Move actions integration-tests to all-platforms

.bazelversion

@@ -1 +1 @@
-8.1.1
+8.0.0

.github/workflows/mad_modelDiff.yml

@@ -68,7 +68,7 @@ jobs:
             DATABASE=$2
             cd codeql-$QL_VARIANT
             SHORTNAME=`basename $DATABASE`
-            python misc/scripts/models-as-data/generate_mad.py --language java --with-summaries --with-sinks $DATABASE $SHORTNAME/$QL_VARIANT
+            python java/ql/src/utils/modelgenerator/GenerateFlowModel.py --with-summaries --with-sinks $DATABASE $SHORTNAME/$QL_VARIANT
             mkdir -p $MODELS/$SHORTNAME
             mv java/ql/lib/ext/generated/$SHORTNAME/$QL_VARIANT $MODELS/$SHORTNAME
             cd ..

CODEOWNERS

@@ -8,7 +8,6 @@
 /javascript/ @github/codeql-javascript
 /python/ @github/codeql-python
 /ruby/ @github/codeql-ruby
-/rust/ @github/codeql-rust
 /swift/ @github/codeql-swift
 /misc/codegen/ @github/codeql-swift
 /java/kotlin-extractor/ @github/codeql-kotlin
@@ -17,7 +16,6 @@
 
 # Experimental CodeQL cryptography
 **/experimental/quantum/ @github/ps-codeql
-/shared/quantum/ @github/ps-codeql
 
 # CodeQL tools and associated docs
 /docs/codeql/codeql-cli/ @github/codeql-cli-reviewers
@@ -43,7 +41,6 @@ MODULE.bazel @github/codeql-ci-reviewers
 /.github/workflows/go-* @github/codeql-go
 /.github/workflows/ql-for-ql-* @github/codeql-ql-for-ql-reviewers
 /.github/workflows/ruby-* @github/codeql-ruby
-/.github/workflows/rust.yml @github/codeql-rust
 /.github/workflows/swift.yml @github/codeql-swift
 
 # Misc

Cargo.lock

@@ -154,15 +154,15 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
 
 [[package]]
 name = "bitflags"
-version = "2.9.0"
+version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c8214115b7bf84099f1309324e63141d4c5d7cc26862f97a0a857dbefe165bd"
+checksum = "8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36"
 
 [[package]]
 name = "borsh"
-version = "1.5.5"
+version = "1.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5430e3be710b68d984d1391c854eb431a9d548640711faa54eecb1df93db91cc"
+checksum = "2506947f73ad44e344215ccd6403ac2ae18cd8e046e581a441bf8d199f257f03"
 dependencies = [
  "cfg_aliases",
 ]
@@ -224,9 +224,9 @@ dependencies = [
 
 [[package]]
 name = "cargo_metadata"
-version = "0.19.2"
+version = "0.18.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dd5eb614ed4c27c5d706420e4320fbe3216ab31fa1c33cd8246ac36dae4479ba"
+checksum = "2d886547e41f740c616ae73108f6eb70afe6d940c7bc697cb30f13daec073037"
 dependencies = [
  "camino",
  "cargo-platform",
@@ -275,7 +275,7 @@ version = "0.100.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4f114996bda14c0213f014a4ef31a7867dcf5f539a3900477fc6b20138e7a17b"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
  "chalk-derive",
 ]
 
@@ -301,7 +301,7 @@ dependencies = [
  "chalk-derive",
  "chalk-ir",
  "ena",
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
  "itertools 0.12.1",
  "petgraph",
  "rustc-hash 1.1.0",
@@ -325,9 +325,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.35"
+version = "4.5.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d8aa86934b44c19c50f87cc2790e19f54f7a67aedb64101c2e1a2e5ecfb73944"
+checksum = "6088f3ae8c3608d19260cd7445411865a485688711b78b5be70d78cd96136f83"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -335,9 +335,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.35"
+version = "4.5.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2414dbb2dd0695280da6ea9261e327479e9d37b0630f6b53ba2a11c60c679fd9"
+checksum = "22a7ef7f676155edfb82daa97f99441f3ebf4a58d5e32f295a56259f1b6facc8"
 dependencies = [
  "anstream",
  "anstyle",
@@ -622,7 +622,7 @@ version = "0.14.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3d248bdd43ce613d87415282f69b9bb99d947d290b10962dd6c56233312c2ad5"
 dependencies = [
- "log 0.4.27",
+ "log 0.4.25",
 ]
 
 [[package]]
@@ -691,9 +691,9 @@ checksum = "a246d82be1c9d791c5dfde9a2bd045fc3cbba3fa2b11ad558f27d01712f00569"
 
 [[package]]
 name = "equivalent"
-version = "1.0.2"
+version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f"
+checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"
 
 [[package]]
 name = "figment"
@@ -781,7 +781,7 @@ checksum = "cc6bd114ceda131d3b1d665eba35788690ad37f5916457286b32ab6fd3c438dd"
 dependencies = [
  "cfg-if",
  "libc",
- "log 0.4.27",
+ "log 0.4.25",
  "rustversion",
  "windows",
 ]
@@ -812,7 +812,7 @@ checksum = "15f1ce686646e7f1e19bf7d5533fe443a45dbfb990e00629110797578b42fb19"
 dependencies = [
  "aho-corasick",
  "bstr",
- "log 0.4.27",
+ "log 0.4.25",
  "regex-automata 0.4.9",
  "regex-syntax 0.8.5",
 ]
@@ -918,9 +918,9 @@ dependencies = [
 
 [[package]]
 name = "indexmap"
-version = "2.9.0"
+version = "2.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cea70ddb795996207ad57735b50c5982d8844f38ba9ee5f1aedcfb708a2aa11e"
+checksum = "62f822373a4fe84d4bb149bf54e584a7f4abec90e072ed49cda0edea5b95471f"
 dependencies = [
  "equivalent",
  "hashbrown 0.15.2",
@@ -939,7 +939,7 @@ version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f37dccff2791ab604f9babef0ba14fbe0be30bd368dc541e2b08d07c8aa908f3"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
  "inotify-sys",
  "libc",
 ]
@@ -979,9 +979,9 @@ dependencies = [
 
 [[package]]
 name = "itoa"
-version = "1.0.15"
+version = "1.0.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
+checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674"
 
 [[package]]
 name = "jod-thread"
@@ -1033,9 +1033,9 @@ checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
 
 [[package]]
 name = "libc"
-version = "0.2.171"
+version = "0.2.169"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c19937216e9d3aa9956d9bb8dfc0b0c8beb6058fc4f7a4dc4d850edf86a237d6"
+checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a"
 
 [[package]]
 name = "libredox"
@@ -1043,7 +1043,7 @@ version = "0.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
  "libc",
  "redox_syscall",
 ]
@@ -1074,14 +1074,14 @@ version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e19e8d5c34a3e0e2223db8e060f9e8264aeeb5c5fc64a4ee9965c062211c024b"
 dependencies = [
- "log 0.4.27",
+ "log 0.4.25",
 ]
 
 [[package]]
 name = "log"
-version = "0.4.27"
+version = "0.4.25"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"
+checksum = "04cbf5b083de1c7e0222a7a51dbfdba1cbe1c6ab0b15e29fff3f6c077fd9cd9f"
 
 [[package]]
 name = "loom"
@@ -1096,6 +1096,12 @@ dependencies = [
  "tracing-subscriber",
 ]
 
+[[package]]
+name = "lz4_flex"
+version = "0.11.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75761162ae2b0e580d7e7c390558127e5f01b4194debd6221fd8c207fc80e3f5"
+
 [[package]]
 name = "matchers"
 version = "0.1.0"
@@ -1136,7 +1142,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd"
 dependencies = [
  "libc",
- "log 0.4.27",
+ "log 0.4.25",
  "wasi 0.11.0+wasi-snapshot-preview1",
  "windows-sys 0.52.0",
 ]
@@ -1172,13 +1178,13 @@ version = "8.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2fee8403b3d66ac7b26aee6e40a897d85dc5ce26f44da36b8b73e987cc52e943"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
  "filetime",
  "fsevent-sys",
  "inotify",
  "kqueue",
  "libc",
- "log 0.4.27",
+ "log 0.4.25",
  "mio",
  "notify-types",
  "walkdir",
@@ -1234,9 +1240,9 @@ checksum = "945462a4b81e43c4e3ba96bd7b49d834c6f61198356aa858733bc4acf3cbe62e"
 
 [[package]]
 name = "oorandom"
-version = "11.1.5"
+version = "11.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d6790f58c7ff633d8771f42965289203411a5e5c68388703c06e14f24770b41e"
+checksum = "b410bbe7e14ab526a0e86877eb47c6996a2bd7746f027ba551028c925390e4e9"
 
 [[package]]
 name = "os_str_bytes"
@@ -1325,7 +1331,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db"
 dependencies = [
  "fixedbitset",
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
 ]
 
 [[package]]
@@ -1392,7 +1398,7 @@ version = "0.100.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f1651b0f7e8c3eb7c27a88f39d277e69c32bfe58e3be174d286c1a24d6a7a4d8"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
  "ra-ap-rustc_hashes",
  "ra-ap-rustc_index",
  "tracing",
@@ -1464,16 +1470,18 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_base_db"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8fd761118bbafe29e2b187e694c6b8e800f2c7822bbc1d9d2db4ac21fb8b0365"
+checksum = "4baa9734d254af14fd603528ad594650dea601b1764492bd39988da38598ae67"
 dependencies = [
  "dashmap 5.5.3",
  "la-arena",
+ "lz4_flex",
  "ra_ap_cfg",
  "ra_ap_intern",
  "ra_ap_query-group-macro",
  "ra_ap_span",
+ "ra_ap_stdx",
  "ra_ap_syntax",
  "ra_ap_vfs",
  "rustc-hash 2.1.1",
@@ -1485,9 +1493,9 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_cfg"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ce74ce1af24afd86d3529dbbf5a849d026948b2d8ba51d199b6ea6db6e345b6"
+checksum = "0ef2ba45636c5e585040c0c4bee640737a6001b08309f1a25ca78cf04abfbf90"
 dependencies = [
  "ra_ap_intern",
  "ra_ap_tt",
@@ -1497,20 +1505,20 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_edition"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f423b9fb19e3920e4c7039120d09d9c79070a26efe8ff9f787c7234b07f518c5"
+checksum = "8955c1484d5e7274f755187788ba0d51eb149f870c69cdf0d87c3b7edea20ea0"
 
 [[package]]
 name = "ra_ap_hir"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dd4aa8a568b80d288b90c4fa5dc8a3cc405914d261bfd33a3761c1ba41be358d"
+checksum = "a51d7955beff2212701b149bea36d4cf2dc0f5cd129652c9bcf0cb5c0b021078"
 dependencies = [
  "arrayvec",
  "either",
- "indexmap 2.9.0",
- "itertools 0.14.0",
+ "indexmap 2.7.0",
+ "itertools 0.12.1",
  "ra_ap_base_db",
  "ra_ap_cfg",
  "ra_ap_hir_def",
@@ -1529,20 +1537,23 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_hir_def"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "acb18d9378a828a23ccf87b89199db005adb67ba2a05a37d7a3fcad4d1036e66"
+checksum = "e5c97e617e4c585d24b3d4f668861452aedddfbe0262f4c53235dcea77e62f9b"
 dependencies = [
  "arrayvec",
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
  "cov-mark",
+ "dashmap 5.5.3",
  "drop_bomb",
  "either",
  "fst",
- "indexmap 2.9.0",
- "itertools 0.14.0",
+ "hashbrown 0.14.5",
+ "indexmap 2.7.0",
+ "itertools 0.12.1",
  "la-arena",
  "ra-ap-rustc_abi",
+ "ra-ap-rustc_hashes",
  "ra-ap-rustc_parse_format",
  "ra_ap_base_db",
  "ra_ap_cfg",
@@ -1559,20 +1570,21 @@ dependencies = [
  "salsa",
  "smallvec",
  "text-size",
- "thin-vec",
  "tracing",
  "triomphe",
 ]
 
 [[package]]
 name = "ra_ap_hir_expand"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "094fa79d8f661f52cf3b7fb8b3d91c4be2ad9e71a3967d3dacd25429fa44b37d"
+checksum = "be57c0d7e3f2180dd8ea584b11447f34060eadc06f0f6d559e2a790f6e91b6c5"
 dependencies = [
  "cov-mark",
  "either",
- "itertools 0.14.0",
+ "hashbrown 0.14.5",
+ "itertools 0.12.1",
+ "la-arena",
  "ra_ap_base_db",
  "ra_ap_cfg",
  "ra_ap_intern",
@@ -1593,22 +1605,24 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_hir_ty"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "093482d200d5db421db5692e7819bbb14fb717cc8cb0f91f93cce9fde85b3df2"
+checksum = "f260f35748f3035b46a8afcdebda7cb75d95c24750105fad86101d09a9d387c8"
 dependencies = [
  "arrayvec",
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
  "chalk-derive",
  "chalk-ir",
  "chalk-recursive",
  "chalk-solve",
  "cov-mark",
+ "dashmap 5.5.3",
  "either",
  "ena",
- "indexmap 2.9.0",
- "itertools 0.14.0",
+ "indexmap 2.7.0",
+ "itertools 0.12.1",
  "la-arena",
+ "nohash-hasher",
  "oorandom",
  "ra-ap-rustc_abi",
  "ra-ap-rustc_index",
@@ -1633,18 +1647,19 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_ide_db"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b655b92dfa9444db8129321b9217d9e4a83a58ee707aa1004a93052acfb43d57"
+checksum = "0426263be26e27cb55a3b9ef88b120511b66fe7d9b418a2473d6d5f3ac2fe0a6"
 dependencies = [
  "arrayvec",
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
  "cov-mark",
  "crossbeam-channel",
+ "dashmap 5.5.3",
  "either",
  "fst",
- "indexmap 2.9.0",
- "itertools 0.14.0",
+ "indexmap 2.7.0",
+ "itertools 0.12.1",
  "line-index",
  "memchr",
  "nohash-hasher",
@@ -1666,9 +1681,9 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_intern"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b4e528496b4d4c351806bb073d3d7f6526535741b9e8801776603c924bbec624"
+checksum = "f6ea8c9615b3b0688cf557e7310dbd9432f43860c8ea766d54f4416cbecf3571"
 dependencies = [
  "dashmap 5.5.3",
  "hashbrown 0.14.5",
@@ -1678,16 +1693,17 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_load-cargo"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a97a5070b2f4b99f56683d91b2687aa0c530d8969cc5252ec2ae5644e428ffe"
+checksum = "570907e16725c13a678bfd8050ce8839af2831da042a0878b75ee8c41b0f7b0c"
 dependencies = [
  "anyhow",
  "crossbeam-channel",
- "itertools 0.14.0",
+ "itertools 0.12.1",
  "ra_ap_hir_expand",
  "ra_ap_ide_db",
  "ra_ap_intern",
+ "ra_ap_paths",
  "ra_ap_proc_macro_api",
  "ra_ap_project_model",
  "ra_ap_span",
@@ -1699,9 +1715,9 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_mbe"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b187ee5ee3fa726eeea5142242a0397e2200d77084026986a68324b9599f9046"
+checksum = "e893fe03b04b30c9b5a339ac2bf39ce32ac9c05a8b50121b7d89ce658346e164"
 dependencies = [
  "arrayvec",
  "cov-mark",
@@ -1710,17 +1726,19 @@ dependencies = [
  "ra_ap_parser",
  "ra_ap_span",
  "ra_ap_stdx",
+ "ra_ap_syntax",
  "ra_ap_syntax-bridge",
  "ra_ap_tt",
  "rustc-hash 2.1.1",
  "smallvec",
+ "tracing",
 ]
 
 [[package]]
 name = "ra_ap_parser"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2306e6c051e60483f3b317fac9dec6c883b7792eeb8db24ec6f39dbfa5430159"
+checksum = "6fd9a264120968b14a66b6ba756cd7f99435385b5dbc2f0a611cf3a12221c385"
 dependencies = [
  "drop_bomb",
  "ra-ap-rustc_lexer",
@@ -1730,20 +1748,20 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_paths"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dcedd00499621bdd0f1fe01955c04e4b388197aa826744003afaf6cc2944bc80"
+checksum = "f47817351651e36b56ff3afc483b41600053c9cb7e67d945467c0abe93416032"
 dependencies = [
  "camino",
 ]
 
 [[package]]
 name = "ra_ap_proc_macro_api"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a2e49b550015cd4ad152bd78d92d73594497f2e44f61273f9fed3534ad4bbbe"
+checksum = "d96da3b8b9f6b813a98f5357eef303905450741f47ba90adaab8a5371b748416"
 dependencies = [
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
  "ra_ap_intern",
  "ra_ap_paths",
  "ra_ap_span",
@@ -1758,9 +1776,9 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_profile"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87cdbd27ebe02ec21fdae3df303f194bda036a019ecef80d47e0082646f06c54"
+checksum = "13637377287c84f88a628e40229d271ef0081c0d683956bd99a6c8278a4f8b14"
 dependencies = [
  "cfg-if",
  "libc",
@@ -1770,13 +1788,13 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_project_model"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5eaa3406c891a7840d20ce615f8decca32cbc9d3654b82dcbcc3a31257ce90b9"
+checksum = "053c5207a638fc7a752c7a454bc952b28b0d02f0bf9f6d7ec785ec809579d8fa"
 dependencies = [
  "anyhow",
  "cargo_metadata",
- "itertools 0.14.0",
+ "itertools 0.12.1",
  "la-arena",
  "ra_ap_base_db",
  "ra_ap_cfg",
@@ -1796,20 +1814,22 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_query-group-macro"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fbc1748e4876a9b0ccfacfc7e2fe254f30e92ef58d98925282b3803e8b004ed"
+checksum = "0f1a38f07b442e47a234cbe2e8fd1b8a41ff0cc5123cb1cf994c5ce20edb5bd6"
 dependencies = [
+ "heck",
  "proc-macro2",
  "quote",
+ "salsa",
  "syn",
 ]
 
 [[package]]
 name = "ra_ap_span"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ed1d036e738bf32a057d90698df85bcb83ed6263b5fe9fba132c99e8ec3aecaf"
+checksum = "8818680c6f7da3b32cb2bb0992940b24264b1aa90203aa94812e09ab34d362d1"
 dependencies = [
  "hashbrown 0.14.5",
  "la-arena",
@@ -1823,12 +1843,12 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_stdx"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e3775954ab24408f71e97079a97558078a166a4082052e83256ae4c22dae18d"
+checksum = "f1c10bee1b03fc48083862c13cf06bd3ed17760463ecce2734103a2f511e5ed4"
 dependencies = [
  "crossbeam-channel",
- "itertools 0.14.0",
+ "itertools 0.12.1",
  "jod-thread",
  "libc",
  "miow",
@@ -1838,12 +1858,14 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_syntax"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b49b081f209a764700f688db91820a66c2ecfe5f138895d831361cf84f716691"
+checksum = "92bc32f3946fc5fcbdc79e61b7e26a8c2a3a56f3ef6ab27c7d298a9e21a462f2"
 dependencies = [
+ "cov-mark",
  "either",
- "itertools 0.14.0",
+ "indexmap 2.7.0",
+ "itertools 0.12.1",
  "ra-ap-rustc_lexer",
  "ra_ap_parser",
  "ra_ap_stdx",
@@ -1856,9 +1878,9 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_syntax-bridge"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2740bbe603d527f2cf0aaf51629de7d072694fbbaaeda8264f7591be1493d1b"
+checksum = "a42052c44c98c122c37aac476260c8f19d8fec495edc9c05835307c9ae86194d"
 dependencies = [
  "ra_ap_intern",
  "ra_ap_parser",
@@ -1867,13 +1889,14 @@ dependencies = [
  "ra_ap_syntax",
  "ra_ap_tt",
  "rustc-hash 2.1.1",
+ "tracing",
 ]
 
 [[package]]
 name = "ra_ap_toolchain"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "efbff9f26f307ef958586357d1653d000861dcd3acbaf33a009651e024720c7e"
+checksum = "75996e70b3a0c68cd5157ba01f018964c7c6a5d7b209047d449b393139d0b57f"
 dependencies = [
  "camino",
  "home",
@@ -1881,9 +1904,9 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_tt"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b1ce3ac14765e414fa6031fda7dc35d3492c74de225aac689ba8b8bf037e1f8"
+checksum = "0e4ee31e93bfabe83e6720b7469db88d7ad7ec5c59a1f011efec4aa1327ffc5c"
 dependencies = [
  "arrayvec",
  "ra-ap-rustc_lexer",
@@ -1894,13 +1917,13 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_vfs"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "29427a7c27ce8ddfefb52d77c952a4588c74d0a7ab064dc627129088a90423ca"
+checksum = "f6aac1e277ac70bb073f40f8a3fc44e4b1bb9e4d4b1d0e0bd2f8269543560f80"
 dependencies = [
  "crossbeam-channel",
  "fst",
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
  "nohash-hasher",
  "ra_ap_paths",
  "ra_ap_stdx",
@@ -1910,9 +1933,9 @@ dependencies = [
 
 [[package]]
 name = "ra_ap_vfs-notify"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d5a0e3095b8216ecc131f38b4b0025cac324a646469a95d2670354aee7278078"
+checksum = "cd95285146049621ee8f7a512c982a008bf036321fcc9b01a95c1ad7e6aeae57"
 dependencies = [
  "crossbeam-channel",
  "notify",
@@ -1982,7 +2005,7 @@ version = "0.5.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "03a862b389f93e68874fbf580b9de08dd02facb9a788ebadaf4a3fd33cf58834"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
 ]
 
 [[package]]
@@ -2070,10 +2093,10 @@ checksum = "2febf9acc5ee5e99d1ad0afcdbccc02d87aa3f857a1f01f825b80eacf8edfcd1"
 
 [[package]]
 name = "rustc_apfloat"
-version = "0.2.2+llvm-462a31f5a5ab"
-source = "git+https://github.com/redsun82/rustc_apfloat.git?rev=32968f16ef1b082243f9bf43a3fbd65c381b3e27#32968f16ef1b082243f9bf43a3fbd65c381b3e27"
+version = "0.2.1+llvm-462a31f5a5ab"
+source = "git+https://github.com/redsun82/rustc_apfloat.git?rev=096d585100636bc2e9f09d7eefec38c5b334d47b#096d585100636bc2e9f09d7eefec38c5b334d47b"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 1.3.2",
  "smallvec",
 ]
 
@@ -2100,7 +2123,7 @@ dependencies = [
  "dashmap 6.1.0",
  "hashbrown 0.15.2",
  "hashlink",
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
  "parking_lot",
  "portable-atomic",
  "rayon",
@@ -2153,9 +2176,9 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
 [[package]]
 name = "semver"
-version = "1.0.26"
+version = "1.0.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0"
+checksum = "3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba"
 dependencies = [
  "serde",
 ]
@@ -2211,7 +2234,7 @@ dependencies = [
  "chrono",
  "hex",
  "indexmap 1.9.3",
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
  "serde",
  "serde_derive",
  "serde_json",
@@ -2237,7 +2260,7 @@ version = "0.9.34+deprecated"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47"
 dependencies = [
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
  "itoa",
  "ryu",
  "serde",
@@ -2321,26 +2344,20 @@ version = "1.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f18aa187839b2bdb1ad2fa35ead8c4c2976b64e4363c386d45ac0f7ee85c9233"
 
-[[package]]
-name = "thin-vec"
-version = "0.2.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "144f754d318415ac792f9d69fc87abbbfc043ce2ef041c60f16ad828f638717d"
-
 [[package]]
 name = "thiserror"
-version = "2.0.12"
+version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "567b8a2dae586314f7be2a752ec7474332959c6460e02bde30d702a66d488708"
+checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
 dependencies = [
  "thiserror-impl",
 ]
 
 [[package]]
 name = "thiserror-impl"
-version = "2.0.12"
+version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d"
+checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -2415,7 +2432,7 @@ version = "0.22.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "17b4795ff5edd201c7cd6dca065ae59972ce77d1b80fa0a84d94950ece7d1474"
 dependencies = [
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
  "serde",
  "serde_spanned",
  "toml_datetime",
@@ -2471,7 +2488,7 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3"
 dependencies = [
- "log 0.4.27",
+ "log 0.4.25",
  "once_cell",
  "tracing-core",
 ]
@@ -2586,9 +2603,9 @@ checksum = "a3e5df347f0bf3ec1d670aad6ca5c6a1859cd9ea61d2113125794654ccced68f"
 
 [[package]]
 name = "unicode-ident"
-version = "1.0.17"
+version = "1.0.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "00e2473a93778eb0bad35909dff6a10d28e63f792f16ed15e404fca9d5eeedbe"
+checksum = "a210d160f08b701c8721ba1c726c11662f877ea6b7094007e1ca9a1041945034"
 
 [[package]]
 name = "unicode-properties"
@@ -2669,7 +2686,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5f89bb38646b4f81674e8f5c3fb81b562be1fd936d84320f3264486418519c79"
 dependencies = [
  "bumpalo",
- "log 0.4.27",
+ "log 0.4.25",
  "proc-macro2",
  "quote",
  "syn",
@@ -2978,7 +2995,7 @@ version = "0.33.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
 ]
 
 [[package]]

Cargo.toml

@@ -14,4 +14,4 @@ members = [
 [patch.crates-io]
 # patch for build script bug preventing bazel build
 # see https://github.com/rust-lang/rustc_apfloat/pull/17
-rustc_apfloat = { git = "https://github.com/redsun82/rustc_apfloat.git", rev = "32968f16ef1b082243f9bf43a3fbd65c381b3e27" }
+rustc_apfloat = { git = "https://github.com/redsun82/rustc_apfloat.git", rev = "096d585100636bc2e9f09d7eefec38c5b334d47b" }

MODULE.bazel

@@ -24,7 +24,7 @@ bazel_dep(name = "bazel_skylib", version = "1.7.1")
 bazel_dep(name = "abseil-cpp", version = "20240116.1", repo_name = "absl")
 bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
 bazel_dep(name = "fmt", version = "10.0.0")
-bazel_dep(name = "rules_kotlin", version = "2.1.3-codeql.1")
+bazel_dep(name = "rules_kotlin", version = "2.0.0-codeql.1")
 bazel_dep(name = "gazelle", version = "0.40.0")
 bazel_dep(name = "rules_dotnet", version = "0.17.4")
 bazel_dep(name = "googletest", version = "1.14.0.bcr.1")
@@ -75,7 +75,7 @@ use_repo(
     "vendor_ts__argfile-0.2.1",
     "vendor_ts__chalk-ir-0.100.0",
     "vendor_ts__chrono-0.4.40",
-    "vendor_ts__clap-4.5.35",
+    "vendor_ts__clap-4.5.32",
     "vendor_ts__dunce-1.0.5",
     "vendor_ts__either-1.15.0",
     "vendor_ts__encoding-0.2.33",
@@ -90,22 +90,22 @@ use_repo(
     "vendor_ts__num_cpus-1.16.0",
     "vendor_ts__proc-macro2-1.0.94",
     "vendor_ts__quote-1.0.40",
-    "vendor_ts__ra_ap_base_db-0.0.273",
-    "vendor_ts__ra_ap_cfg-0.0.273",
-    "vendor_ts__ra_ap_hir-0.0.273",
-    "vendor_ts__ra_ap_hir_def-0.0.273",
-    "vendor_ts__ra_ap_hir_expand-0.0.273",
-    "vendor_ts__ra_ap_hir_ty-0.0.273",
-    "vendor_ts__ra_ap_ide_db-0.0.273",
-    "vendor_ts__ra_ap_intern-0.0.273",
-    "vendor_ts__ra_ap_load-cargo-0.0.273",
-    "vendor_ts__ra_ap_parser-0.0.273",
-    "vendor_ts__ra_ap_paths-0.0.273",
-    "vendor_ts__ra_ap_project_model-0.0.273",
-    "vendor_ts__ra_ap_span-0.0.273",
-    "vendor_ts__ra_ap_stdx-0.0.273",
-    "vendor_ts__ra_ap_syntax-0.0.273",
-    "vendor_ts__ra_ap_vfs-0.0.273",
+    "vendor_ts__ra_ap_base_db-0.0.270",
+    "vendor_ts__ra_ap_cfg-0.0.270",
+    "vendor_ts__ra_ap_hir-0.0.270",
+    "vendor_ts__ra_ap_hir_def-0.0.270",
+    "vendor_ts__ra_ap_hir_expand-0.0.270",
+    "vendor_ts__ra_ap_hir_ty-0.0.270",
+    "vendor_ts__ra_ap_ide_db-0.0.270",
+    "vendor_ts__ra_ap_intern-0.0.270",
+    "vendor_ts__ra_ap_load-cargo-0.0.270",
+    "vendor_ts__ra_ap_parser-0.0.270",
+    "vendor_ts__ra_ap_paths-0.0.270",
+    "vendor_ts__ra_ap_project_model-0.0.270",
+    "vendor_ts__ra_ap_span-0.0.270",
+    "vendor_ts__ra_ap_stdx-0.0.270",
+    "vendor_ts__ra_ap_syntax-0.0.270",
+    "vendor_ts__ra_ap_vfs-0.0.270",
     "vendor_ts__rand-0.9.0",
     "vendor_ts__rayon-1.10.0",
     "vendor_ts__regex-1.11.1",
@@ -193,6 +193,10 @@ use_repo(
     kotlin_extractor_deps,
     "codeql_kotlin_defaults",
     "codeql_kotlin_embeddable",
+    "kotlin-compiler-1.5.0",
+    "kotlin-compiler-1.5.10",
+    "kotlin-compiler-1.5.20",
+    "kotlin-compiler-1.5.30",
     "kotlin-compiler-1.6.0",
     "kotlin-compiler-1.6.20",
     "kotlin-compiler-1.7.0",
@@ -204,7 +208,10 @@ use_repo(
     "kotlin-compiler-2.0.20-Beta2",
     "kotlin-compiler-2.1.0-Beta1",
     "kotlin-compiler-2.1.20-Beta1",
-    "kotlin-compiler-2.2.0-Beta1",
+    "kotlin-compiler-embeddable-1.5.0",
+    "kotlin-compiler-embeddable-1.5.10",
+    "kotlin-compiler-embeddable-1.5.20",
+    "kotlin-compiler-embeddable-1.5.30",
     "kotlin-compiler-embeddable-1.6.0",
     "kotlin-compiler-embeddable-1.6.20",
     "kotlin-compiler-embeddable-1.7.0",
@@ -216,7 +223,10 @@ use_repo(
     "kotlin-compiler-embeddable-2.0.20-Beta2",
     "kotlin-compiler-embeddable-2.1.0-Beta1",
     "kotlin-compiler-embeddable-2.1.20-Beta1",
-    "kotlin-compiler-embeddable-2.2.0-Beta1",
+    "kotlin-stdlib-1.5.0",
+    "kotlin-stdlib-1.5.10",
+    "kotlin-stdlib-1.5.20",
+    "kotlin-stdlib-1.5.30",
     "kotlin-stdlib-1.6.0",
     "kotlin-stdlib-1.6.20",
     "kotlin-stdlib-1.7.0",
@@ -228,7 +238,6 @@ use_repo(
     "kotlin-stdlib-2.0.20-Beta2",
     "kotlin-stdlib-2.1.0-Beta1",
     "kotlin-stdlib-2.1.20-Beta1",
-    "kotlin-stdlib-2.2.0-Beta1",
 )
 
 go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")

actions/extractor/tools/autobuild-impl.ps1

@@ -1,28 +1,21 @@
-# Note: We're adding the `reusable_workflows` subdirectories to proactively
-# record workflows that were called cross-repo, check them out locally,
-# and enable an interprocedural analysis across the workflow files.
-# These workflows follow the convention `.github/reusable_workflows/<nwo>/*.ya?ml`
-$DefaultPathFilters = @(
-    'exclude:**/*',
-    'include:.github/workflows/*.yml',
-    'include:.github/workflows/*.yaml',
-    'include:.github/reusable_workflows/**/*.yml',
-    'include:.github/reusable_workflows/**/*.yaml',
-    'include:**/action.yml',
-    'include:**/action.yaml'
-)
-
-if ($null -ne $env:LGTM_INDEX_FILTERS) {
-    Write-Output 'LGTM_INDEX_FILTERS set. Using the default filters together with the user-provided filters, and passing through to the JavaScript extractor.'
-    # Begin with the default path inclusions only,
-    # followed by the user-provided filters.
-    # If the user provided `paths`, those patterns override the default inclusions
-    # (because `LGTM_INDEX_FILTERS` will begin with `exclude:**/*`).
-    # If the user provided `paths-ignore`, those patterns are excluded.
-    $PathFilters = ($DefaultPathFilters -join "`n") + "`n" + $env:LGTM_INDEX_FILTERS
-    $env:LGTM_INDEX_FILTERS = $PathFilters
+if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE) -or ($null -ne $env:LGTM_INDEX_FILTERS)) {
+    Write-Output 'Path filters set. Passing them through to the JavaScript extractor.' 
 } else {
-    Write-Output 'LGTM_INDEX_FILTERS not set. Using the default filters, and passing through to the JavaScript extractor.'
+    Write-Output 'No path filters set. Using the default filters.'
+    # Note: We're adding the `reusable_workflows` subdirectories to proactively
+    # record workflows that were called cross-repo, check them out locally,
+    # and enable an interprocedural analysis across the workflow files.
+    # These workflows follow the convention `.github/reusable_workflows/<nwo>/*.ya?ml`
+    $DefaultPathFilters = @(
+        'exclude:**/*',
+        'include:.github/workflows/*.yml',
+        'include:.github/workflows/*.yaml',
+        'include:.github/reusable_workflows/**/*.yml',
+        'include:.github/reusable_workflows/**/*.yaml',
+        'include:**/action.yml',
+        'include:**/action.yaml'
+    )
+
     $env:LGTM_INDEX_FILTERS = $DefaultPathFilters -join "`n"
 }
 

actions/extractor/tools/autobuild.cmd

@@ -1,4 +1,3 @@
 @echo off
 rem All of the work is done in the PowerShell script
-echo "Running PowerShell script at '%~dp0autobuild-impl.ps1'"
-powershell.exe -File "%~dp0autobuild-impl.ps1"
+powershell.exe "%~dp0autobuild-impl.ps1"

actions/extractor/tools/autobuild.sh

@@ -17,22 +17,10 @@ include:**/action.yaml
 END
 )
 
-if [ -n "${LGTM_INDEX_FILTERS:-}" ]; then
-    echo "LGTM_INDEX_FILTERS set. Using the default filters together with the user-provided filters, and passing through to the JavaScript extractor."
-    # Begin with the default path inclusions only,
-    # followed by the user-provided filters.
-    # If the user provided `paths`, those patterns override the default inclusions
-    # (because `LGTM_INDEX_FILTERS` will begin with `exclude:**/*`).
-    # If the user provided `paths-ignore`, those patterns are excluded.
-    PATH_FILTERS="$(cat << END
-${DEFAULT_PATH_FILTERS}
-${LGTM_INDEX_FILTERS}
-END
-)"
-    LGTM_INDEX_FILTERS="${PATH_FILTERS}"
-    export LGTM_INDEX_FILTERS
+if [ -n "${LGTM_INDEX_INCLUDE:-}" ] || [ -n "${LGTM_INDEX_EXCLUDE:-}" ] || [ -n "${LGTM_INDEX_FILTERS:-}" ] ; then
+    echo "Path filters set. Passing them through to the JavaScript extractor."
 else
-    echo "LGTM_INDEX_FILTERS not set. Using the default filters, and passing through to the JavaScript extractor."
+    echo "No path filters set. Using the default filters."
     LGTM_INDEX_FILTERS="${DEFAULT_PATH_FILTERS}"
     export LGTM_INDEX_FILTERS
 fi

actions/ql/integration-tests/all-platforms/filters-default/actions.expected

@@ -2,4 +2,3 @@
 | src/.github/actions/action-name/action.yml:1:1:11:32 | name: ' ... action' |
 | src/.github/workflows/workflow.yml:1:1:12:33 | name: A workflow |
 | src/action.yml:1:1:11:32 | name: ' ... action' |
-| src/included/action.yml:1:1:11:32 | name: ' ... action' |

actions/ql/integration-tests/all-platforms/filters-default/test.py

@@ -0,0 +1,2 @@
+def test(codeql, actions):
+    codeql.database.create(source_root="src")

actions/ql/integration-tests/filters/actions.default-filters.expected

@@ -1,6 +0,0 @@
-| src/.github/action.yaml:1:1:11:32 | name: ' ... action' |
-| src/.github/actions/action-name/action.yml:1:1:11:32 | name: ' ... action' |
-| src/.github/workflows/workflow.yml:1:1:12:33 | name: A workflow |
-| src/action.yml:1:1:11:32 | name: ' ... action' |
-| src/excluded/action.yml:1:1:11:32 | name: ' ... action' |
-| src/included/action.yml:1:1:11:32 | name: ' ... action' |

actions/ql/integration-tests/filters/actions.paths-and-paths-ignore.expected

@@ -1,2 +0,0 @@
-| src/included/action.yml:1:1:11:32 | name: ' ... action' |
-| src/included/unreachable-workflow.yml:1:1:12:33 | name: A ... orkflow |

actions/ql/integration-tests/filters/actions.paths-only.expected

@@ -1,2 +0,0 @@
-| src/included/action.yml:1:1:11:32 | name: ' ... action' |
-| src/included/unreachable-workflow.yml:1:1:12:33 | name: A ... orkflow |

actions/ql/integration-tests/filters/actions.ql

@@ -1,5 +0,0 @@
-import actions
-
-from AstNode n
-where n instanceof Workflow or n instanceof CompositeAction
-select n

actions/ql/integration-tests/filters/codeql-config.paths-and-paths-ignore.yml

@@ -1,4 +0,0 @@
-paths:
-  - 'included'
-paths-ignore:
-  - 'excluded'

actions/ql/integration-tests/filters/codeql-config.paths-ignore-only.yml

@@ -1,2 +0,0 @@
-paths-ignore:
-  - 'excluded'

actions/ql/integration-tests/filters/codeql-config.paths-only.yml

@@ -1,2 +0,0 @@
-paths:
-  - 'included'

actions/ql/integration-tests/filters/source_archive.default-filters.expected

@@ -1,6 +0,0 @@
-src/.github/action.yaml
-src/.github/actions/action-name/action.yml
-src/.github/workflows/workflow.yml
-src/action.yml
-src/excluded/action.yml
-src/included/action.yml

actions/ql/integration-tests/filters/source_archive.paths-and-paths-ignore.expected

@@ -1,3 +0,0 @@
-src/included/action.yml
-src/included/not-an-action.yml
-src/included/unreachable-workflow.yml

actions/ql/integration-tests/filters/source_archive.paths-ignore-only.expected

@@ -1,5 +0,0 @@
-src/.github/action.yaml
-src/.github/actions/action-name/action.yml
-src/.github/workflows/workflow.yml
-src/action.yml
-src/included/action.yml

actions/ql/integration-tests/filters/source_archive.paths-only.expected

@@ -1,3 +0,0 @@
-src/included/action.yml
-src/included/not-an-action.yml
-src/included/unreachable-workflow.yml

actions/ql/integration-tests/filters/src/excluded/action.yml

@@ -1,11 +0,0 @@
-name: 'A composite action'
-description: 'Do something'
-runs:
-  using: "composite"
-  steps:
-    - name: Print
-      run: echo "Hello world"
-      shell: bash
-
-    - name: Checkout
-      uses: actions/checkout@v4

actions/ql/integration-tests/filters/src/included/action.yml

@@ -1,11 +0,0 @@
-name: 'A composite action'
-description: 'Do something'
-runs:
-  using: "composite"
-  steps:
-    - name: Print
-      run: echo "Hello world"
-      shell: bash
-
-    - name: Checkout
-      uses: actions/checkout@v4

actions/ql/integration-tests/filters/src/included/not-an-action.yml

@@ -1 +0,0 @@
-name: 'Not an action, just a YAML file'

actions/ql/integration-tests/filters/src/included/unreachable-workflow.yml

@@ -1,12 +0,0 @@
-name: An unreachable workflow
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  job:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4

actions/ql/integration-tests/filters/src/unreachable-workflow.yml

@@ -1,12 +0,0 @@
-name: An unreachable workflow
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  job:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4

actions/ql/integration-tests/filters/test.py

@@ -1,18 +0,0 @@
-import pytest
-
-@pytest.mark.ql_test(expected=".default-filters.expected")
-def test_default_filters(codeql, actions, check_source_archive):
-    check_source_archive.expected_suffix = ".default-filters.expected"
-    codeql.database.create(source_root="src")
-
-@pytest.mark.ql_test(expected=".paths-only.expected")
-def test_config_paths_only(codeql, actions):
-    codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-only.yml")
-
-@pytest.mark.ql_test(expected=".paths-ignore-only.expected")
-def test_config_paths_ignore_only(codeql, actions):
-    codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-ignore-only.yml")
-
-@pytest.mark.ql_test(expected=".paths-and-paths-ignore.expected")
-def test_config_paths_and_paths_ignore(codeql, actions):
-    codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-and-paths-ignore.yml")

actions/ql/integration-tests/query-suite/actions-code-quality.qls.expected

@@ -1 +0,0 @@
-

actions/ql/integration-tests/query-suite/actions-code-scanning.qls.expected

@@ -1,17 +0,0 @@
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
-ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
-ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
-ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
-ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
-ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql

actions/ql/integration-tests/query-suite/actions-security-and-quality.qls.expected

@@ -1,27 +0,0 @@
-ql/actions/ql/src/Debug/SyntaxError.ql
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
-ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
-ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
-ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
-ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
-ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
-ql/actions/ql/src/Security/CWE-571/ExpressionIsAlwaysTrueCritical.ql
-ql/actions/ql/src/Security/CWE-571/ExpressionIsAlwaysTrueHigh.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
-ql/actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.ql
-ql/actions/ql/src/Violations Of Best Practice/CodeQL/UnnecessaryUseOfAdvancedConfig.ql

actions/ql/integration-tests/query-suite/actions-security-extended.qls.expected

@@ -1,23 +0,0 @@
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
-ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
-ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
-ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
-ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
-ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
-ql/actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.ql

actions/ql/integration-tests/query-suite/not_included_in_qls.expected

@@ -1,17 +0,0 @@
-ql/actions/ql/src/Debug/partial.ql
-ql/actions/ql/src/Models/CompositeActionsSinks.ql
-ql/actions/ql/src/Models/CompositeActionsSources.ql
-ql/actions/ql/src/Models/CompositeActionsSummaries.ql
-ql/actions/ql/src/Models/ReusableWorkflowsSinks.ql
-ql/actions/ql/src/Models/ReusableWorkflowsSources.ql
-ql/actions/ql/src/Models/ReusableWorkflowsSummaries.ql
-ql/actions/ql/src/experimental/Security/CWE-074/OutputClobberingHigh.ql
-ql/actions/ql/src/experimental/Security/CWE-078/CommandInjectionCritical.ql
-ql/actions/ql/src/experimental/Security/CWE-078/CommandInjectionMedium.ql
-ql/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.ql
-ql/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.ql
-ql/actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql
-ql/actions/ql/src/experimental/Security/CWE-284/CodeExecutionOnSelfHostedRunner.ql
-ql/actions/ql/src/experimental/Security/CWE-829/ArtifactPoisoningPathTraversal.ql
-ql/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.ql
-ql/actions/ql/src/experimental/Security/CWE-918/RequestForgery.ql

actions/ql/integration-tests/query-suite/test.py

@@ -1,14 +0,0 @@
-import runs_on
-import pytest
-from query_suites import *
-
-well_known_query_suites = ['actions-code-quality.qls', 'actions-security-and-quality.qls', 'actions-security-extended.qls', 'actions-code-scanning.qls']
-
-@runs_on.posix
-@pytest.mark.parametrize("query_suite", well_known_query_suites)
-def test(codeql, actions, check_query_suite, query_suite):
-    check_query_suite(query_suite)
-
-@runs_on.posix
-def test_not_included_queries(codeql, actions, check_queries_not_included):
-    check_queries_not_included('actions', well_known_query_suites)

actions/ql/lib/CHANGELOG.md

@@ -1,17 +1,3 @@
-## 0.4.9
-
-No user-facing changes.
-
-## 0.4.8
-
-No user-facing changes.
-
-## 0.4.7
-
-### New Features
-
-* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.
-
 ## 0.4.6
 
 ### Bug Fixes

actions/ql/lib/change-notes/released/0.4.7.md

@@ -1,5 +0,0 @@
-## 0.4.7
-
-### New Features
-
-* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.

actions/ql/lib/change-notes/released/0.4.8.md

@@ -1,3 +0,0 @@
-## 0.4.8
-
-No user-facing changes.

actions/ql/lib/change-notes/released/0.4.9.md

@@ -1,3 +0,0 @@
-## 0.4.9
-
-No user-facing changes.

actions/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.9
+lastReleaseVersion: 0.4.6

actions/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.9
+version: 0.4.7-dev
 library: true
 warnOnImplicitThis: true
 dependencies:

actions/ql/src/CHANGELOG.md

@@ -1,37 +1,3 @@
-## 0.6.1
-
-No user-facing changes.
-
-## 0.6.0
-
-### Breaking Changes
-
-* The following queries have been removed from the `security-and-quality` suite.
-  They are not intended to produce user-facing
-  alerts describing vulnerabilities.
-  Any existing alerts for these queries will be closed automatically.
-  * `actions/composite-action-sinks`
-  * `actions/composite-action-sources`
-  * `actions/composite-action-summaries`
-  * `actions/reusable-workflow-sinks`
-    (renamed from `actions/reusable-wokflow-sinks`)
-  * `actions/reusable-workflow-sources`
-  * `actions/reusable-workflow-summaries`
-
-### Bug Fixes
-
-* Assigned a `security-severity` to the query `actions/excessive-secrets-exposure`.
-
-## 0.5.4
-
-### New Features
-
-* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.
-
-### Bug Fixes
-
-* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.
-
 ## 0.5.3
 
 ### Bug Fixes

actions/ql/src/Models/ReusableWorkflowsSinks.ql

@@ -5,7 +5,7 @@
  * @problem.severity warning
  * @security-severity 9.3
  * @precision high
- * @id actions/reusable-workflow-sinks
+ * @id actions/reusable-wokflow-sinks
  * @tags actions
  *       model-generator
  *       external/cwe/cwe-020

actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.md

@@ -109,7 +109,7 @@ An attacker could craft a malicious artifact that writes dangerous environment v
 
 ### Exploitation
 
-An attacker would be able to run arbitrary code by injecting environment variables such as `LD_PRELOAD`, `BASH_ENV`, etc.
+An attacker is be able to run arbitrary code by injecting environment variables such as `LD_PRELOAD`, `BASH_ENV`, etc.
 
 ## References
 

actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql

@@ -1,6 +1,6 @@
 /**
  * @name Workflow does not contain permissions
- * @description Workflows should contain explicit permissions to restrict the scope of the default GITHUB_TOKEN.
+ * @description Workflows should contain permissions to provide a clear understanding has permissions to run the workflow.
  * @kind problem
  * @security-severity 5.0
  * @problem.severity warning

actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql

@@ -3,7 +3,6 @@
  * @description All organization and repository secrets are passed to the workflow runner.
  * @kind problem
  * @precision high
- * @security-severity 5.0
  * @problem.severity warning
  * @id actions/excessive-secrets-exposure
  * @tags actions

actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md

@@ -2,11 +2,11 @@
 
 ## Description
 
-Secrets derived from other secrets are not known to the workflow runner, and therefore are not masked unless explicitly registered.
+Secrets derived from other secrets are not know to the workflow runner and therefore not masked unless explicitly registered.
 
 ## Recommendations
 
-Avoid defining non-plain secrets. For example, do not define a new secret containing a JSON object and then read properties out of it from the workflow, since these read values will not be masked by the workflow runner.
+Avoid defining non-plain secrets. For example, do not define a new secret containing a JSON object and then read properties out of it from the workflow since these read values will not be masked by the workflow runner.
 
 ## Examples
 

actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md

@@ -1,9 +1,4 @@
-## 0.5.4
-
-### New Features
-
-* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.
-
-### Bug Fixes
-
-* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.
+---
+category: fix
+---
+* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.

actions/ql/src/change-notes/released/0.6.0.md

@@ -1,19 +0,0 @@
-## 0.6.0
-
-### Breaking Changes
-
-* The following queries have been removed from the `security-and-quality` suite.
-  They are not intended to produce user-facing
-  alerts describing vulnerabilities.
-  Any existing alerts for these queries will be closed automatically.
-  * `actions/composite-action-sinks`
-  * `actions/composite-action-sources`
-  * `actions/composite-action-summaries`
-  * `actions/reusable-workflow-sinks`
-    (renamed from `actions/reusable-wokflow-sinks`)
-  * `actions/reusable-workflow-sources`
-  * `actions/reusable-workflow-summaries`
-
-### Bug Fixes
-
-* Assigned a `security-severity` to the query `actions/excessive-secrets-exposure`.

actions/ql/src/change-notes/released/0.6.1.md

@@ -1,3 +0,0 @@
-## 0.6.1
-
-No user-facing changes.

actions/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.1
+lastReleaseVersion: 0.5.3

actions/ql/src/codeql-suites/actions-code-quality.qls

@@ -1,3 +1 @@
-- queries: .
-- apply: code-quality-selectors.yml
-  from: codeql/suite-helpers
+[]

actions/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.1
+version: 0.5.4-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

cpp/downgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/upgrade.properties

@@ -1,3 +0,0 @@
-description: Add a new predicate `isVla()` to the `ArrayType` class
-compatibility: full
-type_is_vla.rel: delete

cpp/downgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/aggregate_array_init.ql

@@ -1,11 +0,0 @@
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-class AggregateLiteral extends Expr, @aggregateliteral {
-  override string toString() { none() }
-}
-
-from AggregateLiteral aggregate, Expr initializer, int element_index, int position
-where aggregate_array_init(aggregate, initializer, element_index, position, _)
-select aggregate, initializer, element_index, position

cpp/downgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/aggregate_field_init.ql

@@ -1,15 +0,0 @@
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-class AggregateLiteral extends Expr, @aggregateliteral {
-  override string toString() { none() }
-}
-
-class MemberVariable extends @membervariable {
-  string toString() { none() }
-}
-
-from AggregateLiteral aggregate, Expr initializer, MemberVariable field, int position
-where aggregate_field_init(aggregate, initializer, field, position, _)
-select aggregate, initializer, field, position

cpp/downgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/upgrade.properties

@@ -1,4 +0,0 @@
-description: add `hasDesignator` predicate to `ArrayOrVectorAggregateLiteral` and `ClassAggregateLiteral`
-compatibility: backwards
-aggregate_array_init.rel: run aggregate_array_init.qlo
-aggregate_field_init.rel: run aggregate_field_init.qlo

cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/decltypes.ql

@@ -1,11 +0,0 @@
-class Type extends @type {
-  string toString() { none() }
-}
-
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-from Type decltype, Expr expr, Type basetype, boolean parentheses
-where decltypes(decltype, expr, _, basetype, parentheses)
-select decltype, expr, basetype, parentheses

cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/derivedtypes.ql

@@ -1,19 +0,0 @@
-class Type extends @type {
-  string toString() { none() }
-}
-
-predicate derivedType(Type type, string name, int kind, Type type_id) {
-  derivedtypes(type, name, kind, type_id)
-}
-
-predicate typeTransformation(Type type, string name, int kind, Type type_id) {
-  type_operators(type, _, _, type_id) and
-  name = "" and
-  kind = 3 // @type_with_specifiers
-}
-
-from Type type, string name, int kind, Type type_id
-where
-  derivedType(type, name, kind, type_id) or
-  typeTransformation(type, name, kind, type_id)
-select type, name, kind, type_id

cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/upgrade.properties

@@ -1,5 +0,0 @@
-description: Support C23 typeof and typeof_unqual
-compatibility: backwards
-decltypes.rel: run decltypes.qlo
-derivedtypes.rel: run derivedtypes.qlo
-type_operators.rel: delete

cpp/ql/integration-tests/header-variant-tests/clang-pch/a.c

@@ -1,2 +0,0 @@
-#include "a.h"
-#define FOUR 4

cpp/ql/integration-tests/header-variant-tests/clang-pch/c.c

@@ -1,3 +0,0 @@
-int main() {
-  return ONE + FOUR;
-}

cpp/ql/integration-tests/header-variant-tests/clang-pch/d.c

@@ -1 +0,0 @@
-#import "d.h"

cpp/ql/integration-tests/header-variant-tests/clang-pch/e.c

@@ -1,3 +0,0 @@
-int main() {
-  return SEVENTEEN;
-}

cpp/ql/integration-tests/header-variant-tests/clang-pch/f.c

@@ -1,5 +0,0 @@
-#if 1
-#pragma hdrstop
-extern int x;
-#define SEEN_F
-#endif

cpp/ql/integration-tests/header-variant-tests/clang-pch/g.c

@@ -1,5 +0,0 @@
-#ifdef SEEN_F
-static int g() {
-  return 20;
-}
-#endif

cpp/ql/integration-tests/header-variant-tests/clang-pch/h.c

@@ -1,4 +0,0 @@
-#include "h1.h"
-#pragma hdrstop
-#include "h2.h"
-#define SEEN_H

cpp/ql/integration-tests/header-variant-tests/clang-pch/test.py

@@ -1,17 +0,0 @@
-import os
-
-
-def test(codeql, cpp):
-    os.mkdir("pch")
-    extractor = cpp.get_tool("extractor")
-    codeql.database.create(command=[
-        f'"{extractor}" --mimic-clang -emit-pch -o pch/a.pch a.c',
-        f'"{extractor}" --mimic-clang -include-pch pch/a.pch -Iextra_dummy_path b.c',
-        f'"{extractor}" --mimic-clang -include pch/a -Iextra_dummy_path c.c',
-        f'"{extractor}" --mimic-clang -emit-pch -o pch/d.pch d.c',
-        f'"{extractor}" --mimic-clang -include-pch pch/d.pch e.c',
-        f'"{extractor}" --mimic-clang -emit-pch -o pch/f.pch f.c',
-        f'"{extractor}" --mimic-clang -include-pch pch/f.pch g.c',
-        f'"{extractor}" --mimic-clang -emit-pch -o pch/h.pch h.c',
-        f'"{extractor}" --mimic-clang -include-pch pch/h.pch i.c',
-    ])

cpp/ql/integration-tests/header-variant-tests/microsoft-pch/a.c

@@ -1 +0,0 @@
-#include "a.h"

cpp/ql/integration-tests/header-variant-tests/microsoft-pch/b.c

@@ -1,6 +0,0 @@
-#pragma hdrstop
-#include "b.h"
-
-int b() {
-  return A;
-}

cpp/ql/integration-tests/header-variant-tests/microsoft-pch/c.c

@@ -1,6 +0,0 @@
-#include "d.h"
-#include "c.h"
-
-int c() {
-  return A;
-}

cpp/ql/integration-tests/header-variant-tests/microsoft-pch/test.py

@@ -1,11 +0,0 @@
-import os
-
-
-def test(codeql, cpp):
-    os.mkdir("pch")
-    extractor = cpp.get_tool("extractor")
-    codeql.database.create(command=[
-        f'"{extractor}" --mimic-cl /Yca.h /Fppch/a.pch a.c',
-        f'"{extractor}" --mimic-cl /Yub.h /Fppch/a.pch b.c',
-        f'"{extractor}" --mimic-cl /Yuc.h /Fppch/a.pch c.c',
-    ])

cpp/ql/integration-tests/query-suite/cpp-code-quality.qls.expected

@@ -1 +0,0 @@
-

cpp/ql/integration-tests/query-suite/cpp-code-scanning.qls.expected

@@ -1,60 +0,0 @@
-ql/cpp/ql/src/Critical/DoubleFree.ql
-ql/cpp/ql/src/Critical/IncorrectCheckScanf.ql
-ql/cpp/ql/src/Critical/NewFreeMismatch.ql
-ql/cpp/ql/src/Critical/OverflowStatic.ql
-ql/cpp/ql/src/Critical/UseAfterFree.ql
-ql/cpp/ql/src/Diagnostics/ExtractedFiles.ql
-ql/cpp/ql/src/Diagnostics/ExtractionWarnings.ql
-ql/cpp/ql/src/Diagnostics/FailedExtractorInvocations.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
-ql/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql
-ql/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
-ql/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql
-ql/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql
-ql/cpp/ql/src/Likely Bugs/Underspecified Functions/TooFewArguments.ql
-ql/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql
-ql/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
-ql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
-ql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
-ql/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
-ql/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
-ql/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
-ql/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
-ql/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
-ql/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
-ql/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/UseOfStringAfterLifetimeEnds.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
-ql/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
-ql/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/DangerousFunctionOverflow.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/DangerousUseOfCin.ql
-ql/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/OpenCallMissingModeArgument.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
-ql/cpp/ql/src/Summary/LinesOfCode.ql
-ql/cpp/ql/src/Summary/LinesOfUserCode.ql
-ql/cpp/ql/src/Telemetry/CompilerErrors.ql
-ql/cpp/ql/src/Telemetry/DatabaseQuality.ql
-ql/cpp/ql/src/Telemetry/ExtractionMetrics.ql
-ql/cpp/ql/src/Telemetry/MissingIncludes.ql
-ql/cpp/ql/src/Telemetry/SucceededIncludes.ql

cpp/ql/integration-tests/query-suite/cpp-security-and-quality.qls.expected

@@ -1,181 +0,0 @@
-ql/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql
-ql/cpp/ql/src/Best Practices/ComplexCondition.ql
-ql/cpp/ql/src/Best Practices/Exceptions/AccidentalRethrow.ql
-ql/cpp/ql/src/Best Practices/Exceptions/CatchingByValue.ql
-ql/cpp/ql/src/Best Practices/Exceptions/LeakyCatch.ql
-ql/cpp/ql/src/Best Practices/Exceptions/ThrowingPointers.ql
-ql/cpp/ql/src/Best Practices/GuardedFree.ql
-ql/cpp/ql/src/Best Practices/Hiding/DeclarationHidesParameter.ql
-ql/cpp/ql/src/Best Practices/Hiding/DeclarationHidesVariable.ql
-ql/cpp/ql/src/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql
-ql/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql
-ql/cpp/ql/src/Best Practices/Likely Errors/EmptyBlock.ql
-ql/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql
-ql/cpp/ql/src/Best Practices/Likely Errors/Slicing.ql
-ql/cpp/ql/src/Best Practices/RuleOfTwo.ql
-ql/cpp/ql/src/Best Practices/SloppyGlobal.ql
-ql/cpp/ql/src/Best Practices/SwitchLongCase.ql
-ql/cpp/ql/src/Best Practices/Unused Entities/UnusedLocals.ql
-ql/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticFunctions.ql
-ql/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticVariables.ql
-ql/cpp/ql/src/Best Practices/UseOfGoto.ql
-ql/cpp/ql/src/Critical/DeadCodeGoto.ql
-ql/cpp/ql/src/Critical/DoubleFree.ql
-ql/cpp/ql/src/Critical/IncorrectCheckScanf.ql
-ql/cpp/ql/src/Critical/LargeParameter.ql
-ql/cpp/ql/src/Critical/MissingCheckScanf.ql
-ql/cpp/ql/src/Critical/NewArrayDeleteMismatch.ql
-ql/cpp/ql/src/Critical/NewDeleteArrayMismatch.ql
-ql/cpp/ql/src/Critical/NewFreeMismatch.ql
-ql/cpp/ql/src/Critical/OverflowStatic.ql
-ql/cpp/ql/src/Critical/SizeCheck.ql
-ql/cpp/ql/src/Critical/SizeCheck2.ql
-ql/cpp/ql/src/Critical/UseAfterFree.ql
-ql/cpp/ql/src/Diagnostics/ExtractedFiles.ql
-ql/cpp/ql/src/Diagnostics/ExtractionWarnings.ql
-ql/cpp/ql/src/Diagnostics/FailedExtractorInvocations.ql
-ql/cpp/ql/src/Documentation/CommentedOutCode.ql
-ql/cpp/ql/src/Documentation/FixmeComments.ql
-ql/cpp/ql/src/Documentation/UncommentedFunction.ql
-ql/cpp/ql/src/Header Cleanup/Cleanup-DuplicateIncludeGuard.ql
-ql/cpp/ql/src/Likely Bugs/AmbiguouslySignedBitField.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/BadCheckOdd.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/BitwiseSignCheck.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/ComparisonPrecedence.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/FloatComparison.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/PointlessComparison.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/PointlessSelfComparison.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/UnsignedGEZero.ql
-ql/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/ArrayArgSizeMismatch.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/ImplicitDowncastFromBitfield.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/LossyFunctionResultCast.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/LossyPointerCast.ql
-ql/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
-ql/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql
-ql/cpp/ql/src/Likely Bugs/Format/TooManyFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/InconsistentCallOnResult.ql
-ql/cpp/ql/src/Likely Bugs/InconsistentCheckReturnNull.ql
-ql/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql
-ql/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
-ql/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/AssignWhereCompareMeant.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/CompareWhereAssignMeant.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/DubiousNullCheck.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/ExprHasNoEffect.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/FutileConditional.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/MissingEnumCaseInSwitch.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/ShortCircuitBitMask.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/inconsistentLoopDirection.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/ReturnCstrOfLocalStdString.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/StackAddressEscapes.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
-ql/cpp/ql/src/Likely Bugs/NestedLoopSameVar.ql
-ql/cpp/ql/src/Likely Bugs/OO/IncorrectConstructorDelegation.ql
-ql/cpp/ql/src/Likely Bugs/OO/NonVirtualDestructorInBaseClass.ql
-ql/cpp/ql/src/Likely Bugs/OO/ThrowInDestructor.ql
-ql/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql
-ql/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql
-ql/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql
-ql/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql
-ql/cpp/ql/src/Likely Bugs/ReturnConstType.ql
-ql/cpp/ql/src/Likely Bugs/ReturnConstTypeMember.ql
-ql/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.ql
-ql/cpp/ql/src/Likely Bugs/Underspecified Functions/MistypedFunctionArguments.ql
-ql/cpp/ql/src/Likely Bugs/Underspecified Functions/TooFewArguments.ql
-ql/cpp/ql/src/Likely Bugs/Underspecified Functions/TooManyArguments.ql
-ql/cpp/ql/src/Likely Bugs/UseInOwnInitializer.ql
-ql/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql
-ql/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
-ql/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
-ql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
-ql/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql
-ql/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql
-ql/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
-ql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
-ql/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
-ql/cpp/ql/src/Security/CWE/CWE-193/InvalidPointerDeref.ql
-ql/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql
-ql/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
-ql/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql
-ql/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
-ql/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql
-ql/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
-ql/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
-ql/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
-ql/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
-ql/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/UseOfStringAfterLifetimeEnds.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
-ql/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
-ql/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
-ql/cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql
-ql/cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql
-ql/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/DangerousFunctionOverflow.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/DangerousUseOfCin.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
-ql/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/OpenCallMissingModeArgument.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
-ql/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql
-ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql
-ql/cpp/ql/src/Summary/LinesOfCode.ql
-ql/cpp/ql/src/Summary/LinesOfUserCode.ql
-ql/cpp/ql/src/Telemetry/CompilerErrors.ql
-ql/cpp/ql/src/Telemetry/DatabaseQuality.ql
-ql/cpp/ql/src/Telemetry/ExtractionMetrics.ql
-ql/cpp/ql/src/Telemetry/MissingIncludes.ql
-ql/cpp/ql/src/Telemetry/SucceededIncludes.ql
-ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 32.ql
-ql/cpp/ql/src/jsf/4.07 Header Files/AV Rule 35.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 71.1.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 79.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 82.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 88.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 89.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 95.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 97.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 107.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 114.ql
-ql/cpp/ql/src/jsf/4.16 Initialization/AV Rule 145.ql
-ql/cpp/ql/src/jsf/4.17 Types/AV Rule 148.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 166.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 196.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 197.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 201.ql

cpp/ql/integration-tests/query-suite/cpp-security-extended.qls.expected

@@ -1,97 +0,0 @@
-ql/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql
-ql/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql
-ql/cpp/ql/src/Critical/DoubleFree.ql
-ql/cpp/ql/src/Critical/IncorrectCheckScanf.ql
-ql/cpp/ql/src/Critical/MissingCheckScanf.ql
-ql/cpp/ql/src/Critical/NewFreeMismatch.ql
-ql/cpp/ql/src/Critical/OverflowStatic.ql
-ql/cpp/ql/src/Critical/SizeCheck.ql
-ql/cpp/ql/src/Critical/SizeCheck2.ql
-ql/cpp/ql/src/Critical/UseAfterFree.ql
-ql/cpp/ql/src/Diagnostics/ExtractedFiles.ql
-ql/cpp/ql/src/Diagnostics/ExtractionWarnings.ql
-ql/cpp/ql/src/Diagnostics/FailedExtractorInvocations.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
-ql/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
-ql/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql
-ql/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
-ql/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql
-ql/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql
-ql/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql
-ql/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql
-ql/cpp/ql/src/Likely Bugs/Underspecified Functions/TooFewArguments.ql
-ql/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql
-ql/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
-ql/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
-ql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
-ql/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql
-ql/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql
-ql/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
-ql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
-ql/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
-ql/cpp/ql/src/Security/CWE/CWE-193/InvalidPointerDeref.ql
-ql/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql
-ql/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
-ql/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql
-ql/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
-ql/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql
-ql/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
-ql/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
-ql/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
-ql/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
-ql/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/UseOfStringAfterLifetimeEnds.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
-ql/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
-ql/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
-ql/cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql
-ql/cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql
-ql/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/DangerousFunctionOverflow.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/DangerousUseOfCin.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
-ql/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/OpenCallMissingModeArgument.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
-ql/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql
-ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql
-ql/cpp/ql/src/Summary/LinesOfCode.ql
-ql/cpp/ql/src/Summary/LinesOfUserCode.ql
-ql/cpp/ql/src/Telemetry/CompilerErrors.ql
-ql/cpp/ql/src/Telemetry/DatabaseQuality.ql
-ql/cpp/ql/src/Telemetry/ExtractionMetrics.ql
-ql/cpp/ql/src/Telemetry/MissingIncludes.ql
-ql/cpp/ql/src/Telemetry/SucceededIncludes.ql

cpp/ql/integration-tests/query-suite/not_included_in_qls.expected

@@ -1,448 +0,0 @@
-ql/cpp/ql/src/AlertSuppression.ql
-ql/cpp/ql/src/Architecture/FeatureEnvy.ql
-ql/cpp/ql/src/Architecture/General Class-Level Information/ClassHierarchies.ql
-ql/cpp/ql/src/Architecture/General Class-Level Information/HubClasses.ql
-ql/cpp/ql/src/Architecture/General Class-Level Information/InheritanceDepthDistribution.ql
-ql/cpp/ql/src/Architecture/General Namespace-Level Information/CyclicNamespaces.ql
-ql/cpp/ql/src/Architecture/General Namespace-Level Information/GlobalNamespaceClasses.ql
-ql/cpp/ql/src/Architecture/General Namespace-Level Information/NamespaceDependencies.ql
-ql/cpp/ql/src/Architecture/General Top-Level Information/GeneralStatistics.ql
-ql/cpp/ql/src/Architecture/InappropriateIntimacy.ql
-ql/cpp/ql/src/Architecture/Refactoring Opportunities/ClassesWithManyDependencies.ql
-ql/cpp/ql/src/Architecture/Refactoring Opportunities/ClassesWithManyFields.ql
-ql/cpp/ql/src/Architecture/Refactoring Opportunities/ComplexFunctions.ql
-ql/cpp/ql/src/Architecture/Refactoring Opportunities/CyclomaticComplexity.ql
-ql/cpp/ql/src/Architecture/Refactoring Opportunities/FunctionsWithManyParameters.ql
-ql/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql
-ql/cpp/ql/src/Best Practices/Magic Constants/MagicConstantsNumbers.ql
-ql/cpp/ql/src/Best Practices/Magic Constants/MagicConstantsString.ql
-ql/cpp/ql/src/Best Practices/Magic Constants/MagicNumbersUseConstant.ql
-ql/cpp/ql/src/Best Practices/Magic Constants/MagicStringsUseConstant.ql
-ql/cpp/ql/src/Best Practices/NVI.ql
-ql/cpp/ql/src/Best Practices/NVIHub.ql
-ql/cpp/ql/src/Best Practices/RuleOfThree.ql
-ql/cpp/ql/src/Best Practices/Unused Entities/UnusedIncludes.ql
-ql/cpp/ql/src/Critical/DeadCodeCondition.ql
-ql/cpp/ql/src/Critical/DeadCodeFunction.ql
-ql/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql
-ql/cpp/ql/src/Critical/DescriptorNeverClosed.ql
-ql/cpp/ql/src/Critical/FileMayNotBeClosed.ql
-ql/cpp/ql/src/Critical/FileNeverClosed.ql
-ql/cpp/ql/src/Critical/GlobalUseBeforeInit.ql
-ql/cpp/ql/src/Critical/InconsistentNullnessTesting.ql
-ql/cpp/ql/src/Critical/InitialisationNotRun.ql
-ql/cpp/ql/src/Critical/LateNegativeTest.ql
-ql/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
-ql/cpp/ql/src/Critical/MemoryNeverFreed.ql
-ql/cpp/ql/src/Critical/MissingNegativityTest.ql
-ql/cpp/ql/src/Critical/MissingNullTest.ql
-ql/cpp/ql/src/Critical/NotInitialised.ql
-ql/cpp/ql/src/Critical/OverflowCalculated.ql
-ql/cpp/ql/src/Critical/OverflowDestination.ql
-ql/cpp/ql/src/Critical/ReturnStackAllocatedObject.ql
-ql/cpp/ql/src/Critical/ReturnValueIgnored.ql
-ql/cpp/ql/src/Critical/Unused.ql
-ql/cpp/ql/src/Diagnostics/Internal/ExtractionErrors.ql
-ql/cpp/ql/src/Documentation/DocumentApi.ql
-ql/cpp/ql/src/Documentation/TodoComments.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 03/ExitNonterminatingLoop.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 03/LoopBounds.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 04/Recursion.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 05/HeapMemory.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 07/ThreadSafety.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 09/AvoidNestedSemaphores.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 09/AvoidSemaphores.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 09/OutOfOrderLocks.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 09/ReleaseLocksWhenAcquired.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 11/SimpleControlFlowGoto.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 11/SimpleControlFlowJmp.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 12/EnumInitialization.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 13/ExternDeclsInHeader.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 13/LimitedScopeFile.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 13/LimitedScopeFunction.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 13/LimitedScopeLocalHidesGlobal.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 14/CheckingReturnValues.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 15/CheckingParameterValues.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 16/UseOfAssertionsConstant.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 16/UseOfAssertionsDensity.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 16/UseOfAssertionsNonBoolean.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 16/UseOfAssertionsSideEffect.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 17/BasicIntTypes.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 18/CompoundExpressions.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 19/NoBooleanSideEffects.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 20/PreprocessorUse.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 20/PreprocessorUseIfdef.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 20/PreprocessorUsePartial.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 20/PreprocessorUseUndisciplined.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 21/MacroInBlock.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 22/UseOfUndef.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 23/MismatchedIfdefs.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 24/MultipleStmtsPerLine.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 24/MultipleVarDeclsPerLine.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 25/FunctionSizeLimits.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 26/DeclarationPointerNesting.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 27/PointerDereferenceInStmt.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 28/HiddenPointerDereferenceMacro.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 28/HiddenPointerIndirectionTypedef.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 29/NonConstFunctionPointer.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 30/FunctionPointerConversions.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 31/IncludesFirst.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/ComparisonWithCancelingSubExpr.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/ConversionChangesSign.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/NonzeroValueCastToPointer.ql
-ql/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql
-ql/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql
-ql/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/BoolValueInBitOp.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/LogicalExprCouldBeSimplified.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/Padding/More64BitWaste.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/Padding/NonPortablePrintf.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/Padding/Suboptimal64BitType.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/PotentialBufferOverflow.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql
-ql/cpp/ql/src/Likely Bugs/OO/NonVirtualDestructor.ql
-ql/cpp/ql/src/Likely Bugs/OO/SelfAssignmentCheck.ql
-ql/cpp/ql/src/Likely Bugs/OO/VirtualCallInStructor.ql
-ql/cpp/ql/src/Likely Bugs/ShortLoopVarName.ql
-ql/cpp/ql/src/Metrics/Classes/CAfferentCoupling.ql
-ql/cpp/ql/src/Metrics/Classes/CEfferentCoupling.ql
-ql/cpp/ql/src/Metrics/Classes/CHalsteadBugs.ql
-ql/cpp/ql/src/Metrics/Classes/CHalsteadDifficulty.ql
-ql/cpp/ql/src/Metrics/Classes/CHalsteadEffort.ql
-ql/cpp/ql/src/Metrics/Classes/CHalsteadLength.ql
-ql/cpp/ql/src/Metrics/Classes/CHalsteadVocabulary.ql
-ql/cpp/ql/src/Metrics/Classes/CHalsteadVolume.ql
-ql/cpp/ql/src/Metrics/Classes/CInheritanceDepth.ql
-ql/cpp/ql/src/Metrics/Classes/CLackOfCohesionCK.ql
-ql/cpp/ql/src/Metrics/Classes/CLackOfCohesionHS.ql
-ql/cpp/ql/src/Metrics/Classes/CLinesOfCode.ql
-ql/cpp/ql/src/Metrics/Classes/CNumberOfFields.ql
-ql/cpp/ql/src/Metrics/Classes/CNumberOfFunctions.ql
-ql/cpp/ql/src/Metrics/Classes/CNumberOfStatements.ql
-ql/cpp/ql/src/Metrics/Classes/CPercentageOfComplexCode.ql
-ql/cpp/ql/src/Metrics/Classes/CResponse.ql
-ql/cpp/ql/src/Metrics/Classes/CSizeOfAPI.ql
-ql/cpp/ql/src/Metrics/Classes/CSpecialisation.ql
-ql/cpp/ql/src/Metrics/Dependencies/ExternalDependencies.ql
-ql/cpp/ql/src/Metrics/Dependencies/ExternalDependenciesSourceLinks.ql
-ql/cpp/ql/src/Metrics/External/FileCompilationDisplayStrings.ql
-ql/cpp/ql/src/Metrics/External/FileCompilationSourceLinks.ql
-ql/cpp/ql/src/Metrics/Files/AutogeneratedLOC.ql
-ql/cpp/ql/src/Metrics/Files/ConditionalSegmentConditions.ql
-ql/cpp/ql/src/Metrics/Files/ConditionalSegmentLines.ql
-ql/cpp/ql/src/Metrics/Files/FAfferentCoupling.ql
-ql/cpp/ql/src/Metrics/Files/FCommentRatio.ql
-ql/cpp/ql/src/Metrics/Files/FCyclomaticComplexity.ql
-ql/cpp/ql/src/Metrics/Files/FDirectIncludes.ql
-ql/cpp/ql/src/Metrics/Files/FEfferentCoupling.ql
-ql/cpp/ql/src/Metrics/Files/FHalsteadBugs.ql
-ql/cpp/ql/src/Metrics/Files/FHalsteadDifficulty.ql
-ql/cpp/ql/src/Metrics/Files/FHalsteadEffort.ql
-ql/cpp/ql/src/Metrics/Files/FHalsteadLength.ql
-ql/cpp/ql/src/Metrics/Files/FHalsteadVocabulary.ql
-ql/cpp/ql/src/Metrics/Files/FHalsteadVolume.ql
-ql/cpp/ql/src/Metrics/Files/FLines.ql
-ql/cpp/ql/src/Metrics/Files/FLinesOfCode.ql
-ql/cpp/ql/src/Metrics/Files/FLinesOfCommentedOutCode.ql
-ql/cpp/ql/src/Metrics/Files/FLinesOfComments.ql
-ql/cpp/ql/src/Metrics/Files/FMacroRatio.ql
-ql/cpp/ql/src/Metrics/Files/FNumberOfClasses.ql
-ql/cpp/ql/src/Metrics/Files/FNumberOfTests.ql
-ql/cpp/ql/src/Metrics/Files/FTimeInFrontend.ql
-ql/cpp/ql/src/Metrics/Files/FTodoComments.ql
-ql/cpp/ql/src/Metrics/Files/FTransitiveIncludes.ql
-ql/cpp/ql/src/Metrics/Files/FTransitiveSourceIncludes.ql
-ql/cpp/ql/src/Metrics/Files/FunctionLength.ql
-ql/cpp/ql/src/Metrics/Files/NumberOfFunctions.ql
-ql/cpp/ql/src/Metrics/Files/NumberOfGlobals.ql
-ql/cpp/ql/src/Metrics/Files/NumberOfParameters.ql
-ql/cpp/ql/src/Metrics/Files/NumberOfPublicFunctions.ql
-ql/cpp/ql/src/Metrics/Files/NumberOfPublicGlobals.ql
-ql/cpp/ql/src/Metrics/Functions/FunCyclomaticComplexity.ql
-ql/cpp/ql/src/Metrics/Functions/FunIterationNestingDepth.ql
-ql/cpp/ql/src/Metrics/Functions/FunLinesOfCode.ql
-ql/cpp/ql/src/Metrics/Functions/FunLinesOfComments.ql
-ql/cpp/ql/src/Metrics/Functions/FunNumberOfCalls.ql
-ql/cpp/ql/src/Metrics/Functions/FunNumberOfParameters.ql
-ql/cpp/ql/src/Metrics/Functions/FunNumberOfStatements.ql
-ql/cpp/ql/src/Metrics/Functions/FunPercentageOfComments.ql
-ql/cpp/ql/src/Metrics/Functions/StatementNestingDepth.ql
-ql/cpp/ql/src/Metrics/Internal/ASTConsistency.ql
-ql/cpp/ql/src/Metrics/Internal/CallableDisplayStrings.ql
-ql/cpp/ql/src/Metrics/Internal/CallableExtents.ql
-ql/cpp/ql/src/Metrics/Internal/CallableSourceLinks.ql
-ql/cpp/ql/src/Metrics/Internal/DiagnosticsSumElapsedTimes.ql
-ql/cpp/ql/src/Metrics/Internal/IRConsistency.ql
-ql/cpp/ql/src/Metrics/Internal/IncludeResolutionStatus.ql
-ql/cpp/ql/src/Metrics/Internal/ReftypeDisplayStrings.ql
-ql/cpp/ql/src/Metrics/Internal/ReftypeSourceLinks.ql
-ql/cpp/ql/src/Metrics/Namespaces/AbstractNamespaces.ql
-ql/cpp/ql/src/Metrics/Namespaces/ConcreteNamespaces.ql
-ql/cpp/ql/src/Metrics/Namespaces/HighAfferentCouplingNamespaces.ql
-ql/cpp/ql/src/Metrics/Namespaces/HighDistanceFromMainLineNamespaces.ql
-ql/cpp/ql/src/Metrics/Namespaces/HighEfferentCouplingNamespaces.ql
-ql/cpp/ql/src/Metrics/Namespaces/StableNamespaces.ql
-ql/cpp/ql/src/Metrics/Namespaces/UnstableNamespaces.ql
-ql/cpp/ql/src/Microsoft/CallWithNullSAL.ql
-ql/cpp/ql/src/Microsoft/IgnoreReturnValueSAL.ql
-ql/cpp/ql/src/Microsoft/InconsistentSAL.ql
-ql/cpp/ql/src/PointsTo/Debug.ql
-ql/cpp/ql/src/PointsTo/PreparedStagedPointsTo.ql
-ql/cpp/ql/src/PointsTo/Stats.ql
-ql/cpp/ql/src/PointsTo/TaintedFormatStrings.ql
-ql/cpp/ql/src/Power of 10/Rule 1/UseOfGoto.ql
-ql/cpp/ql/src/Power of 10/Rule 1/UseOfJmp.ql
-ql/cpp/ql/src/Power of 10/Rule 1/UseOfRecursion.ql
-ql/cpp/ql/src/Power of 10/Rule 2/BoundedLoopIterations.ql
-ql/cpp/ql/src/Power of 10/Rule 2/ExitPermanentLoop.ql
-ql/cpp/ql/src/Power of 10/Rule 3/DynamicAllocAfterInit.ql
-ql/cpp/ql/src/Power of 10/Rule 4/FunctionTooLong.ql
-ql/cpp/ql/src/Power of 10/Rule 4/OneStmtPerLine.ql
-ql/cpp/ql/src/Power of 10/Rule 5/AssertionDensity.ql
-ql/cpp/ql/src/Power of 10/Rule 5/AssertionSideEffect.ql
-ql/cpp/ql/src/Power of 10/Rule 5/ConstantAssertion.ql
-ql/cpp/ql/src/Power of 10/Rule 5/NonBooleanAssertion.ql
-ql/cpp/ql/src/Power of 10/Rule 6/GlobalCouldBeStatic.ql
-ql/cpp/ql/src/Power of 10/Rule 6/VariableScopeTooLarge.ql
-ql/cpp/ql/src/Power of 10/Rule 7/CheckArguments.ql
-ql/cpp/ql/src/Power of 10/Rule 7/CheckReturnValues.ql
-ql/cpp/ql/src/Power of 10/Rule 8/AvoidConditionalCompilation.ql
-ql/cpp/ql/src/Power of 10/Rule 8/PartialMacro.ql
-ql/cpp/ql/src/Power of 10/Rule 8/RestrictPreprocessor.ql
-ql/cpp/ql/src/Power of 10/Rule 8/UndisciplinedMacro.ql
-ql/cpp/ql/src/Power of 10/Rule 9/FunctionPointer.ql
-ql/cpp/ql/src/Power of 10/Rule 9/HiddenPointerIndirection.ql
-ql/cpp/ql/src/Power of 10/Rule 9/PointerNesting.ql
-ql/cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql
-ql/cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql
-ql/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql
-ql/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql
-ql/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
-ql/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingChar.ql
-ql/cpp/ql/src/Security/CWE/CWE-764/LockOrderCycle.ql
-ql/cpp/ql/src/Security/CWE/CWE-764/TwiceLocked.ql
-ql/cpp/ql/src/Security/CWE/CWE-764/UnreleasedLock.ql
-ql/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql
-ql/cpp/ql/src/definitions.ql
-ql/cpp/ql/src/experimental/Best Practices/UselessTest.ql
-ql/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql
-ql/cpp/ql/src/experimental/Likely Bugs/ArrayAccessProductFlow.ql
-ql/cpp/ql/src/experimental/Likely Bugs/DerefNullResult.ql
-ql/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-1240/CustomCryptographicPrimitive.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-285/PamAuthorization.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-295/CurlSSL.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-369/DivideByZeroUsingReturnValue.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-416/UseAfterExpiredLifetime.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql
-ql/cpp/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql
-ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql
-ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql
-ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql
-ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakEncryption.ql
-ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AllAsymmetricAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AllCryptoAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricEncryptionAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricPaddingAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AuthenticatedEncryptionAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeKnownIVsOrNonces.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeUnknownIVsOrNonces.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithmSize.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/HashingAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/KeyExchangeAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/KnownAsymmetricKeyGeneration.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/SigningAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricEncryptionAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricPaddingAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/UnknownAsymmetricKeyGeneration.ql
-ql/cpp/ql/src/experimental/quantum/PrintCBOMGraph.ql
-ql/cpp/ql/src/external/examples/filters/BumpMetricBy10.ql
-ql/cpp/ql/src/external/examples/filters/EditDefectMessage.ql
-ql/cpp/ql/src/external/examples/filters/ExcludeGeneratedCode.ql
-ql/cpp/ql/src/filters/ClassifyFiles.ql
-ql/cpp/ql/src/jsf/3.02 Code Size and Complexity/AV Rule 1.ql
-ql/cpp/ql/src/jsf/3.02 Code Size and Complexity/AV Rule 2.ql
-ql/cpp/ql/src/jsf/3.02 Code Size and Complexity/AV Rule 3.ql
-ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 11.ql
-ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 12.ql
-ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 13.ql
-ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 14.ql
-ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 9.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 17.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 18.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 19.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 20.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 21.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 22.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 23.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 24.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 25.ql
-ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 26.ql
-ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 27.ql
-ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 28.ql
-ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 29.ql
-ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 30.ql
-ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 31.ql
-ql/cpp/ql/src/jsf/4.07 Header Files/AV Rule 33.ql
-ql/cpp/ql/src/jsf/4.07 Header Files/AV Rule 39.ql
-ql/cpp/ql/src/jsf/4.08 Implementation Files/AV Rule 40.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 41.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 42.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 43.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 44.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 45.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 46.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 47.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 48.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 49.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 50.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 51.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 52.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 53.1.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 53.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 54.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 57.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 58.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 59.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 60.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 61.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 63.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 68.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 69.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 70.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 71.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 73.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 74.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 75.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 76.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 77.1.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 78.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 81.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 85.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 88.1.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 94.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 96.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 97.1.ql
-ql/cpp/ql/src/jsf/4.11 Namespaces/AV Rule 99.ql
-ql/cpp/ql/src/jsf/4.12 Templates/AV Rule 104.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 108.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 110.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 111.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 113.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 115.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 119.ql
-ql/cpp/ql/src/jsf/4.14 Comments/AV Rule 126.ql
-ql/cpp/ql/src/jsf/4.14 Comments/AV Rule 127.ql
-ql/cpp/ql/src/jsf/4.14 Comments/AV Rule 133.ql
-ql/cpp/ql/src/jsf/4.15 Declarations and Definitions/AV Rule 135.ql
-ql/cpp/ql/src/jsf/4.15 Declarations and Definitions/AV Rule 138.ql
-ql/cpp/ql/src/jsf/4.15 Declarations and Definitions/AV Rule 139.ql
-ql/cpp/ql/src/jsf/4.15 Declarations and Definitions/AV Rule 140.ql
-ql/cpp/ql/src/jsf/4.16 Initialization/AV Rule 142.ql
-ql/cpp/ql/src/jsf/4.16 Initialization/AV Rule 143.ql
-ql/cpp/ql/src/jsf/4.17 Types/AV Rule 147.ql
-ql/cpp/ql/src/jsf/4.18 Constants/AV Rule 149.ql
-ql/cpp/ql/src/jsf/4.18 Constants/AV Rule 150.ql
-ql/cpp/ql/src/jsf/4.18 Constants/AV Rule 151.1.ql
-ql/cpp/ql/src/jsf/4.18 Constants/AV Rule 151.ql
-ql/cpp/ql/src/jsf/4.19 Variables/AV Rule 152.ql
-ql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 153.ql
-ql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 154.ql
-ql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 155.ql
-ql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 156.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 157.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 158.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 159.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 160.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 162.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 163.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 164.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 168.ql
-ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 170.ql
-ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 171.ql
-ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 173.ql
-ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 175.ql
-ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 176.ql
-ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 178.ql
-ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 179.ql
-ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 180.ql
-ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 181.ql
-ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 182.ql
-ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 184.ql
-ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 185.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 186.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 187.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 188.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 189.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 190.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 191.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 192.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 193.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 194.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 195.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 198.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 199.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 200.ql
-ql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 202.ql
-ql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 204.1.ql
-ql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 204.ql
-ql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 205.ql
-ql/cpp/ql/src/jsf/4.26 Memory Allocation/AV Rule 206.ql
-ql/cpp/ql/src/jsf/4.26 Memory Allocation/AV Rule 207.ql
-ql/cpp/ql/src/jsf/4.27 Fault Handling/AV Rule 208.ql
-ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 209.ql
-ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 210.ql
-ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 212.ql
-ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 213.ql
-ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 214.ql
-ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 215.ql
-ql/cpp/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql
-ql/cpp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
-ql/cpp/ql/src/utils/modelgenerator/CaptureSinkModels.ql
-ql/cpp/ql/src/utils/modelgenerator/CaptureSourceModels.ql
-ql/cpp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql

cpp/ql/integration-tests/query-suite/test.py

@@ -1,14 +0,0 @@
-import runs_on
-import pytest
-from query_suites import *
-
-well_known_query_suites = ['cpp-code-quality.qls', 'cpp-security-and-quality.qls', 'cpp-security-extended.qls', 'cpp-code-scanning.qls']
-
-@runs_on.posix
-@pytest.mark.parametrize("query_suite", well_known_query_suites)
-def test(codeql, cpp, check_query_suite, query_suite):
-    check_query_suite(query_suite)
-
-@runs_on.posix
-def test_not_included_queries(codeql, cpp, check_queries_not_included):
-    check_queries_not_included('cpp', well_known_query_suites)

cpp/ql/lib/CHANGELOG.md

@@ -1,25 +1,3 @@
-## 4.3.1
-
-### Bug Fixes
-
-* Fixed an infinite loop in `semmle.code.cpp.rangeanalysis.new.RangeAnalysis` when computing ranges in very large and complex function bodies.
-
-## 4.3.0
-
-### New Features
-
-* New classes `TypeofType`, `TypeofExprType`, and `TypeofTypeType` were introduced, which represent the C23 `typeof` and `typeof_unqual` operators. The `TypeofExprType` class represents the variant taking an expression as its argument. The `TypeofTypeType` class represents the variant taking a type as its argument.
-* A new class `IntrinsicTransformedType` was introduced, which represents the type transforming intrinsics supported by clang, gcc, and MSVC.
-* Introduced `hasDesignator()` predicates to distinguish between designated and positional initializations for both struct/union fields and array elements.
-* Added the `isVla()` predicate to the `ArrayType` class. This allows queries to identify variable-length arrays (VLAs).
-
-## 4.2.0
-
-### New Features
-
-* Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.)  are now represented as specifiers of those declarations.
-* A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions.
-
 ## 4.1.0
 
 ### New Features

cpp/ql/lib/change-notes/2025-03-31-calling-convention.md

@@ -1,6 +1,5 @@
-## 4.2.0
-
-### New Features
-
+---
+category: feature
+---
 * Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.)  are now represented as specifiers of those declarations.
 * A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions.

cpp/ql/lib/change-notes/released/4.3.0.md

@@ -1,8 +0,0 @@
-## 4.3.0
-
-### New Features
-
-* New classes `TypeofType`, `TypeofExprType`, and `TypeofTypeType` were introduced, which represent the C23 `typeof` and `typeof_unqual` operators. The `TypeofExprType` class represents the variant taking an expression as its argument. The `TypeofTypeType` class represents the variant taking a type as its argument.
-* A new class `IntrinsicTransformedType` was introduced, which represents the type transforming intrinsics supported by clang, gcc, and MSVC.
-* Introduced `hasDesignator()` predicates to distinguish between designated and positional initializations for both struct/union fields and array elements.
-* Added the `isVla()` predicate to the `ArrayType` class. This allows queries to identify variable-length arrays (VLAs).

cpp/ql/lib/change-notes/released/4.3.1.md

@@ -1,5 +0,0 @@
-## 4.3.1
-
-### Bug Fixes
-
-* Fixed an infinite loop in `semmle.code.cpp.rangeanalysis.new.RangeAnalysis` when computing ranges in very large and complex function bodies.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.3.1
+lastReleaseVersion: 4.1.0

cpp/ql/lib/experimental/quantum/Language.qll

@@ -1,113 +0,0 @@
-private import cpp as Language
-import semmle.code.cpp.dataflow.new.DataFlow
-import codeql.quantum.experimental.Model
-
-module CryptoInput implements InputSig<Language::Location> {
-  class DataFlowNode = DataFlow::Node;
-
-  class LocatableElement = Language::Locatable;
-
-  class UnknownLocation = Language::UnknownDefaultLocation;
-
-  LocatableElement dfn_to_element(DataFlow::Node node) {
-    result = node.asExpr() or
-    result = node.asParameter() or
-    result = node.asVariable()
-  }
-
-  string locationToFileBaseNameAndLineNumberString(Location location) {
-    result = location.getFile().getBaseName() + ":" + location.getStartLine()
-  }
-
-  predicate artifactOutputFlowsToGenericInput(
-    DataFlow::Node artifactOutput, DataFlow::Node otherInput
-  ) {
-    ArtifactFlow::flow(artifactOutput, otherInput)
-  }
-}
-
-module Crypto = CryptographyBase<Language::Location, CryptoInput>;
-
-module ArtifactFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    source = any(Crypto::ArtifactInstance artifact).getOutputNode()
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    sink = any(Crypto::FlowAwareElement other).getInputNode()
-  }
-
-  predicate isBarrierOut(DataFlow::Node node) {
-    node = any(Crypto::FlowAwareElement element).getInputNode()
-  }
-
-  predicate isBarrierIn(DataFlow::Node node) {
-    node = any(Crypto::FlowAwareElement element).getOutputNode()
-  }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node1.(AdditionalFlowInputStep).getOutput() = node2
-  }
-}
-
-module ArtifactFlow = DataFlow::Global<ArtifactFlowConfig>;
-
-/**
- * Artifact output to node input configuration
- */
-abstract class AdditionalFlowInputStep extends DataFlow::Node {
-  abstract DataFlow::Node getOutput();
-
-  final DataFlow::Node getInput() { result = this }
-}
-
-/**
- * Generic data source to node input configuration
- */
-module GenericDataSourceFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    source = any(Crypto::GenericSourceInstance i).getOutputNode()
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    sink = any(Crypto::FlowAwareElement other).getInputNode()
-  }
-
-  predicate isBarrierOut(DataFlow::Node node) {
-    node = any(Crypto::FlowAwareElement element).getInputNode()
-  }
-
-  predicate isBarrierIn(DataFlow::Node node) {
-    node = any(Crypto::FlowAwareElement element).getOutputNode()
-  }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node1.(AdditionalFlowInputStep).getOutput() = node2
-  }
-}
-
-module ArtifactUniversalFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    source = any(Crypto::ArtifactInstance artifact).getOutputNode()
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    sink = any(Crypto::FlowAwareElement other).getInputNode()
-  }
-
-  predicate isBarrierOut(DataFlow::Node node) {
-    node = any(Crypto::FlowAwareElement element).getInputNode()
-  }
-
-  predicate isBarrierIn(DataFlow::Node node) {
-    node = any(Crypto::FlowAwareElement element).getOutputNode()
-  }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node1.(AdditionalFlowInputStep).getOutput() = node2
-  }
-}
-
-module ArtifactUniversalFlow = DataFlow::Global<ArtifactUniversalFlowConfig>;
-
-import OpenSSL.OpenSSL

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll

@@ -1,170 +0,0 @@
-import cpp
-import semmle.code.cpp.dataflow.new.DataFlow
-import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
-import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
-
-/**
- * Traces 'known algorithms' to AVCs, specifically
- * algorithms that are in the set of known algorithm constants.
- * Padding-specific consumers exist that have their own values that
- * overlap with the known algorithm constants.
- * Padding consumers (specific padding consumers) are excluded from the set of sinks.
- */
-module KnownOpenSSLAlgorithmToAlgorithmValueConsumerConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    source.asExpr() instanceof KnownOpenSSLAlgorithmConstant
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    exists(OpenSSLAlgorithmValueConsumer c |
-      c.getInputNode() = sink and
-      not c instanceof PaddingAlgorithmValueConsumer
-    )
-  }
-
-  predicate isBarrier(DataFlow::Node node) {
-    // False positive reducer, don't flow out through argv
-    exists(VariableAccess va, Variable v |
-      v.getAnAccess() = va and va = node.asExpr()
-      or
-      va = node.asIndirectExpr()
-    |
-      v.getName().matches("%argv")
-    )
-  }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    knownPassThroughStep(node1, node2)
-  }
-}
-
-module KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow =
-  DataFlow::Global<KnownOpenSSLAlgorithmToAlgorithmValueConsumerConfig>;
-
-module RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    source.asExpr() instanceof KnownOpenSSLAlgorithmConstant
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    exists(PaddingAlgorithmValueConsumer c | c.getInputNode() = sink)
-  }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    knownPassThroughStep(node1, node2)
-  }
-}
-
-module RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow =
-  DataFlow::Global<RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerConfig>;
-
-class OpenSSLAlgorithmAdditionalFlowStep extends AdditionalFlowInputStep {
-  OpenSSLAlgorithmAdditionalFlowStep() { exists(AlgorithmPassthroughCall c | c.getInNode() = this) }
-
-  override DataFlow::Node getOutput() {
-    exists(AlgorithmPassthroughCall c | c.getInNode() = this and c.getOutNode() = result)
-  }
-}
-
-abstract class AlgorithmPassthroughCall extends Call {
-  abstract DataFlow::Node getInNode();
-
-  abstract DataFlow::Node getOutNode();
-}
-
-class CopyAndDupAlgorithmPassthroughCall extends AlgorithmPassthroughCall {
-  DataFlow::Node inNode;
-  DataFlow::Node outNode;
-
-  CopyAndDupAlgorithmPassthroughCall() {
-    // Flow out through any return or other argument of the same type
-    // Assume flow in and out is asIndirectExpr or asDefinitingArgument since a pointer is assumed
-    // to be involved
-    // NOTE: not attempting to detect openssl specific copy/dup functions, but anything suspected to be copy/dup
-    this.getTarget().getName().toLowerCase().matches(["%_dup%", "%_copy%"]) and
-    exists(Expr inArg, Type t |
-      inArg = this.getAnArgument() and t = inArg.getUnspecifiedType().stripType()
-    |
-      inNode.asIndirectExpr() = inArg and
-      (
-        // Case 1: flow through another argument as an out arg of the same type
-        exists(Expr outArg |
-          outArg = this.getAnArgument() and
-          outArg != inArg and
-          outArg.getUnspecifiedType().stripType() = t
-        |
-          outNode.asDefiningArgument() = outArg
-        )
-        or
-        // Case 2: flow through the return value if the result is the same as the intput type
-        exists(Expr outArg | outArg = this and outArg.getUnspecifiedType().stripType() = t |
-          outNode.asIndirectExpr() = outArg
-        )
-      )
-    )
-  }
-
-  override DataFlow::Node getInNode() { result = inNode }
-
-  override DataFlow::Node getOutNode() { result = outNode }
-}
-
-class NIDToPointerPassthroughCall extends AlgorithmPassthroughCall {
-  DataFlow::Node inNode;
-  DataFlow::Node outNode;
-
-  NIDToPointerPassthroughCall() {
-    this.getTarget().getName() in ["OBJ_nid2obj", "OBJ_nid2ln", "OBJ_nid2sn"] and
-    inNode.asExpr() = this.getArgument(0) and
-    outNode.asExpr() = this
-    //outNode.asIndirectExpr() = this
-  }
-
-  override DataFlow::Node getInNode() { result = inNode }
-
-  override DataFlow::Node getOutNode() { result = outNode }
-}
-
-class PointerToPointerPassthroughCall extends AlgorithmPassthroughCall {
-  DataFlow::Node inNode;
-  DataFlow::Node outNode;
-
-  PointerToPointerPassthroughCall() {
-    this.getTarget().getName() = "OBJ_txt2obj" and
-    inNode.asIndirectExpr() = this.getArgument(0) and
-    outNode.asIndirectExpr() = this
-    or
-    //outNode.asExpr() = this
-    this.getTarget().getName() in ["OBJ_obj2txt", "i2t_ASN1_OBJECT"] and
-    inNode.asIndirectExpr() = this.getArgument(2) and
-    outNode.asDefiningArgument() = this.getArgument(0)
-  }
-
-  override DataFlow::Node getInNode() { result = inNode }
-
-  override DataFlow::Node getOutNode() { result = outNode }
-}
-
-class PointerToNIDPassthroughCall extends AlgorithmPassthroughCall {
-  DataFlow::Node inNode;
-  DataFlow::Node outNode;
-
-  PointerToNIDPassthroughCall() {
-    this.getTarget().getName() in ["OBJ_obj2nid", "OBJ_ln2nid", "OBJ_sn2nid", "OBJ_txt2nid"] and
-    (
-      inNode.asIndirectExpr() = this.getArgument(0)
-      or
-      inNode.asExpr() = this.getArgument(0)
-    ) and
-    outNode.asExpr() = this
-  }
-
-  override DataFlow::Node getInNode() { result = inNode }
-
-  override DataFlow::Node getOutNode() { result = outNode }
-}
-
-// TODO: pkeys pass through EVP_PKEY_CTX_new and any similar variant
-predicate knownPassThroughStep(DataFlow::Node node1, DataFlow::Node node2) {
-  exists(AlgorithmPassthroughCall c | c.getInNode() = node1 and c.getOutNode() = node2)
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/BlockAlgorithmInstance.qll

@@ -1,76 +0,0 @@
-import cpp
-import experimental.quantum.Language
-import OpenSSLAlgorithmInstanceBase
-import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
-import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
-import AlgToAVCFlow
-
-/**
- * Given a `KnownOpenSSLBlockModeAlgorithmConstant`, converts this to a block family type.
- * Does not bind if there is know mapping (no mapping to 'unknown' or 'other').
- */
-predicate knownOpenSSLConstantToBlockModeFamilyType(
-  KnownOpenSSLBlockModeAlgorithmConstant e, Crypto::TBlockCipherModeOfOperationType type
-) {
-  exists(string name |
-    name = e.getNormalizedName() and
-    (
-      name.matches("CBC") and type instanceof Crypto::CBC
-      or
-      name.matches("CFB%") and type instanceof Crypto::CFB
-      or
-      name.matches("CTR") and type instanceof Crypto::CTR
-      or
-      name.matches("GCM") and type instanceof Crypto::GCM
-      or
-      name.matches("OFB") and type instanceof Crypto::OFB
-      or
-      name.matches("XTS") and type instanceof Crypto::XTS
-      or
-      name.matches("CCM") and type instanceof Crypto::CCM
-      or
-      name.matches("GCM") and type instanceof Crypto::GCM
-      or
-      name.matches("CCM") and type instanceof Crypto::CCM
-      or
-      name.matches("ECB") and type instanceof Crypto::ECB
-    )
-  )
-}
-
-class KnownOpenSSLBlockModeConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
-  Crypto::ModeOfOperationAlgorithmInstance instanceof KnownOpenSSLBlockModeAlgorithmConstant
-{
-  OpenSSLAlgorithmValueConsumer getterCall;
-
-  KnownOpenSSLBlockModeConstantAlgorithmInstance() {
-    // Two possibilities:
-    // 1) The source is a literal and flows to a getter, then we know we have an instance
-    // 2) The source is a KnownOpenSSLAlgorithm is call, and we know we have an instance immediately from that
-    // Possibility 1:
-    this instanceof Literal and
-    exists(DataFlow::Node src, DataFlow::Node sink |
-      // Sink is an argument to a CipherGetterCall
-      sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and
-      // Source is `this`
-      src.asExpr() = this and
-      // This traces to a getter
-      KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
-    )
-    or
-    // Possibility 2:
-    this instanceof DirectAlgorithmValueConsumer and getterCall = this
-  }
-
-  override Crypto::TBlockCipherModeOfOperationType getModeType() {
-    knownOpenSSLConstantToBlockModeFamilyType(this, result)
-    or
-    not knownOpenSSLConstantToBlockModeFamilyType(this, _) and result = Crypto::OtherMode()
-  }
-
-  // NOTE: I'm not going to attempt to parse out the mode specific part, so returning
-  // the same as the raw name for now.
-  override string getRawModeAlgorithmName() { result = this.(Literal).getValue().toString() }
-
-  override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll

@@ -1,126 +0,0 @@
-import cpp
-import experimental.quantum.Language
-import KnownAlgorithmConstants
-import Crypto::KeyOpAlg as KeyOpAlg
-import OpenSSLAlgorithmInstanceBase
-import PaddingAlgorithmInstance
-import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
-import AlgToAVCFlow
-import BlockAlgorithmInstance
-
-/**
- * Given a `KnownOpenSSLCipherAlgorithmConstant`, converts this to a cipher family type.
- * Does not bind if there is know mapping (no mapping to 'unknown' or 'other').
- */
-predicate knownOpenSSLConstantToCipherFamilyType(
-  KnownOpenSSLCipherAlgorithmConstant e, Crypto::KeyOpAlg::TAlgorithm type
-) {
-  exists(string name |
-    name = e.getNormalizedName() and
-    (
-      name.matches("AES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::AES())
-      or
-      name.matches("ARIA%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::ARIA())
-      or
-      name.matches("BLOWFISH%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH())
-      or
-      name.matches("BF%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH())
-      or
-      name.matches("CAMELLIA%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::CAMELLIA())
-      or
-      name.matches("CHACHA20%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::CHACHA20())
-      or
-      name.matches("CAST5%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::CAST5())
-      or
-      name.matches("2DES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DoubleDES())
-      or
-      name.matches("3DES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::TripleDES())
-      or
-      name.matches("DES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DES())
-      or
-      name.matches("DESX%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DESX())
-      or
-      name.matches("GOST%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::GOST())
-      or
-      name.matches("IDEA%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::IDEA())
-      or
-      name.matches("KUZNYECHIK%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::KUZNYECHIK())
-      or
-      name.matches("MAGMA%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::MAGMA())
-      or
-      name.matches("RC2%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC2())
-      or
-      name.matches("RC4%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC4())
-      or
-      name.matches("RC5%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC5())
-      or
-      name.matches("RSA%") and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA())
-      or
-      name.matches("SEED%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::SEED())
-      or
-      name.matches("SM4%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::SM4())
-    )
-  )
-}
-
-class KnownOpenSSLCipherConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
-  Crypto::KeyOperationAlgorithmInstance instanceof KnownOpenSSLCipherAlgorithmConstant
-{
-  OpenSSLAlgorithmValueConsumer getterCall;
-
-  KnownOpenSSLCipherConstantAlgorithmInstance() {
-    // Two possibilities:
-    // 1) The source is a literal and flows to a getter, then we know we have an instance
-    // 2) The source is a KnownOpenSSLAlgorithm is call, and we know we have an instance immediately from that
-    // Possibility 1:
-    this instanceof Literal and
-    exists(DataFlow::Node src, DataFlow::Node sink |
-      // Sink is an argument to a CipherGetterCall
-      sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and
-      // Source is `this`
-      src.asExpr() = this and
-      // This traces to a getter
-      KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
-    )
-    or
-    // Possibility 2:
-    this instanceof DirectAlgorithmValueConsumer and getterCall = this
-  }
-
-  override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() {
-    // if there is a block mode associated with the same element, then that's the block mode
-    // note, if none are associated, we may need to parse if the cipher is a block cipher
-    // to determine if this is an unknown vs not relevant.
-    result = this
-  }
-
-  override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() {
-    //TODO: the padding is either self, or it flows through getter ctx to a set padding call
-    // like EVP_PKEY_CTX_set_rsa_padding
-    result = this
-    // TODO or trace through getter ctx to set padding
-  }
-
-  override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }
-
-  override string getKeySizeFixed() {
-    exists(int keySize |
-      this.(KnownOpenSSLCipherAlgorithmConstant).getExplicitKeySize() = keySize and
-      result = keySize.toString()
-    )
-  }
-
-  override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
-    knownOpenSSLConstantToCipherFamilyType(this, result)
-    or
-    not knownOpenSSLConstantToCipherFamilyType(this, _) and
-    result = Crypto::KeyOpAlg::TUnknownKeyOperationAlgorithmType()
-  }
-
-  override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
-
-  override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() {
-    // TODO: trace to any key size initializer, symmetric and asymmetric
-    none()
-  }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll

@@ -1,83 +0,0 @@
-import cpp
-import experimental.quantum.Language
-import KnownAlgorithmConstants
-import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
-import AlgToAVCFlow
-
-predicate knownOpenSSLConstantToHashFamilyType(
-  KnownOpenSSLHashAlgorithmConstant e, Crypto::THashType type
-) {
-  exists(string name |
-    name = e.getNormalizedName() and
-    (
-      name.matches("BLAKE2B") and type instanceof Crypto::BLAKE2B
-      or
-      name.matches("BLAKE2S") and type instanceof Crypto::BLAKE2S
-      or
-      name.matches("GOST%") and type instanceof Crypto::GOSTHash
-      or
-      name.matches("MD2") and type instanceof Crypto::MD2
-      or
-      name.matches("MD4") and type instanceof Crypto::MD4
-      or
-      name.matches("MD5") and type instanceof Crypto::MD5
-      or
-      name.matches("MDC2") and type instanceof Crypto::MDC2
-      or
-      name.matches("POLY1305") and type instanceof Crypto::POLY1305
-      or
-      name.matches(["SHA", "SHA1"]) and type instanceof Crypto::SHA1
-      or
-      name.matches("SHA+%") and not name.matches(["SHA1", "SHA3-"]) and type instanceof Crypto::SHA2
-      or
-      name.matches("SHA3-%") and type instanceof Crypto::SHA3
-      or
-      name.matches(["SHAKE"]) and type instanceof Crypto::SHAKE
-      or
-      name.matches("SM3") and type instanceof Crypto::SM3
-      or
-      name.matches("RIPEMD160") and type instanceof Crypto::RIPEMD160
-      or
-      name.matches("WHIRLPOOL") and type instanceof Crypto::WHIRLPOOL
-    )
-  )
-}
-
-class KnownOpenSSLHashConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
-  Crypto::HashAlgorithmInstance instanceof KnownOpenSSLHashAlgorithmConstant
-{
-  OpenSSLAlgorithmValueConsumer getterCall;
-
-  KnownOpenSSLHashConstantAlgorithmInstance() {
-    // Two possibilities:
-    // 1) The source is a literal and flows to a getter, then we know we have an instance
-    // 2) The source is a KnownOpenSSLAlgorithm is call, and we know we have an instance immediately from that
-    // Possibility 1:
-    this instanceof Literal and
-    exists(DataFlow::Node src, DataFlow::Node sink |
-      // Sink is an argument to a CipherGetterCall
-      sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and
-      // Source is `this`
-      src.asExpr() = this and
-      // This traces to a getter
-      KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
-    )
-    or
-    // Possibility 2:
-    this instanceof DirectAlgorithmValueConsumer and getterCall = this
-  }
-
-  override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
-
-  override Crypto::THashType getHashFamily() {
-    knownOpenSSLConstantToHashFamilyType(this, result)
-    or
-    not knownOpenSSLConstantToHashFamilyType(this, _) and result = Crypto::OtherHashType()
-  }
-
-  override string getRawHashAlgorithmName() { result = this.(Literal).getValue().toString() }
-
-  override int getFixedDigestLength() {
-    this.(KnownOpenSSLHashAlgorithmConstant).getExplicitDigestLength() = result
-  }
-}