cmd(self, cmd, msg="Failed to run command"):
        run_cmd_cwd(cmd, self.workDir, msg)

--- a/csharp/tools/tracing-config.lua
+++ b/csharp/tools/tracing-config.lua
@@ -179,6 +179,8 @@ function RegisterExtractorPack(id)
    end

    local windowsMatchers = {
+        CreatePatternMatcher({ '^semmle%.extraction%.csharp%.standalone%.exe$' },
+            MatchCompilerName, nil, { trace = false }),
        DotnetMatcherBuild,
        MsBuildMatcher,
        CreatePatternMatcher({ '^csc.*%.exe$' }, MatchCompilerName, extractor, {
@@ -220,6 +222,9 @@ function RegisterExtractorPack(id)
        end
    }
    local posixMatchers = {
+        -- The compiler name is case sensitive on Linux and lower cased on MacOS
+        CreatePatternMatcher({ '^semmle%.extraction%.csharp%.standalone$', '^Semmle%.Extraction%.CSharp%.Standalone$' },
+            MatchCompilerName, nil, { trace = false }),
        DotnetMatcherBuild,
        CreatePatternMatcher({ '^mcs%.exe$', '^csc%.exe$' }, MatchCompilerName,
            extractor, {
--- a/docs/codeql/ql-language-reference/annotations.rst
+++ b/docs/codeql/ql-language-reference/annotations.rst
@@ -446,7 +446,7 @@ The ``pragma[assume_small_delta]`` annotation has no effect and can be safely re
 Language pragmas
 ================

-**Available for**: |modules|, |classes|, |characteristic predicates|, |member predicates|, |non-member predicates|
+**Available for**: |classes|, |characteristic predicates|, |member predicates|, |non-member predicates|

 ``language[monotonicAggregates]``
 ---------------------------------
--- a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected
+++ b/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected
@@ -2,7 +2,7 @@ edges
 | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:12:10:12:18 | "session" | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:12:10:12:18 | "session" | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance |  |
@@ -16,8 +16,8 @@ edges
 | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:20:13:20:21 | "session" | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:22:13:22:17 | false | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:20:13:20:21 | "session" | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance |  |
+| CookieWithoutHttpOnly.go:22:13:22:17 | false | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance |  |
@@ -38,8 +38,8 @@ edges
 | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:29:13:29:21 | "session" | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:31:13:31:16 | true | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:29:13:29:21 | "session" | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance |  |
+| CookieWithoutHttpOnly.go:31:13:31:16 | true | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance |  |
@@ -60,8 +60,8 @@ edges
 | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:38:10:38:18 | "session" | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:41:15:41:18 | true | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:38:10:38:18 | "session" | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance |  |
+| CookieWithoutHttpOnly.go:41:15:41:18 | true | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance |  |
@@ -82,8 +82,8 @@ edges
 | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:47:10:47:18 | "session" | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:50:15:50:19 | false | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:47:10:47:18 | "session" | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance |  |
+| CookieWithoutHttpOnly.go:50:15:50:19 | false | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance |  |
@@ -106,8 +106,8 @@ edges
 | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:57:13:57:21 | "session" | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:59:13:59:15 | val | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:57:13:57:21 | "session" | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance |  |
+| CookieWithoutHttpOnly.go:59:13:59:15 | val | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance |  |
@@ -130,8 +130,8 @@ edges
 | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:67:13:67:21 | "session" | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:69:13:69:15 | val | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:67:13:67:21 | "session" | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance |  |
+| CookieWithoutHttpOnly.go:69:13:69:15 | val | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance |  |
@@ -154,8 +154,8 @@ edges
 | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:77:10:77:18 | "session" | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:80:15:80:17 | val | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:77:10:77:18 | "session" | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance |  |
+| CookieWithoutHttpOnly.go:80:15:80:17 | val | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance |  |
@@ -178,8 +178,8 @@ edges
 | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:87:10:87:18 | "session" | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:90:15:90:17 | val | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:87:10:87:18 | "session" | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance |  |
+| CookieWithoutHttpOnly.go:90:15:90:17 | val | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance |  |
@@ -197,7 +197,7 @@ edges
 | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:99:15:99:19 | false | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:99:15:99:19 | false | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:100:20:100:21 | &... | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:100:20:100:21 | &... | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:100:20:100:21 | &... | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance |  |
@@ -212,8 +212,8 @@ edges
 | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:106:10:106:13 | name | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:109:15:109:19 | false | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:106:10:106:13 | name | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance |  |
+| CookieWithoutHttpOnly.go:109:15:109:19 | false | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance |  |
@@ -235,8 +235,8 @@ edges
 | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance |  |
 | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance |  |
-| CookieWithoutHttpOnly.go:116:10:116:16 | session | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | Config |
-| CookieWithoutHttpOnly.go:119:15:119:19 | false | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:116:10:116:16 | session | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance |  |
+| CookieWithoutHttpOnly.go:119:15:119:19 | false | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance |  |
@@ -259,7 +259,7 @@ edges
 | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance |  |
 | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance |  |
 | CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | CookieWithoutHttpOnly.go:129:2:129:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | provenance | Config |
+| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | provenance |  |
 | CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance |  |
 | CookieWithoutHttpOnly.go:133:14:133:18 | false | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance |  |
 | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | provenance |  |
@@ -269,7 +269,7 @@ edges
 | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | provenance | Config |
+| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | provenance |  |
 | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance |  |
@@ -292,20 +292,20 @@ edges
 | CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config |
-| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config |
-| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config |
-| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config |
+| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance |  |
+| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance |  |
+| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | provenance | Config |
+| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | provenance |  |
 | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance |  |
@@ -317,8 +317,8 @@ edges
 | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:149:2:149:8 | session | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | Config |
-| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | Config |
+| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance |  |
+| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:20:151:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | CookieWithoutHttpOnly.go:149:20:151:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | provenance |  |
@@ -330,7 +330,7 @@ edges
 | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | provenance | Config |
+| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | provenance |  |
 | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance |  |
@@ -353,15 +353,15 @@ edges
 | CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config |
-| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config |
-| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config |
-| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config |
+| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance |  |
+| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance |  |
+| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance |  |
 | CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance |  |
 | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | provenance |  |
@@ -371,7 +371,7 @@ edges
 | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance |  |
-| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | provenance | Config |
+| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | provenance |  |
 | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance |  |
 | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance |  |
@@ -394,19 +394,19 @@ edges
 | CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance |  |
 | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance |  |
-| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config |
-| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config |
-| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config |
-| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config |
+| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance |  |
+| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance |  |
+| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance |  |
+| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance |  |
 | CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance |  |
 | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance |  |
-| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance | Config |
+| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance |  |
 | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | CookieWithoutHttpOnly.go:191:19:191:25 | session | provenance |  |
-| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | provenance | Config |
+| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | provenance |  |
 | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | CookieWithoutHttpOnly.go:202:19:202:25 | session | provenance |  |
-| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | provenance | Config |
+| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | provenance |  |
 nodes
 | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | semmle.label | struct literal |
 | CookieWithoutHttpOnly.go:12:10:12:18 | "session" | semmle.label | "session" |
--- a/go/ql/test/experimental/CWE-369/DivideByZero.expected
+++ b/go/ql/test/experimental/CWE-369/DivideByZero.expected
@@ -2,22 +2,22 @@ edges
 | DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query | provenance | MaD:735 |
 | DivideByZero.go:10:12:10:24 | call to Query | DivideByZero.go:11:27:11:32 | param1 | provenance |  |
 | DivideByZero.go:11:2:11:33 | ... := ...[0] | DivideByZero.go:12:16:12:20 | value | provenance |  |
-| DivideByZero.go:11:27:11:32 | param1 | DivideByZero.go:11:2:11:33 | ... := ...[0] | provenance | Config |
+| DivideByZero.go:11:27:11:32 | param1 | DivideByZero.go:11:2:11:33 | ... := ...[0] | provenance |  |
 | DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query | provenance | MaD:735 |
 | DivideByZero.go:17:12:17:24 | call to Query | DivideByZero.go:18:11:18:24 | type conversion | provenance |  |
 | DivideByZero.go:18:11:18:24 | type conversion | DivideByZero.go:19:16:19:20 | value | provenance |  |
 | DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query | provenance | MaD:735 |
 | DivideByZero.go:24:12:24:24 | call to Query | DivideByZero.go:25:31:25:36 | param1 | provenance |  |
 | DivideByZero.go:25:2:25:45 | ... := ...[0] | DivideByZero.go:26:16:26:20 | value | provenance |  |
-| DivideByZero.go:25:31:25:36 | param1 | DivideByZero.go:25:2:25:45 | ... := ...[0] | provenance | Config |
+| DivideByZero.go:25:31:25:36 | param1 | DivideByZero.go:25:2:25:45 | ... := ...[0] | provenance |  |
 | DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query | provenance | MaD:735 |
 | DivideByZero.go:31:12:31:24 | call to Query | DivideByZero.go:32:33:32:38 | param1 | provenance |  |
 | DivideByZero.go:32:2:32:43 | ... := ...[0] | DivideByZero.go:33:16:33:20 | value | provenance |  |
-| DivideByZero.go:32:33:32:38 | param1 | DivideByZero.go:32:2:32:43 | ... := ...[0] | provenance | Config |
+| DivideByZero.go:32:33:32:38 | param1 | DivideByZero.go:32:2:32:43 | ... := ...[0] | provenance |  |
 | DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query | provenance | MaD:735 |
 | DivideByZero.go:38:12:38:24 | call to Query | DivideByZero.go:39:32:39:37 | param1 | provenance |  |
 | DivideByZero.go:39:2:39:46 | ... := ...[0] | DivideByZero.go:40:16:40:20 | value | provenance |  |
-| DivideByZero.go:39:32:39:37 | param1 | DivideByZero.go:39:2:39:46 | ... := ...[0] | provenance | Config |
+| DivideByZero.go:39:32:39:37 | param1 | DivideByZero.go:39:2:39:46 | ... := ...[0] | provenance |  |
 | DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query | provenance | MaD:735 |
 | DivideByZero.go:54:12:54:24 | call to Query | DivideByZero.go:55:11:55:24 | type conversion | provenance |  |
 | DivideByZero.go:55:11:55:24 | type conversion | DivideByZero.go:57:17:57:21 | value | provenance |  |
--- a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected
+++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected
@@ -22,22 +22,21 @@ edges
 | test.go:128:20:128:27 | definition of filename | test.go:130:33:130:40 | filename | provenance |  |
 | test.go:128:20:128:27 | definition of filename | test.go:143:51:143:58 | filename | provenance |  |
 | test.go:130:2:130:41 | ... := ...[0] | test.go:132:12:132:12 | f | provenance |  |
-| test.go:130:33:130:40 | filename | test.go:130:2:130:41 | ... := ...[0] | provenance | Config |
+| test.go:130:33:130:40 | filename | test.go:130:2:130:41 | ... := ...[0] | provenance |  |
 | test.go:132:3:132:19 | ... := ...[0] | test.go:134:37:134:38 | rc | provenance |  |
 | test.go:132:12:132:12 | f | test.go:132:3:132:19 | ... := ...[0] | provenance | MaD:8 |
 | test.go:143:2:143:59 | ... := ...[0] | test.go:144:20:144:37 | implicit dereference | provenance |  |
-| test.go:143:51:143:58 | filename | test.go:143:2:143:59 | ... := ...[0] | provenance | Config |
+| test.go:143:51:143:58 | filename | test.go:143:2:143:59 | ... := ...[0] | provenance |  |
 | test.go:144:20:144:37 | implicit dereference | test.go:144:20:144:37 | implicit dereference | provenance |  |
 | test.go:144:20:144:37 | implicit dereference | test.go:144:20:144:37 | implicit read of field Reader | provenance |  |
-| test.go:144:20:144:37 | implicit dereference | test.go:144:20:144:37 | implicit read of field Reader | provenance | Config |
 | test.go:144:20:144:37 | implicit read of field Reader | test.go:145:12:145:12 | f | provenance |  |
-| test.go:145:12:145:12 | f | test.go:145:12:145:19 | call to Open | provenance | Config |
+| test.go:145:12:145:12 | f | test.go:145:12:145:19 | call to Open | provenance |  |
 | test.go:145:12:145:19 | call to Open | test.go:147:37:147:38 | rc | provenance |  |
 | test.go:158:19:158:22 | definition of file | test.go:159:25:159:28 | file | provenance |  |
 | test.go:159:2:159:29 | ... := ...[0] | test.go:160:48:160:52 | file1 | provenance |  |
 | test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:547 |
 | test.go:160:2:160:69 | ... := ...[0] | test.go:163:26:163:29 | file | provenance |  |
-| test.go:160:32:160:53 | call to NewReader | test.go:160:2:160:69 | ... := ...[0] | provenance | Config |
+| test.go:160:32:160:53 | call to NewReader | test.go:160:2:160:69 | ... := ...[0] | provenance |  |
 | test.go:160:48:160:52 | file1 | test.go:160:32:160:53 | call to NewReader | provenance | MaD:43 |
 | test.go:163:3:163:36 | ... := ...[0] | test.go:164:36:164:51 | fileReaderCloser | provenance |  |
 | test.go:163:26:163:29 | file | test.go:163:3:163:36 | ... := ...[0] | provenance | MaD:8 |
@@ -45,56 +44,56 @@ edges
 | test.go:170:2:170:29 | ... := ...[0] | test.go:171:57:171:61 | file2 | provenance |  |
 | test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:547 |
 | test.go:171:2:171:78 | ... := ...[0] | test.go:175:26:175:29 | file | provenance |  |
-| test.go:171:41:171:62 | call to NewReader | test.go:171:2:171:78 | ... := ...[0] | provenance | Config |
+| test.go:171:41:171:62 | call to NewReader | test.go:171:2:171:78 | ... := ...[0] | provenance |  |
 | test.go:171:57:171:61 | file2 | test.go:171:41:171:62 | call to NewReader | provenance | MaD:43 |
-| test.go:175:26:175:29 | file | test.go:175:26:175:36 | call to Open | provenance | Config |
+| test.go:175:26:175:29 | file | test.go:175:26:175:36 | call to Open | provenance |  |
 | test.go:175:26:175:36 | call to Open | test.go:176:36:176:51 | fileReaderCloser | provenance |  |
 | test.go:181:17:181:20 | definition of file | test.go:184:41:184:44 | file | provenance |  |
 | test.go:184:2:184:73 | ... := ...[0] | test.go:186:2:186:12 | bzip2Reader | provenance |  |
 | test.go:184:2:184:73 | ... := ...[0] | test.go:187:26:187:36 | bzip2Reader | provenance |  |
-| test.go:184:41:184:44 | file | test.go:184:2:184:73 | ... := ...[0] | provenance | Config |
+| test.go:184:41:184:44 | file | test.go:184:2:184:73 | ... := ...[0] | provenance |  |
 | test.go:187:12:187:37 | call to NewReader | test.go:189:18:189:24 | tarRead | provenance |  |
 | test.go:187:26:187:36 | bzip2Reader | test.go:187:12:187:37 | call to NewReader | provenance | MaD:1 |
 | test.go:189:18:189:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
 | test.go:208:12:208:15 | definition of file | test.go:211:33:211:36 | file | provenance |  |
 | test.go:211:17:211:37 | call to NewReader | test.go:213:2:213:12 | bzip2Reader | provenance |  |
 | test.go:211:17:211:37 | call to NewReader | test.go:214:26:214:36 | bzip2Reader | provenance |  |
-| test.go:211:33:211:36 | file | test.go:211:17:211:37 | call to NewReader | provenance | Config |
+| test.go:211:33:211:36 | file | test.go:211:17:211:37 | call to NewReader | provenance |  |
 | test.go:214:12:214:37 | call to NewReader | test.go:216:18:216:24 | tarRead | provenance |  |
 | test.go:214:26:214:36 | bzip2Reader | test.go:214:12:214:37 | call to NewReader | provenance | MaD:1 |
 | test.go:216:18:216:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
 | test.go:233:12:233:15 | definition of file | test.go:236:33:236:36 | file | provenance |  |
 | test.go:236:17:236:37 | call to NewReader | test.go:238:2:238:12 | flateReader | provenance |  |
 | test.go:236:17:236:37 | call to NewReader | test.go:239:26:239:36 | flateReader | provenance |  |
-| test.go:236:33:236:36 | file | test.go:236:17:236:37 | call to NewReader | provenance | Config |
+| test.go:236:33:236:36 | file | test.go:236:17:236:37 | call to NewReader | provenance |  |
 | test.go:239:12:239:37 | call to NewReader | test.go:241:18:241:24 | tarRead | provenance |  |
 | test.go:239:26:239:36 | flateReader | test.go:239:12:239:37 | call to NewReader | provenance | MaD:1 |
 | test.go:241:18:241:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
 | test.go:258:21:258:24 | definition of file | test.go:261:42:261:45 | file | provenance |  |
 | test.go:261:17:261:46 | call to NewReader | test.go:263:2:263:12 | flateReader | provenance |  |
 | test.go:261:17:261:46 | call to NewReader | test.go:264:26:264:36 | flateReader | provenance |  |
-| test.go:261:42:261:45 | file | test.go:261:17:261:46 | call to NewReader | provenance | Config |
+| test.go:261:42:261:45 | file | test.go:261:17:261:46 | call to NewReader | provenance |  |
 | test.go:264:12:264:37 | call to NewReader | test.go:266:18:266:24 | tarRead | provenance |  |
 | test.go:264:26:264:36 | flateReader | test.go:264:12:264:37 | call to NewReader | provenance | MaD:1 |
 | test.go:266:18:266:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
 | test.go:283:17:283:20 | definition of file | test.go:286:41:286:44 | file | provenance |  |
 | test.go:286:2:286:73 | ... := ...[0] | test.go:288:2:288:12 | flateReader | provenance |  |
 | test.go:286:2:286:73 | ... := ...[0] | test.go:289:26:289:36 | flateReader | provenance |  |
-| test.go:286:41:286:44 | file | test.go:286:2:286:73 | ... := ...[0] | provenance | Config |
+| test.go:286:41:286:44 | file | test.go:286:2:286:73 | ... := ...[0] | provenance |  |
 | test.go:289:12:289:37 | call to NewReader | test.go:291:18:291:24 | tarRead | provenance |  |
 | test.go:289:26:289:36 | flateReader | test.go:289:12:289:37 | call to NewReader | provenance | MaD:1 |
 | test.go:291:18:291:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
 | test.go:308:20:308:23 | definition of file | test.go:311:43:311:46 | file | provenance |  |
 | test.go:311:2:311:47 | ... := ...[0] | test.go:313:2:313:11 | zlibReader | provenance |  |
 | test.go:311:2:311:47 | ... := ...[0] | test.go:314:26:314:35 | zlibReader | provenance |  |
-| test.go:311:43:311:46 | file | test.go:311:2:311:47 | ... := ...[0] | provenance | Config |
+| test.go:311:43:311:46 | file | test.go:311:2:311:47 | ... := ...[0] | provenance |  |
 | test.go:314:12:314:36 | call to NewReader | test.go:316:18:316:24 | tarRead | provenance |  |
 | test.go:314:26:314:35 | zlibReader | test.go:314:12:314:36 | call to NewReader | provenance | MaD:1 |
 | test.go:316:18:316:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
 | test.go:333:11:333:14 | definition of file | test.go:336:34:336:37 | file | provenance |  |
 | test.go:336:2:336:38 | ... := ...[0] | test.go:338:2:338:11 | zlibReader | provenance |  |
 | test.go:336:2:336:38 | ... := ...[0] | test.go:339:26:339:35 | zlibReader | provenance |  |
-| test.go:336:34:336:37 | file | test.go:336:2:336:38 | ... := ...[0] | provenance | Config |
+| test.go:336:34:336:37 | file | test.go:336:2:336:38 | ... := ...[0] | provenance |  |
 | test.go:339:12:339:36 | call to NewReader | test.go:341:18:341:24 | tarRead | provenance |  |
 | test.go:339:26:339:35 | zlibReader | test.go:339:12:339:36 | call to NewReader | provenance | MaD:1 |
 | test.go:341:18:341:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
@@ -102,7 +101,7 @@ edges
 | test.go:361:18:361:39 | call to NewReader | test.go:363:2:363:13 | snappyReader | provenance |  |
 | test.go:361:18:361:39 | call to NewReader | test.go:364:2:364:13 | snappyReader | provenance |  |
 | test.go:361:18:361:39 | call to NewReader | test.go:365:26:365:37 | snappyReader | provenance |  |
-| test.go:361:35:361:38 | file | test.go:361:18:361:39 | call to NewReader | provenance | Config |
+| test.go:361:35:361:38 | file | test.go:361:18:361:39 | call to NewReader | provenance |  |
 | test.go:365:12:365:38 | call to NewReader | test.go:367:18:367:24 | tarRead | provenance |  |
 | test.go:365:26:365:37 | snappyReader | test.go:365:12:365:38 | call to NewReader | provenance | MaD:1 |
 | test.go:367:18:367:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
@@ -111,7 +110,7 @@ edges
 | test.go:387:18:387:48 | call to NewReader | test.go:391:2:391:13 | snappyReader | provenance |  |
 | test.go:387:18:387:48 | call to NewReader | test.go:392:2:392:13 | snappyReader | provenance |  |
 | test.go:387:18:387:48 | call to NewReader | test.go:393:26:393:37 | snappyReader | provenance |  |
-| test.go:387:44:387:47 | file | test.go:387:18:387:48 | call to NewReader | provenance | Config |
+| test.go:387:44:387:47 | file | test.go:387:18:387:48 | call to NewReader | provenance |  |
 | test.go:393:12:393:38 | call to NewReader | test.go:395:18:395:24 | tarRead | provenance |  |
 | test.go:393:26:393:37 | snappyReader | test.go:393:12:393:38 | call to NewReader | provenance | MaD:1 |
 | test.go:395:18:395:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
@@ -120,18 +119,18 @@ edges
 | test.go:415:14:415:31 | call to NewReader | test.go:418:2:418:9 | s2Reader | provenance |  |
 | test.go:415:14:415:31 | call to NewReader | test.go:420:2:420:9 | s2Reader | provenance |  |
 | test.go:415:14:415:31 | call to NewReader | test.go:421:26:421:33 | s2Reader | provenance |  |
-| test.go:415:27:415:30 | file | test.go:415:14:415:31 | call to NewReader | provenance | Config |
+| test.go:415:27:415:30 | file | test.go:415:14:415:31 | call to NewReader | provenance |  |
 | test.go:421:12:421:34 | call to NewReader | test.go:423:18:423:24 | tarRead | provenance |  |
 | test.go:421:26:421:33 | s2Reader | test.go:421:12:421:34 | call to NewReader | provenance | MaD:1 |
 | test.go:423:18:423:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
 | test.go:440:19:440:21 | definition of src | test.go:441:34:441:36 | src | provenance |  |
 | test.go:441:2:441:37 | ... := ...[0] | test.go:444:12:444:32 | type conversion | provenance |  |
-| test.go:441:34:441:36 | src | test.go:441:2:441:37 | ... := ...[0] | provenance | Config |
+| test.go:441:34:441:36 | src | test.go:441:2:441:37 | ... := ...[0] | provenance |  |
 | test.go:444:12:444:32 | type conversion | test.go:445:23:445:28 | newSrc | provenance |  |
 | test.go:447:11:447:14 | definition of file | test.go:450:34:450:37 | file | provenance |  |
 | test.go:450:2:450:38 | ... := ...[0] | test.go:452:2:452:11 | gzipReader | provenance |  |
 | test.go:450:2:450:38 | ... := ...[0] | test.go:453:26:453:35 | gzipReader | provenance |  |
-| test.go:450:34:450:37 | file | test.go:450:2:450:38 | ... := ...[0] | provenance | Config |
+| test.go:450:34:450:37 | file | test.go:450:2:450:38 | ... := ...[0] | provenance |  |
 | test.go:453:12:453:36 | call to NewReader | test.go:455:18:455:24 | tarRead | provenance |  |
 | test.go:453:26:453:35 | gzipReader | test.go:453:12:453:36 | call to NewReader | provenance | MaD:1 |
 | test.go:455:18:455:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
@@ -139,7 +138,7 @@ edges
 | test.go:475:2:475:47 | ... := ...[0] | test.go:477:2:477:11 | gzipReader | provenance |  |
 | test.go:475:2:475:47 | ... := ...[0] | test.go:479:2:479:11 | gzipReader | provenance |  |
 | test.go:475:2:475:47 | ... := ...[0] | test.go:480:26:480:35 | gzipReader | provenance |  |
-| test.go:475:43:475:46 | file | test.go:475:2:475:47 | ... := ...[0] | provenance | Config |
+| test.go:475:43:475:46 | file | test.go:475:2:475:47 | ... := ...[0] | provenance |  |
 | test.go:480:12:480:36 | call to NewReader | test.go:482:18:482:24 | tarRead | provenance |  |
 | test.go:480:26:480:35 | gzipReader | test.go:480:12:480:36 | call to NewReader | provenance | MaD:1 |
 | test.go:482:18:482:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
@@ -147,7 +146,7 @@ edges
 | test.go:502:2:502:49 | ... := ...[0] | test.go:504:2:504:12 | pgzipReader | provenance |  |
 | test.go:502:2:502:49 | ... := ...[0] | test.go:506:2:506:12 | pgzipReader | provenance |  |
 | test.go:502:2:502:49 | ... := ...[0] | test.go:507:26:507:36 | pgzipReader | provenance |  |
-| test.go:502:45:502:48 | file | test.go:502:2:502:49 | ... := ...[0] | provenance | Config |
+| test.go:502:45:502:48 | file | test.go:502:2:502:49 | ... := ...[0] | provenance |  |
 | test.go:507:12:507:37 | call to NewReader | test.go:509:18:509:24 | tarRead | provenance |  |
 | test.go:507:26:507:36 | pgzipReader | test.go:507:12:507:37 | call to NewReader | provenance | MaD:1 |
 | test.go:509:18:509:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
@@ -156,21 +155,21 @@ edges
 | test.go:529:2:529:47 | ... := ...[0] | test.go:533:2:533:11 | zstdReader | provenance |  |
 | test.go:529:2:529:47 | ... := ...[0] | test.go:535:2:535:11 | zstdReader | provenance |  |
 | test.go:529:2:529:47 | ... := ...[0] | test.go:536:26:536:35 | zstdReader | provenance |  |
-| test.go:529:43:529:46 | file | test.go:529:2:529:47 | ... := ...[0] | provenance | Config |
+| test.go:529:43:529:46 | file | test.go:529:2:529:47 | ... := ...[0] | provenance |  |
 | test.go:536:12:536:36 | call to NewReader | test.go:538:18:538:24 | tarRead | provenance |  |
 | test.go:536:26:536:35 | zstdReader | test.go:536:12:536:36 | call to NewReader | provenance | MaD:1 |
 | test.go:538:18:538:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
 | test.go:555:19:555:22 | definition of file | test.go:558:38:558:41 | file | provenance |  |
 | test.go:558:16:558:42 | call to NewReader | test.go:560:2:560:11 | zstdReader | provenance |  |
 | test.go:558:16:558:42 | call to NewReader | test.go:561:26:561:35 | zstdReader | provenance |  |
-| test.go:558:38:558:41 | file | test.go:558:16:558:42 | call to NewReader | provenance | Config |
+| test.go:558:38:558:41 | file | test.go:558:16:558:42 | call to NewReader | provenance |  |
 | test.go:561:12:561:36 | call to NewReader | test.go:563:18:563:24 | tarRead | provenance |  |
 | test.go:561:26:561:35 | zstdReader | test.go:561:12:561:36 | call to NewReader | provenance | MaD:1 |
 | test.go:563:18:563:24 | tarRead | test.go:611:22:611:28 | definition of tarRead | provenance |  |
 | test.go:580:9:580:12 | definition of file | test.go:583:30:583:33 | file | provenance |  |
 | test.go:583:2:583:34 | ... := ...[0] | test.go:585:2:585:9 | xzReader | provenance |  |
 | test.go:583:2:583:34 | ... := ...[0] | test.go:586:26:586:33 | xzReader | provenance |  |
-| test.go:583:30:583:33 | file | test.go:583:2:583:34 | ... := ...[0] | provenance | Config |
+| test.go:583:30:583:33 | file | test.go:583:2:583:34 | ... := ...[0] | provenance |  |
 | test.go:586:12:586:34 | call to NewReader | test.go:589:18:589:24 | tarRead | provenance |  |
 | test.go:586:12:586:34 | call to NewReader | test.go:590:19:590:25 | tarRead | provenance |  |
 | test.go:586:26:586:33 | xzReader | test.go:586:12:586:34 | call to NewReader | provenance | MaD:1 |
--- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected
@@ -1,20 +1,14 @@
 edges
 | test.go:172:2:172:6 | definition of param | test.go:173:20:173:24 | param | provenance |  |
-| test.go:172:2:172:6 | definition of param | test.go:173:20:173:24 | param | provenance | Config |
 | test.go:172:11:172:32 | call to Param | test.go:172:2:172:6 | definition of param | provenance |  |
-| test.go:172:11:172:32 | call to Param | test.go:172:2:172:6 | definition of param | provenance | Config |
 | test.go:178:2:178:6 | definition of param | test.go:182:24:182:28 | param | provenance |  |
-| test.go:178:2:178:6 | definition of param | test.go:182:24:182:28 | param | provenance | Config |
 | test.go:178:11:178:32 | call to Param | test.go:178:2:178:6 | definition of param | provenance |  |
-| test.go:178:11:178:32 | call to Param | test.go:178:2:178:6 | definition of param | provenance | Config |
-| test.go:182:24:182:28 | param | test.go:182:20:182:28 | ...+... | provenance | Config |
+| test.go:182:24:182:28 | param | test.go:182:20:182:28 | ...+... | provenance |  |
 | test.go:190:2:190:4 | definition of url | test.go:193:21:193:23 | url | provenance |  |
-| test.go:190:2:190:4 | definition of url | test.go:193:21:193:23 | url | provenance | Config |
 | test.go:190:9:190:26 | star expression | test.go:190:2:190:4 | definition of url | provenance |  |
-| test.go:190:9:190:26 | star expression | test.go:190:2:190:4 | definition of url | provenance | Config |
-| test.go:190:9:190:26 | star expression | test.go:190:10:190:26 | selection of URL | provenance | Config |
-| test.go:190:10:190:26 | selection of URL | test.go:190:9:190:26 | star expression | provenance | Config |
-| test.go:193:21:193:23 | url | test.go:193:21:193:32 | call to String | provenance | Config |
+| test.go:190:9:190:26 | star expression | test.go:190:10:190:26 | selection of URL | provenance |  |
+| test.go:190:10:190:26 | selection of URL | test.go:190:9:190:26 | star expression | provenance |  |
+| test.go:193:21:193:23 | url | test.go:193:21:193:32 | call to String | provenance |  |
 nodes
 | test.go:172:2:172:6 | definition of param | semmle.label | definition of param |
 | test.go:172:11:172:32 | call to Param | semmle.label | call to Param |
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
@@ -1,9 +1,9 @@
 edges
-| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params | provenance | Config |
-| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Config |
-| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Config |
-| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Config |
-| EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance | Config |
+| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params | provenance |  |
+| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:32 | selection of Form | provenance |  |
+| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:27 | implicit dereference | provenance |  |
+| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance |  |
+| EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance |  |
 nodes
 | EndToEnd.go:94:20:94:27 | implicit dereference | semmle.label | implicit dereference |
 | EndToEnd.go:94:20:94:27 | selection of Params | semmle.label | selection of Params |
--- a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
+++ b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
@@ -103,10 +103,10 @@ edges
 | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:78:23:78:28 | filter | provenance |  |
 | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:79:23:79:28 | filter | provenance |  |
 | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:80:22:80:27 | filter | provenance |  |
-| mongoDB.go:42:28:42:41 | untrustedInput | mongoDB.go:42:19:42:42 | struct literal | provenance | Config |
+| mongoDB.go:42:28:42:41 | untrustedInput | mongoDB.go:42:19:42:42 | struct literal | provenance |  |
 | mongoDB.go:50:23:50:40 | struct literal | mongoDB.go:57:22:57:29 | pipeline | provenance |  |
 | mongoDB.go:50:23:50:40 | struct literal | mongoDB.go:81:18:81:25 | pipeline | provenance |  |
-| mongoDB.go:50:34:50:39 | filter | mongoDB.go:50:23:50:40 | struct literal | provenance | Config |
+| mongoDB.go:50:34:50:39 | filter | mongoDB.go:50:23:50:40 | struct literal | provenance |  |
 nodes
 | SqlInjection.go:10:7:11:30 | []type{args} [array] | semmle.label | []type{args} [array] |
 | SqlInjection.go:10:7:11:30 | call to Sprintf | semmle.label | call to Sprintf |
--- a/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected
+++ b/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected
@@ -1,24 +1,24 @@
 edges
 | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | AllocationSizeOverflow.go:10:14:10:21 | jsonData | provenance |  |
-| AllocationSizeOverflow.go:10:14:10:21 | jsonData | AllocationSizeOverflow.go:10:10:10:22 | call to len | provenance | Config |
+| AllocationSizeOverflow.go:10:14:10:21 | jsonData | AllocationSizeOverflow.go:10:10:10:22 | call to len | provenance |  |
 | tst2.go:9:2:9:37 | ... := ...[0] | tst2.go:10:26:10:29 | data | provenance |  |
-| tst2.go:10:26:10:29 | data | tst2.go:10:22:10:30 | call to len | provenance | Config |
+| tst2.go:10:26:10:29 | data | tst2.go:10:22:10:30 | call to len | provenance |  |
 | tst2.go:14:2:14:29 | ... := ...[0] | tst2.go:15:26:15:29 | data | provenance |  |
-| tst2.go:15:26:15:29 | data | tst2.go:15:22:15:30 | call to len | provenance | Config |
+| tst2.go:15:26:15:29 | data | tst2.go:15:22:15:30 | call to len | provenance |  |
 | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:7:26:7:33 | jsonData | provenance |  |
 | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:24:20:24:27 | jsonData | provenance |  |
 | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:32:20:32:27 | jsonData | provenance |  |
-| tst3.go:7:26:7:33 | jsonData | tst3.go:7:22:7:34 | call to len | provenance | Config |
-| tst3.go:24:20:24:27 | jsonData | tst3.go:24:16:24:28 | call to len | provenance | Config |
-| tst3.go:32:20:32:27 | jsonData | tst3.go:32:16:32:28 | call to len | provenance | Config |
+| tst3.go:7:26:7:33 | jsonData | tst3.go:7:22:7:34 | call to len | provenance |  |
+| tst3.go:24:20:24:27 | jsonData | tst3.go:24:16:24:28 | call to len | provenance |  |
+| tst3.go:32:20:32:27 | jsonData | tst3.go:32:16:32:28 | call to len | provenance |  |
 | tst.go:14:2:14:30 | ... = ...[0] | tst.go:15:26:15:33 | jsonData | provenance |  |
-| tst.go:15:26:15:33 | jsonData | tst.go:15:22:15:34 | call to len | provenance | Config |
+| tst.go:15:26:15:33 | jsonData | tst.go:15:22:15:34 | call to len | provenance |  |
 | tst.go:20:2:20:31 | ... = ...[0] | tst.go:21:26:21:33 | jsonData | provenance |  |
-| tst.go:21:26:21:33 | jsonData | tst.go:21:22:21:34 | call to len | provenance | Config |
+| tst.go:21:26:21:33 | jsonData | tst.go:21:22:21:34 | call to len | provenance |  |
 | tst.go:26:2:26:31 | ... = ...[0] | tst.go:27:30:27:37 | jsonData | provenance |  |
-| tst.go:27:30:27:37 | jsonData | tst.go:27:26:27:38 | call to len | provenance | Config |
+| tst.go:27:30:27:37 | jsonData | tst.go:27:26:27:38 | call to len | provenance |  |
 | tst.go:34:2:34:30 | ... = ...[0] | tst.go:35:26:35:33 | jsonData | provenance |  |
-| tst.go:35:26:35:33 | jsonData | tst.go:35:22:35:34 | call to len | provenance | Config |
+| tst.go:35:26:35:33 | jsonData | tst.go:35:22:35:34 | call to len | provenance |  |
 nodes
 | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | semmle.label | ... := ...[0] |
 | AllocationSizeOverflow.go:10:10:10:22 | call to len | semmle.label | call to len |
--- a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
+++ b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
@@ -1,59 +1,43 @@
 edges
 | klog.go:20:3:25:3 | range statement[1] | klog.go:20:13:20:19 | definition of headers | provenance |  |
-| klog.go:20:3:25:3 | range statement[1] | klog.go:20:13:20:19 | definition of headers | provenance | Config |
 | klog.go:20:13:20:19 | definition of headers | klog.go:21:27:21:33 | headers | provenance |  |
-| klog.go:20:13:20:19 | definition of headers | klog.go:21:27:21:33 | headers | provenance | Config |
-| klog.go:20:30:20:37 | selection of Header | klog.go:20:3:25:3 | range statement[1] | provenance | Config |
+| klog.go:20:30:20:37 | selection of Header | klog.go:20:3:25:3 | range statement[1] | provenance |  |
 | klog.go:21:4:24:4 | range statement[1] | klog.go:21:11:21:16 | definition of header | provenance |  |
-| klog.go:21:4:24:4 | range statement[1] | klog.go:21:11:21:16 | definition of header | provenance | Config |
 | klog.go:21:11:21:16 | definition of header | klog.go:22:15:22:20 | header | provenance |  |
-| klog.go:21:11:21:16 | definition of header | klog.go:22:15:22:20 | header | provenance | Config |
-| klog.go:21:27:21:33 | headers | klog.go:21:4:24:4 | range statement[1] | provenance | Config |
-| klog.go:28:13:28:20 | selection of Header | klog.go:28:13:28:41 | call to Get | provenance | Config |
+| klog.go:21:27:21:33 | headers | klog.go:21:4:24:4 | range statement[1] | provenance |  |
+| klog.go:28:13:28:20 | selection of Header | klog.go:28:13:28:41 | call to Get | provenance |  |
 | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | provenance |  |
 | passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance |  |
-| passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance | Config |
 | passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance |  |
-| passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config |
+| passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance |  |
 | passwords.go:36:2:36:5 | definition of obj1 | passwords.go:39:14:39:17 | obj1 | provenance |  |
-| passwords.go:36:2:36:5 | definition of obj1 | passwords.go:39:14:39:17 | obj1 | provenance | Config |
 | passwords.go:36:10:38:2 | struct literal | passwords.go:36:2:36:5 | definition of obj1 | provenance |  |
-| passwords.go:36:10:38:2 | struct literal | passwords.go:36:2:36:5 | definition of obj1 | provenance | Config |
-| passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | Config |
+| passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance |  |
 | passwords.go:41:2:41:5 | definition of obj2 | passwords.go:44:14:44:17 | obj2 | provenance |  |
-| passwords.go:41:2:41:5 | definition of obj2 | passwords.go:44:14:44:17 | obj2 | provenance | Config |
 | passwords.go:41:10:43:2 | struct literal | passwords.go:41:2:41:5 | definition of obj2 | provenance |  |
-| passwords.go:41:10:43:2 | struct literal | passwords.go:41:2:41:5 | definition of obj2 | provenance | Config |
-| passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | Config |
+| passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance |  |
 | passwords.go:46:6:46:9 | definition of obj3 | passwords.go:47:14:47:17 | obj3 | provenance |  |
-| passwords.go:46:6:46:9 | definition of obj3 | passwords.go:47:14:47:17 | obj3 | provenance | Config |
-| passwords.go:48:11:48:18 | password | passwords.go:46:6:46:9 | definition of obj3 | provenance | Config |
+| passwords.go:48:11:48:18 | password | passwords.go:46:6:46:9 | definition of obj3 | provenance |  |
 | passwords.go:85:2:85:14 | definition of utilityObject | passwords.go:88:14:88:26 | utilityObject | provenance |  |
-| passwords.go:85:2:85:14 | definition of utilityObject | passwords.go:88:14:88:26 | utilityObject | provenance | Config |
 | passwords.go:85:19:87:2 | struct literal | passwords.go:85:2:85:14 | definition of utilityObject | provenance |  |
-| passwords.go:85:19:87:2 | struct literal | passwords.go:85:2:85:14 | definition of utilityObject | provenance | Config |
-| passwords.go:86:16:86:36 | call to make | passwords.go:85:19:87:2 | struct literal | provenance | Config |
+| passwords.go:86:16:86:36 | call to make | passwords.go:85:19:87:2 | struct literal | provenance |  |
 | passwords.go:90:2:90:7 | definition of secret | passwords.go:91:23:91:28 | secret | provenance |  |
-| passwords.go:90:2:90:7 | definition of secret | passwords.go:91:23:91:28 | secret | provenance | Config |
 | passwords.go:90:12:90:19 | password | passwords.go:90:2:90:7 | definition of secret | provenance |  |
-| passwords.go:90:12:90:19 | password | passwords.go:90:2:90:7 | definition of secret | provenance | Config |
-| passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... | provenance | Config |
-| passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... | provenance | Config |
-| passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... | provenance | Config |
-| passwords.go:116:28:116:36 | password1 | passwords.go:116:28:116:45 | call to String | provenance | Config |
-| passwords.go:116:28:116:45 | call to String | passwords.go:116:14:116:45 | ...+... | provenance | Config |
+| passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... | provenance |  |
+| passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... | provenance |  |
+| passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... | provenance |  |
+| passwords.go:116:28:116:36 | password1 | passwords.go:116:28:116:45 | call to String | provenance |  |
+| passwords.go:116:28:116:45 | call to String | passwords.go:116:14:116:45 | ...+... | provenance |  |
 | passwords.go:118:2:118:7 | definition of config | passwords.go:125:14:125:19 | config | provenance |  |
-| passwords.go:118:2:118:7 | definition of config | passwords.go:125:14:125:19 | config | provenance | Config |
 | passwords.go:118:2:118:7 | definition of config [x] | passwords.go:126:14:126:19 | config [x] | provenance |  |
 | passwords.go:118:2:118:7 | definition of config [y] | passwords.go:127:14:127:19 | config [y] | provenance |  |
 | passwords.go:118:12:123:2 | struct literal | passwords.go:118:2:118:7 | definition of config | provenance |  |
-| passwords.go:118:12:123:2 | struct literal | passwords.go:118:2:118:7 | definition of config | provenance | Config |
 | passwords.go:118:12:123:2 | struct literal [x] | passwords.go:118:2:118:7 | definition of config [x] | provenance |  |
 | passwords.go:118:12:123:2 | struct literal [y] | passwords.go:118:2:118:7 | definition of config [y] | provenance |  |
-| passwords.go:119:13:119:13 | x | passwords.go:118:12:123:2 | struct literal | provenance | Config |
-| passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal | provenance | Config |
+| passwords.go:119:13:119:13 | x | passwords.go:118:12:123:2 | struct literal | provenance |  |
+| passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal | provenance |  |
 | passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal [x] | provenance |  |
-| passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal | provenance | Config |
+| passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal | provenance |  |
 | passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal [y] | provenance |  |
 | passwords.go:126:14:126:19 | config [x] | passwords.go:126:14:126:21 | selection of x | provenance |  |
 | passwords.go:127:14:127:19 | config [y] | passwords.go:127:14:127:21 | selection of y | provenance |  |
--- a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected
+++ b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected
@@ -13,7 +13,7 @@ edges
 | sample.go:55:17:55:42 | call to Intn | sample.go:56:29:56:38 | randNumber | provenance |  |
 | sample.go:56:11:56:40 | type conversion | sample.go:58:32:58:43 | type conversion | provenance |  |
 | sample.go:56:18:56:39 | index expression | sample.go:56:11:56:40 | type conversion | provenance |  |
-| sample.go:56:29:56:38 | randNumber | sample.go:56:18:56:39 | index expression | provenance | Config |
+| sample.go:56:29:56:38 | randNumber | sample.go:56:18:56:39 | index expression | provenance |  |
 nodes
 | InsecureRandomness.go:12:18:12:40 | call to Intn | semmle.label | call to Intn |
 | sample.go:15:10:15:64 | call to Sum256 | semmle.label | call to Sum256 |
--- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
+++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
@@ -1,43 +1,29 @@
 edges
-| OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | provenance | Config |
+| OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | provenance |  |
 | stdlib.go:13:3:13:8 | definition of target | stdlib.go:15:30:15:35 | target | provenance |  |
-| stdlib.go:13:3:13:8 | definition of target | stdlib.go:15:30:15:35 | target | provenance | Config |
-| stdlib.go:13:13:13:18 | selection of Form | stdlib.go:13:13:13:32 | call to Get | provenance | Config |
+| stdlib.go:13:13:13:18 | selection of Form | stdlib.go:13:13:13:32 | call to Get | provenance |  |
 | stdlib.go:13:13:13:32 | call to Get | stdlib.go:13:3:13:8 | definition of target | provenance |  |
-| stdlib.go:13:13:13:32 | call to Get | stdlib.go:13:3:13:8 | definition of target | provenance | Config |
 | stdlib.go:22:3:22:8 | definition of target | stdlib.go:24:30:24:35 | target | provenance |  |
-| stdlib.go:22:3:22:8 | definition of target | stdlib.go:24:30:24:35 | target | provenance | Config |
-| stdlib.go:22:13:22:18 | selection of Form | stdlib.go:22:13:22:32 | call to Get | provenance | Config |
+| stdlib.go:22:13:22:18 | selection of Form | stdlib.go:22:13:22:32 | call to Get | provenance |  |
 | stdlib.go:22:13:22:32 | call to Get | stdlib.go:22:3:22:8 | definition of target | provenance |  |
-| stdlib.go:22:13:22:32 | call to Get | stdlib.go:22:3:22:8 | definition of target | provenance | Config |
 | stdlib.go:31:3:31:8 | definition of target | stdlib.go:35:34:35:39 | target | provenance |  |
-| stdlib.go:31:3:31:8 | definition of target | stdlib.go:35:34:35:39 | target | provenance | Config |
-| stdlib.go:31:13:31:18 | selection of Form | stdlib.go:31:13:31:32 | call to Get | provenance | Config |
+| stdlib.go:31:13:31:18 | selection of Form | stdlib.go:31:13:31:32 | call to Get | provenance |  |
 | stdlib.go:31:13:31:32 | call to Get | stdlib.go:31:3:31:8 | definition of target | provenance |  |
-| stdlib.go:31:13:31:32 | call to Get | stdlib.go:31:3:31:8 | definition of target | provenance | Config |
-| stdlib.go:35:34:35:39 | target | stdlib.go:35:30:35:39 | ...+... | provenance | Config |
+| stdlib.go:35:34:35:39 | target | stdlib.go:35:30:35:39 | ...+... | provenance |  |
 | stdlib.go:44:3:44:8 | definition of target | stdlib.go:46:23:46:28 | target | provenance |  |
-| stdlib.go:44:3:44:8 | definition of target | stdlib.go:46:23:46:28 | target | provenance | Config |
-| stdlib.go:44:13:44:18 | selection of Form | stdlib.go:44:13:44:32 | call to Get | provenance | Config |
+| stdlib.go:44:13:44:18 | selection of Form | stdlib.go:44:13:44:32 | call to Get | provenance |  |
 | stdlib.go:44:13:44:32 | call to Get | stdlib.go:44:3:44:8 | definition of target | provenance |  |
-| stdlib.go:44:13:44:32 | call to Get | stdlib.go:44:3:44:8 | definition of target | provenance | Config |
 | stdlib.go:64:3:64:8 | definition of target | stdlib.go:67:23:67:28 | target | provenance |  |
-| stdlib.go:64:3:64:8 | definition of target | stdlib.go:67:23:67:28 | target | provenance | Config |
-| stdlib.go:64:13:64:18 | selection of Form | stdlib.go:64:13:64:32 | call to Get | provenance | Config |
+| stdlib.go:64:13:64:18 | selection of Form | stdlib.go:64:13:64:32 | call to Get | provenance |  |
 | stdlib.go:64:13:64:32 | call to Get | stdlib.go:64:3:64:8 | definition of target | provenance |  |
-| stdlib.go:64:13:64:32 | call to Get | stdlib.go:64:3:64:8 | definition of target | provenance | Config |
-| stdlib.go:67:23:67:28 | target | stdlib.go:67:23:67:37 | ...+... | provenance | Config |
-| stdlib.go:67:23:67:37 | ...+... | stdlib.go:67:23:67:40 | ...+... | provenance | Config |
+| stdlib.go:67:23:67:28 | target | stdlib.go:67:23:67:37 | ...+... | provenance |  |
+| stdlib.go:67:23:67:37 | ...+... | stdlib.go:67:23:67:40 | ...+... | provenance |  |
 | stdlib.go:89:3:89:8 | definition of target | stdlib.go:90:3:90:8 | target | provenance |  |
-| stdlib.go:89:3:89:8 | definition of target | stdlib.go:90:3:90:8 | target | provenance | Config |
-| stdlib.go:89:13:89:18 | selection of Form | stdlib.go:89:13:89:32 | call to Get | provenance | Config |
+| stdlib.go:89:13:89:18 | selection of Form | stdlib.go:89:13:89:32 | call to Get | provenance |  |
 | stdlib.go:89:13:89:32 | call to Get | stdlib.go:89:3:89:8 | definition of target | provenance |  |
-| stdlib.go:89:13:89:32 | call to Get | stdlib.go:89:3:89:8 | definition of target | provenance | Config |
 | stdlib.go:90:3:90:8 | definition of target | stdlib.go:92:23:92:28 | target | provenance |  |
-| stdlib.go:90:3:90:8 | definition of target | stdlib.go:92:23:92:28 | target | provenance | Config |
-| stdlib.go:90:3:90:8 | target | stdlib.go:90:3:90:25 | ... += ... | provenance | Config |
+| stdlib.go:90:3:90:8 | target | stdlib.go:90:3:90:25 | ... += ... | provenance |  |
 | stdlib.go:90:3:90:25 | ... += ... | stdlib.go:90:3:90:8 | definition of target | provenance |  |
-| stdlib.go:90:3:90:25 | ... += ... | stdlib.go:90:3:90:8 | definition of target | provenance | Config |
 | stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | provenance |  |
 | stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:112:4:112:4 | r [pointer, URL] | provenance |  |
 | stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:113:24:113:24 | r [pointer, URL] | provenance |  |
@@ -47,47 +33,37 @@ edges
 | stdlib.go:112:4:112:4 | implicit dereference [URL] | stdlib.go:112:4:112:8 | selection of URL | provenance |  |
 | stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | provenance |  |
 | stdlib.go:112:4:112:4 | r [pointer, URL] | stdlib.go:112:4:112:4 | implicit dereference [URL] | provenance |  |
-| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL | provenance | Config |
+| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL | provenance |  |
 | stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL [pointer] | provenance |  |
 | stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:4 | implicit dereference [URL] | provenance |  |
-| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:8 | implicit dereference | provenance | Config |
+| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:8 | implicit dereference | provenance |  |
 | stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | provenance |  |
 | stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:8 | implicit dereference | provenance |  |
 | stdlib.go:113:24:113:24 | implicit dereference [URL] | stdlib.go:113:24:113:28 | selection of URL | provenance |  |
 | stdlib.go:113:24:113:24 | r [pointer, URL] | stdlib.go:113:24:113:24 | implicit dereference [URL] | provenance |  |
-| stdlib.go:113:24:113:28 | selection of URL | stdlib.go:113:24:113:37 | call to String | provenance | Config |
+| stdlib.go:113:24:113:28 | selection of URL | stdlib.go:113:24:113:37 | call to String | provenance |  |
 | stdlib.go:146:3:146:8 | definition of target | stdlib.go:152:3:152:3 | target = phi(def@146:3, def@149:4) | provenance |  |
-| stdlib.go:146:3:146:8 | definition of target | stdlib.go:152:3:152:3 | target = phi(def@146:3, def@149:4) | provenance | Config |
-| stdlib.go:146:13:146:18 | selection of Form | stdlib.go:146:13:146:32 | call to Get | provenance | Config |
+| stdlib.go:146:13:146:18 | selection of Form | stdlib.go:146:13:146:32 | call to Get | provenance |  |
 | stdlib.go:146:13:146:32 | call to Get | stdlib.go:146:3:146:8 | definition of target | provenance |  |
-| stdlib.go:146:13:146:32 | call to Get | stdlib.go:146:3:146:8 | definition of target | provenance | Config |
 | stdlib.go:152:3:152:3 | target = phi(def@146:3, def@149:4) | stdlib.go:152:23:152:28 | target | provenance |  |
-| stdlib.go:152:3:152:3 | target = phi(def@146:3, def@149:4) | stdlib.go:152:23:152:28 | target | provenance | Config |
 | stdlib.go:159:3:159:5 | definition of url | stdlib.go:162:24:162:26 | url | provenance |  |
-| stdlib.go:159:3:159:5 | definition of url | stdlib.go:162:24:162:26 | url | provenance | Config |
 | stdlib.go:159:10:159:15 | star expression | stdlib.go:159:3:159:5 | definition of url | provenance |  |
-| stdlib.go:159:10:159:15 | star expression | stdlib.go:159:3:159:5 | definition of url | provenance | Config |
-| stdlib.go:159:10:159:15 | star expression | stdlib.go:159:11:159:15 | selection of URL | provenance | Config |
-| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:159:10:159:15 | star expression | provenance | Config |
-| stdlib.go:162:24:162:26 | url | stdlib.go:162:24:162:35 | call to String | provenance | Config |
-| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI | provenance | Config |
-| stdlib.go:173:35:173:52 | call to RequestURI | stdlib.go:173:24:173:52 | ...+... | provenance | Config |
+| stdlib.go:159:10:159:15 | star expression | stdlib.go:159:11:159:15 | selection of URL | provenance |  |
+| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:159:10:159:15 | star expression | provenance |  |
+| stdlib.go:162:24:162:26 | url | stdlib.go:162:24:162:35 | call to String | provenance |  |
+| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI | provenance |  |
+| stdlib.go:173:35:173:52 | call to RequestURI | stdlib.go:173:24:173:52 | ...+... | provenance |  |
 | stdlib.go:182:3:182:8 | definition of target | stdlib.go:184:23:184:28 | target | provenance |  |
-| stdlib.go:182:3:182:8 | definition of target | stdlib.go:184:23:184:28 | target | provenance | Config |
 | stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:182:3:182:8 | definition of target | provenance | Src:MaD:670  |
-| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:182:3:182:8 | definition of target | provenance | Src:MaD:670 Config |
 | stdlib.go:190:3:190:8 | definition of target | stdlib.go:192:23:192:28 | target | provenance |  |
-| stdlib.go:190:3:190:8 | definition of target | stdlib.go:192:23:192:28 | target | provenance | Config |
 | stdlib.go:190:3:190:8 | definition of target | stdlib.go:194:23:194:28 | target | provenance |  |
-| stdlib.go:190:3:190:8 | definition of target | stdlib.go:194:23:194:28 | target | provenance | Config |
 | stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:190:3:190:8 | definition of target | provenance |  |
-| stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:190:3:190:8 | definition of target | provenance | Config |
-| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:670 Config |
-| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:190:3:190:8 | definition of target | provenance | Config |
-| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:192:23:192:33 | selection of Path | provenance | Config |
-| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:28 | implicit dereference | provenance | Config |
-| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:33 | selection of Path | provenance | Config |
-| stdlib.go:194:23:194:28 | target | stdlib.go:194:23:194:42 | call to EscapedPath | provenance | Config |
+| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:670  |
+| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:190:3:190:8 | definition of target | provenance |  |
+| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:192:23:192:33 | selection of Path | provenance |  |
+| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:28 | implicit dereference | provenance |  |
+| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:33 | selection of Path | provenance |  |
+| stdlib.go:194:23:194:28 | target | stdlib.go:194:23:194:42 | call to EscapedPath | provenance |  |
 nodes
 | OpenUrlRedirect.go:10:23:10:28 | selection of Form | semmle.label | selection of Form |
 | OpenUrlRedirect.go:10:23:10:42 | call to Get | semmle.label | call to Get |
--- a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
+++ b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
@@ -15,8 +15,8 @@ edges
 | tst.go:36:2:36:2 | u | tst.go:36:2:36:2 | u | provenance |  |
 | tst.go:36:2:36:2 | u | tst.go:37:11:37:11 | u | provenance |  |
 | tst.go:36:2:36:2 | u [pointer] | tst.go:36:2:36:2 | implicit dereference | provenance |  |
-| tst.go:36:11:36:17 | tainted | tst.go:36:2:36:2 | u | provenance | Config |
-| tst.go:36:11:36:17 | tainted | tst.go:37:11:37:11 | u | provenance | Config |
+| tst.go:36:11:36:17 | tainted | tst.go:36:2:36:2 | u | provenance |  |
+| tst.go:36:11:36:17 | tainted | tst.go:37:11:37:11 | u | provenance |  |
 | tst.go:37:11:37:11 | u | tst.go:37:11:37:20 | call to String | provenance | MaD:235 |
 | websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:673  |
 | websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:673  |
--- a/java/documentation/library-coverage/coverage.csv
+++ b/java/documentation/library-coverage/coverage.csv
@@ -87,7 +87,7 @@ java.rmi,,,71,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,71,
 java.security,21,,543,,,11,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,539,4
 java.sql,15,1,303,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,,1,,,,303,
 java.text,,,134,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,134,
-java.time,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35,88
+java.time,,,476,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,388,88
 java.util,47,2,1218,,,,,,,,,1,,,,,,,,,,,34,,,,2,,,,5,2,,1,2,,,,,,,,,,,,,2,,,704,514
 javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
 javax.accessibility,,,31,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,31,
--- a/java/documentation/library-coverage/coverage.rst
+++ b/java/documentation/library-coverage/coverage.rst
@@ -18,10 +18,10 @@ Java framework & library support
   `Google Guava <https://guava.dev/>`_,``com.google.common.*``,,730,43,9,,,,,
   JBoss Logging,``org.jboss.logging``,,,324,,,,,,
   `JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,
-   Java Standard Library,``java.*``,10,4267,240,80,,9,,,26
+   Java Standard Library,``java.*``,10,4620,240,80,,9,,,26
   Java extensions,"``javax.*``, ``jakarta.*``",69,3257,85,5,4,2,1,1,4
   Kotlin Standard Library,``kotlin*``,,1849,16,14,,,,,2
   `Spring <https://spring.io/>`_,``org.springframework.*``,38,481,122,5,,28,14,,35
   Others,"``actions.osgi``, ``antlr``, ``ch.ethz.ssh2``, ``cn.hutool.core.codec``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.amazonaws.auth``, ``com.auth0.jwt.algorithms``, ``com.azure.identity``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.microsoft.sqlserver.jdbc``, ``com.mitchellbosecke.pebble``, ``com.mongodb``, ``com.opensymphony.xwork2``, ``com.rabbitmq.client``, ``com.sshtools.j2ssh.authentication``, ``com.sun.crypto.provider``, ``com.sun.jndi.ldap``, ``com.sun.net.httpserver``, ``com.sun.net.ssl``, ``com.sun.rowset``, ``com.sun.security.auth.module``, ``com.sun.security.ntlm``, ``com.sun.security.sasl.digest``, ``com.thoughtworks.xstream``, ``com.trilead.ssh2``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``liquibase.database.jvm``, ``liquibase.statement.core``, ``net.schmizz.sshj``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hadoop.hive.ql.exec``, ``org.apache.hadoop.hive.ql.metadata``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.ibatis.mapping``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.shiro.mgt``, ``org.apache.sshd.client.session``, ``org.apache.struts.beanvalidation.validation.interceptor``, ``org.apache.struts2``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.hibernate``, ``org.influxdb``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.jooq``, ``org.keycloak.models.map.storage``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.pac4j.jwt.config.encryption``, ``org.pac4j.jwt.config.signature``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.w3c.dom``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``, ``sun.awt``, ``sun.jvmstat.perfdata.monitor.protocol.local``, ``sun.jvmstat.perfdata.monitor.protocol.rmi``, ``sun.management.spi``, ``sun.misc``, ``sun.net.ftp``, ``sun.net.www.protocol.http``, ``sun.nio.ch``, ``sun.security.acl``, ``sun.security.jgss.krb5``, ``sun.security.krb5``, ``sun.security.pkcs``, ``sun.security.pkcs11``, ``sun.security.provider``, ``sun.security.ssl``, ``sun.security.x509``, ``sun.tools.jconsole``, ``sun.util.logging.internal``",131,10596,893,125,6,22,18,,208
-   Totals,,310,25130,2569,338,16,128,33,1,409
+   Totals,,310,25483,2569,338,16,128,33,1,409

--- a/java/ql/lib/ext/generated/java.time.chrono.model.yml
+++ b/java/ql/lib/ext/generated/java.time.chrono.model.yml
@@ -4,9 +4,58 @@ extensions:
      pack: codeql/java-all
      extensible: summaryModel
    data:
+      - ["java.time.chrono", "ChronoLocalDate", True, "atTime", "(LocalTime)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoLocalDate", True, "atTime", "(LocalTime)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoLocalDate", True, "format", "(DateTimeFormatter)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoLocalDate", True, "format", "(DateTimeFormatter)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoLocalDate", True, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoLocalDate", True, "getChronology", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoLocalDate", True, "getEra", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoLocalDate", True, "until", "(ChronoLocalDate)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoLocalDateTime", True, "format", "(DateTimeFormatter)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoLocalDateTime", True, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoLocalDateTime", True, "getChronology", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoPeriod", True, "between", "(ChronoLocalDate,ChronoLocalDate)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoPeriod", True, "getChronology", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoPeriod", True, "minus", "(TemporalAmount)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time.chrono", "ChronoPeriod", True, "multipliedBy", "(int)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time.chrono", "ChronoPeriod", True, "negated", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time.chrono", "ChronoPeriod", True, "normalized", "()", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time.chrono", "ChronoPeriod", True, "plus", "(TemporalAmount)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoZonedDateTime", True, "format", "(DateTimeFormatter)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoZonedDateTime", True, "format", "(DateTimeFormatter)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoZonedDateTime", True, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoZonedDateTime", True, "toLocalDate", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ChronoZonedDateTime", True, "toLocalTime", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "date", "(Era,int,int,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "date", "(Era,int,int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "date", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "date", "(TemporalAccessor)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "date", "(int,int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "dateEpochDay", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "dateNow", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "dateNow", "(Clock)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "dateNow", "(ZoneId)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "dateYearDay", "(Era,int,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "dateYearDay", "(Era,int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "dateYearDay", "(int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "getCalendarType", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "getDisplayName", "(TextStyle,Locale)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "getId", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "localDateTime", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "localDateTime", "(TemporalAccessor)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "period", "(int,int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "resolveDate", "(Map,ResolverStyle)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "zonedDateTime", "(Instant,ZoneId)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Chronology", True, "zonedDateTime", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "Era", True, "getDisplayName", "(TextStyle,Locale)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "HijrahDate", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
      - ["java.time.chrono", "HijrahDate", False, "withVariant", "(HijrahChronology)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time.chrono", "JapaneseDate", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "JapaneseDate", False, "of", "(JapaneseEra,int,int,int)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "MinguoDate", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.chrono", "ThaiBuddhistDate", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
  - addsTo:
      pack: codeql/java-all
      extensible: neutralModel
--- a/java/ql/lib/ext/generated/java.time.model.yml
+++ b/java/ql/lib/ext/generated/java.time.model.yml
@@ -4,21 +4,120 @@ extensions:
      pack: codeql/java-all
      extensible: summaryModel
    data:
+      - ["java.time", "Clock", True, "fixed", "(Instant,ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Clock", True, "fixed", "(Instant,ZoneId)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Clock", True, "getZone", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Clock", True, "offset", "(Clock,Duration)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Clock", True, "offset", "(Clock,Duration)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Clock", True, "system", "(ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Clock", True, "tick", "(Clock,Duration)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Clock", True, "tickMillis", "(ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Clock", True, "tickMinutes", "(ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Clock", True, "tickSeconds", "(ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "DateTimeException", True, "DateTimeException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
      - ["java.time", "DateTimeException", True, "DateTimeException", "(String,Throwable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
      - ["java.time", "DateTimeException", True, "DateTimeException", "(String,Throwable)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
+      - ["java.time", "DayOfWeek", False, "getDisplayName", "(TextStyle,Locale)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Duration", False, "abs", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "Duration", False, "dividedBy", "(long)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "Duration", False, "minus", "(Duration)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Duration", False, "minus", "(long,TemporalUnit)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Duration", False, "minusDays", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Duration", False, "minusHours", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Duration", False, "minusMillis", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Duration", False, "minusMinutes", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Duration", False, "minusNanos", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Duration", False, "minusSeconds", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "Duration", False, "multipliedBy", "(long)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "Duration", False, "negated", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Duration", False, "plus", "(Duration)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "Duration", False, "plus", "(long,TemporalUnit)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "Duration", False, "plusDays", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Duration", False, "plusHours", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Duration", False, "plusMillis", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Duration", False, "plusMinutes", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Duration", False, "plusNanos", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Duration", False, "plusSeconds", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "Duration", False, "truncatedTo", "(TemporalUnit)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "Instant", False, "atOffset", "(ZoneOffset)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Instant", False, "atZone", "(ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Instant", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Instant", False, "minusMillis", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Instant", False, "minusNanos", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Instant", False, "minusSeconds", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Instant", False, "now", "(Clock)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Instant", False, "plusMillis", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Instant", False, "plusNanos", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Instant", False, "plusSeconds", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "Instant", False, "truncatedTo", "(TemporalUnit)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "InstantSource", True, "fixed", "(Instant)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "InstantSource", True, "instant", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "InstantSource", True, "offset", "(InstantSource,Duration)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "InstantSource", True, "offset", "(InstantSource,Duration)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "InstantSource", True, "tick", "(InstantSource,Duration)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "InstantSource", True, "withZone", "(ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "InstantSource", True, "withZone", "(ZoneId)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "InstantSource", True, "withZone", "(ZoneId)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "LocalDate", False, "atStartOfDay", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDate", False, "atStartOfDay", "(ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDate", False, "atStartOfDay", "(ZoneId)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDate", False, "atTime", "(OffsetTime)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDate", False, "atTime", "(OffsetTime)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDate", False, "atTime", "(int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDate", False, "atTime", "(int,int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDate", False, "atTime", "(int,int,int,int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDate", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDate", False, "minusDays", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDate", False, "minusMonths", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDate", False, "minusWeeks", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDate", False, "minusYears", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "LocalDate", False, "plusMonths", "(long)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "LocalDate", False, "plusWeeks", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "LocalDate", False, "plusYears", "(long)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "LocalDate", False, "withDayOfMonth", "(int)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "LocalDate", False, "withDayOfYear", "(int)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "LocalDate", False, "withMonth", "(int)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "LocalDate", False, "withYear", "(int)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "atOffset", "(ZoneOffset)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "atOffset", "(ZoneOffset)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "minusDays", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "minusHours", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "minusMinutes", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "minusMonths", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "minusNanos", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "minusSeconds", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "minusWeeks", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "minusYears", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "of", "(LocalDate,LocalTime)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "of", "(LocalDate,LocalTime)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "plusDays", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "plusHours", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "plusMinutes", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "plusMonths", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "plusNanos", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "plusSeconds", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "plusWeeks", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "plusYears", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "truncatedTo", "(TemporalUnit)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "withDayOfMonth", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "withDayOfYear", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "withHour", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "withMinute", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "withMonth", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "withNano", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "withSecond", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalDateTime", False, "withYear", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalTime", False, "atDate", "(LocalDate)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalTime", False, "atDate", "(LocalDate)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalTime", False, "atOffset", "(ZoneOffset)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalTime", False, "atOffset", "(ZoneOffset)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalTime", False, "format", "(DateTimeFormatter)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalTime", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalTime", False, "minusHours", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalTime", False, "minusMinutes", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalTime", False, "minusNanos", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "LocalTime", False, "minusSeconds", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "LocalTime", False, "plusHours", "(long)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "LocalTime", False, "plusMinutes", "(long)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "LocalTime", False, "plusNanos", "(long)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
@@ -28,20 +127,169 @@ extensions:
      - ["java.time", "LocalTime", False, "withMinute", "(int)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "LocalTime", False, "withNano", "(int)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "LocalTime", False, "withSecond", "(int)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "Month", False, "getDisplayName", "(TextStyle,Locale)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "MonthDay", False, "format", "(DateTimeFormatter)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "MonthDay", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "MonthDay", False, "with", "(Month)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "MonthDay", False, "withDayOfMonth", "(int)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "MonthDay", False, "withMonth", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "atZoneSameInstant", "(ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "atZoneSameInstant", "(ZoneId)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "atZoneSimilarLocal", "(ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "atZoneSimilarLocal", "(ZoneId)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "format", "(DateTimeFormatter)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "format", "(DateTimeFormatter)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "getOffset", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "minusDays", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "minusHours", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "minusMinutes", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "minusMonths", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "minusNanos", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "minusSeconds", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "minusWeeks", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "minusYears", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "now", "(Clock)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "now", "(ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "of", "(LocalDate,LocalTime,ZoneOffset)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "of", "(LocalDate,LocalTime,ZoneOffset)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "of", "(LocalDate,LocalTime,ZoneOffset)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "of", "(LocalDateTime,ZoneOffset)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "of", "(LocalDateTime,ZoneOffset)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "of", "(int,int,int,int,int,int,int,ZoneOffset)", "", "Argument[7]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "ofInstant", "(Instant,ZoneId)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "plusDays", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "plusHours", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "plusMinutes", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "plusMonths", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "plusNanos", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "plusSeconds", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "plusWeeks", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "plusYears", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "toLocalDate", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "toLocalDateTime", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "toLocalTime", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "toOffsetTime", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "toZonedDateTime", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "truncatedTo", "(TemporalUnit)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "withDayOfMonth", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "withDayOfYear", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "withHour", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "withMinute", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "withMonth", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "withNano", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "OffsetDateTime", False, "withOffsetSameInstant", "(ZoneOffset)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "withOffsetSameLocal", "(ZoneOffset)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "withOffsetSameLocal", "(ZoneOffset)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "withSecond", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetDateTime", False, "withYear", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "atDate", "(LocalDate)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "atDate", "(LocalDate)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "format", "(DateTimeFormatter)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "format", "(DateTimeFormatter)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "getOffset", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "minusHours", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "minusMinutes", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "minusNanos", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "minusSeconds", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "now", "(Clock)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "now", "(ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "of", "(LocalTime,ZoneOffset)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "of", "(LocalTime,ZoneOffset)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "of", "(int,int,int,int,ZoneOffset)", "", "Argument[4]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "ofInstant", "(Instant,ZoneId)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "plusHours", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "plusMinutes", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "plusNanos", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "plusSeconds", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "toLocalTime", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "truncatedTo", "(TemporalUnit)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "withHour", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "withMinute", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "withNano", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "OffsetTime", False, "withOffsetSameInstant", "(ZoneOffset)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "OffsetTime", False, "withOffsetSameLocal", "(ZoneOffset)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "withOffsetSameLocal", "(ZoneOffset)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "OffsetTime", False, "withSecond", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Period", False, "from", "(TemporalAmount)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Period", False, "minusDays", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Period", False, "minusMonths", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Period", False, "minusYears", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "Period", False, "plusDays", "(long)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "Period", False, "plusMonths", "(long)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "Period", False, "plusYears", "(long)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "Period", False, "withDays", "(int)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "Period", False, "withMonths", "(int)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "Period", False, "withYears", "(int)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "Year", False, "format", "(DateTimeFormatter)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Year", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "Year", False, "minusYears", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "Year", False, "plusYears", "(long)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "YearMonth", False, "format", "(DateTimeFormatter)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "YearMonth", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "YearMonth", False, "minusMonths", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "YearMonth", False, "minusYears", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "YearMonth", False, "plusMonths", "(long)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
      - ["java.time", "YearMonth", False, "plusYears", "(long)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "YearMonth", False, "withMonth", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "YearMonth", False, "withYear", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZoneId", True, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZoneId", True, "getDisplayName", "(TextStyle,Locale)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZoneId", True, "getId", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZoneId", True, "getRules", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time", "ZoneId", True, "normalized", "()", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time", "ZoneId", True, "of", "(String,Map)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZoneId", True, "of", "(String,Map)", "", "Argument[1].Element", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZoneId", True, "ofOffset", "(String,ZoneOffset)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZoneId", True, "ofOffset", "(String,ZoneOffset)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZoneOffset", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "from", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "minusDays", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "minusHours", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "minusMinutes", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "minusMonths", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "minusNanos", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "minusSeconds", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "minusWeeks", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "minusYears", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "now", "(Clock)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "now", "(ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "of", "(LocalDate,LocalTime,ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "of", "(LocalDate,LocalTime,ZoneId)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "of", "(LocalDate,LocalTime,ZoneId)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "of", "(LocalDateTime,ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "of", "(LocalDateTime,ZoneId)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "of", "(int,int,int,int,int,int,int,ZoneId)", "", "Argument[7]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "ofInstant", "(Instant,ZoneId)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "ofInstant", "(LocalDateTime,ZoneOffset,ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "ofInstant", "(LocalDateTime,ZoneOffset,ZoneId)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "ofInstant", "(LocalDateTime,ZoneOffset,ZoneId)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "ofLocal", "(LocalDateTime,ZoneId,ZoneOffset)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "ofLocal", "(LocalDateTime,ZoneId,ZoneOffset)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "ofLocal", "(LocalDateTime,ZoneId,ZoneOffset)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "ofStrict", "(LocalDateTime,ZoneOffset,ZoneId)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "ofStrict", "(LocalDateTime,ZoneOffset,ZoneId)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "ofStrict", "(LocalDateTime,ZoneOffset,ZoneId)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "plusDays", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "plusHours", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "plusMinutes", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "plusMonths", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "plusNanos", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "plusSeconds", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "plusWeeks", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "plusYears", "(long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "toOffsetDateTime", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "truncatedTo", "(TemporalUnit)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "withDayOfMonth", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "withDayOfYear", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "withFixedOffsetZone", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "withHour", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "withMinute", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "withMonth", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "withNano", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "withSecond", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time", "ZonedDateTime", False, "withYear", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
  - addsTo:
      pack: codeql/java-all
      extensible: neutralModel
--- a/java/ql/lib/ext/generated/java.time.temporal.model.yml
+++ b/java/ql/lib/ext/generated/java.time.temporal.model.yml
@@ -4,10 +4,36 @@ extensions:
      pack: codeql/java-all
      extensible: summaryModel
    data:
+      - ["java.time.temporal", "Temporal", True, "minus", "(TemporalAmount)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "Temporal", True, "minus", "(long,TemporalUnit)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "Temporal", True, "plus", "(TemporalAmount)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "Temporal", True, "plus", "(long,TemporalUnit)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "Temporal", True, "with", "(TemporalAdjuster)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "Temporal", True, "with", "(TemporalAdjuster)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "Temporal", True, "with", "(TemporalField,long)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time.temporal", "Temporal", True, "with", "(TemporalField,long)", "", "Argument[this]", "ReturnValue", "value", "df-generated"]
+      - ["java.time.temporal", "TemporalAccessor", True, "query", "(TemporalQuery)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "TemporalAccessor", True, "range", "(TemporalField)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "TemporalAdjuster", True, "adjustInto", "(Temporal)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "TemporalAmount", True, "addTo", "(Temporal)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "TemporalAmount", True, "subtractFrom", "(Temporal)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "TemporalField", True, "adjustInto", "(Temporal,long)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "TemporalField", True, "getBaseUnit", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "TemporalField", True, "getDisplayName", "(Locale)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "TemporalField", True, "getDisplayName", "(Locale)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "TemporalField", True, "getRangeUnit", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "TemporalField", True, "range", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "TemporalField", True, "rangeRefinedBy", "(TemporalAccessor)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "TemporalField", True, "resolve", "(Map,TemporalAccessor,ResolverStyle)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "TemporalUnit", True, "addTo", "(Temporal,long)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
      - ["java.time.temporal", "UnsupportedTemporalTypeException", True, "UnsupportedTemporalTypeException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
      - ["java.time.temporal", "UnsupportedTemporalTypeException", True, "UnsupportedTemporalTypeException", "(String,Throwable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
      - ["java.time.temporal", "UnsupportedTemporalTypeException", True, "UnsupportedTemporalTypeException", "(String,Throwable)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
+      - ["java.time.temporal", "WeekFields", False, "dayOfWeek", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "WeekFields", False, "weekBasedYear", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "WeekFields", False, "weekOfMonth", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "WeekFields", False, "weekOfWeekBasedYear", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.temporal", "WeekFields", False, "weekOfYear", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
  - addsTo:
      pack: codeql/java-all
      extensible: neutralModel
--- a/java/ql/lib/ext/generated/java.time.zone.model.yml
+++ b/java/ql/lib/ext/generated/java.time.zone.model.yml
@@ -4,6 +4,36 @@ extensions:
      pack: codeql/java-all
      extensible: summaryModel
    data:
+      - ["java.time.zone", "ZoneOffsetTransition", False, "getDateTimeAfter", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransition", False, "getDateTimeBefore", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransition", False, "getOffsetAfter", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransition", False, "getOffsetBefore", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransition", False, "of", "(LocalDateTime,ZoneOffset,ZoneOffset)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransition", False, "of", "(LocalDateTime,ZoneOffset,ZoneOffset)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransition", False, "of", "(LocalDateTime,ZoneOffset,ZoneOffset)", "", "Argument[2]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransitionRule$TimeDefinition", False, "createDateTime", "(LocalDateTime,ZoneOffset,ZoneOffset)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransitionRule", False, "createTransition", "(int)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransitionRule", False, "getLocalTime", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransitionRule", False, "getOffsetAfter", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransitionRule", False, "getOffsetBefore", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransitionRule", False, "getStandardOffset", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransitionRule", False, "of", "(Month,int,DayOfWeek,LocalTime,boolean,ZoneOffsetTransitionRule$TimeDefinition,ZoneOffset,ZoneOffset,ZoneOffset)", "", "Argument[3]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransitionRule", False, "of", "(Month,int,DayOfWeek,LocalTime,boolean,ZoneOffsetTransitionRule$TimeDefinition,ZoneOffset,ZoneOffset,ZoneOffset)", "", "Argument[6]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransitionRule", False, "of", "(Month,int,DayOfWeek,LocalTime,boolean,ZoneOffsetTransitionRule$TimeDefinition,ZoneOffset,ZoneOffset,ZoneOffset)", "", "Argument[7]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneOffsetTransitionRule", False, "of", "(Month,int,DayOfWeek,LocalTime,boolean,ZoneOffsetTransitionRule$TimeDefinition,ZoneOffset,ZoneOffset,ZoneOffset)", "", "Argument[8]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneRules", False, "getOffset", "(Instant)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneRules", False, "getOffset", "(LocalDateTime)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneRules", False, "getStandardOffset", "(Instant)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneRules", False, "getTransition", "(LocalDateTime)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneRules", False, "getTransitionRules", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneRules", False, "getTransitions", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneRules", False, "getValidOffsets", "(LocalDateTime)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneRules", False, "nextTransition", "(Instant)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneRules", False, "of", "(ZoneOffset)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneRules", False, "of", "(ZoneOffset,ZoneOffset,List,List,List)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneRules", False, "of", "(ZoneOffset,ZoneOffset,List,List,List)", "", "Argument[2].Element", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneRules", False, "of", "(ZoneOffset,ZoneOffset,List,List,List)", "", "Argument[4].Element", "ReturnValue", "taint", "df-generated"]
+      - ["java.time.zone", "ZoneRules", False, "previousTransition", "(Instant)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
      - ["java.time.zone", "ZoneRulesException", True, "ZoneRulesException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
      - ["java.time.zone", "ZoneRulesException", True, "ZoneRulesException", "(String,Throwable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
      - ["java.time.zone", "ZoneRulesException", True, "ZoneRulesException", "(String,Throwable)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"]
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Rasmus Lerchedahl Petersen	4b3157f212	ModelEditor: More robust path resolution Can handle both old and new style paths We now transform a (type,path) pair into a dotted path and compare with a computed dotted path Tests now pass	2024-05-23 16:27:24 +02:00
Rasmus Lerchedahl Petersen	974b59c9a4	ModelEditor: add modelKind values are `"Function", "InstanceMethod", "ClassMethod", "StaticMethod", "InitMethod", "Class"`	2024-05-22 12:27:37 +02:00
Rasmus Lerchedahl Petersen	1504e0d5ec	ModelEditor: class endpoint	2024-05-22 12:06:32 +02:00
Rasmus Lerchedahl Petersen	deb9e0db60	ModelEditor: more tests	2024-05-22 11:36:54 +02:00
Rasmus Lerchedahl Petersen	4edb3dc260	modelEditor: fix extensible predicate calls	2024-05-22 11:17:56 +02:00
Rasmus Lerchedahl Petersen	41e8581ec2	modelEditor: move stuff to lib and add tests	2024-05-22 11:05:44 +02:00
Rasmus Lerchedahl Petersen	d46a2ba1d2	Python: add (more) support for MaD sinks - path-injection, rflected-xss, and html-injection already had support - I only conisdered the sink kinds provided by the Model Editor	2024-05-22 11:05:44 +02:00
Rasmus Lerchedahl Petersen	9c3559262b	python/model-editor: Improve paths - handle classes - trim `.ReturnValue` and `.Argument[...]` for source and sink paths	2024-05-22 11:05:44 +02:00
Rasmus Lerchedahl Petersen	7ab36f7bd8	python/model-editor: add comment and TODO around positional-only parameters	2024-05-22 11:05:44 +02:00
Rasmus Lerchedahl Petersen	51d41821c4	python/modeleditor: fix bad autocomplete	2024-05-22 11:05:44 +02:00
Rasmus Lerchedahl Petersen	f23933f40f	python/modeleditor: split path into name and type	2024-05-22 11:05:43 +02:00
Rasmus Lerchedahl Petersen	69a9af533c	python/modeleditor: implement `hasSummary`, `is[Source/Sink/Neutral]`	2024-05-22 11:05:43 +02:00
Rasmus Lerchedahl Petersen	060c410a87	python/modeleditor: improve endpoint path computation	2024-05-22 11:05:43 +02:00
Koen Vlaswinkel	e4213b5b4c	Python: Add simple model editor queries	2024-05-22 11:05:43 +02:00
				`@@ -1 +0,0 @@`
				`\| [...]/newtonsoft.json/13.0.3/lib/net6.0/Newtonsoft.Json.dll \|`