Java: accept new test results

Merge `rc/3.22` into `main`

CODEOWNERS

@@ -2,7 +2,7 @@
 * @github/code-scanning-alert-coverage
 
 # CodeQL language libraries
-/actions/ @github/codeql-dynamic
+/actions/ @github/code-scanning-alert-coverage
 /cpp/ @github/codeql-c-analysis
 /csharp/ @github/codeql-csharp
 /csharp/autobuilder/Semmle.Autobuild.Cpp @github/codeql-c-extractor @github/code-scanning-language-coverage

MODULE.bazel

@@ -248,7 +248,6 @@ use_repo(
     "kotlin-compiler-2.2.20-Beta2",
     "kotlin-compiler-2.3.0",
     "kotlin-compiler-2.3.20",
-    "kotlin-compiler-2.4.0",
     "kotlin-compiler-embeddable-1.8.0",
     "kotlin-compiler-embeddable-1.9.0-Beta",
     "kotlin-compiler-embeddable-1.9.20-Beta",
@@ -260,7 +259,6 @@ use_repo(
     "kotlin-compiler-embeddable-2.2.20-Beta2",
     "kotlin-compiler-embeddable-2.3.0",
     "kotlin-compiler-embeddable-2.3.20",
-    "kotlin-compiler-embeddable-2.4.0",
     "kotlin-stdlib-1.8.0",
     "kotlin-stdlib-1.9.0-Beta",
     "kotlin-stdlib-1.9.20-Beta",
@@ -272,7 +270,6 @@ use_repo(
     "kotlin-stdlib-2.2.20-Beta2",
     "kotlin-stdlib-2.3.0",
     "kotlin-stdlib-2.3.20",
-    "kotlin-stdlib-2.4.0",
 )
 
 go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")

actions/ql/lib/CHANGELOG.md

@@ -2,7 +2,7 @@
 
 ### Minor Analysis Improvements
 
-* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.
+* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, including regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a SHA-1 or SHA-256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.
 
 ## 0.4.36
 

actions/ql/lib/change-notes/released/0.4.37.md

@@ -2,4 +2,4 @@
 
 ### Minor Analysis Improvements
 
-* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.
+* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, including regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a SHA-1 or SHA-256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.

actions/ql/lib/codeql/actions/ast/internal/Ast.qll

@@ -1920,3 +1920,5 @@ private YamlMappingLikeNode resolveMatrixAccessPath(
     else result = resolveMatrixAccessPath(newRoot, rest)
   )
 }
+
+class Comment = YamlComment;

actions/ql/lib/codeql/actions/ast/internal/Yaml.qll

@@ -52,6 +52,12 @@ private module YamlSig implements LibYaml::InputSig {
   class ParseErrorBase extends LocatableBase, @yaml_error {
     string getMessage() { yaml_errors(this, result) }
   }
+
+  class CommentBase extends LocatableBase, @yaml_comment {
+    string getText() { yaml_comments(this, result, _) }
+
+    override string toString() { yaml_comments(this, _, result) }
+  }
 }
 
 import LibYaml::Make<YamlSig>

actions/ql/src/CHANGELOG.md

@@ -15,7 +15,7 @@
 
 ### Bug Fixes
 
-* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check.
+* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on a minor point, added one more listed resource and added one more recommendation for things to check.
 
 ## 0.6.28
 

actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.ql

@@ -1,8 +1,8 @@
 /**
- * @name Checkout of untrusted code in a trusted context
- * @description Privileged workflows have read/write access to the base repository and access to secrets.
- *              By explicitly checking out and running the build script from a fork the untrusted code is running in an environment
- *              that is able to push to the base repository and to access secrets.
+ * @name Checkout of untrusted code in a non-privileged context
+ * @description Checking out and running the build script from a fork executes untrusted code. Even in a
+ *              non-privileged workflow, this can be abused, for example to compromise self-hosted runners
+ *              or to poison caches and artifacts that are later consumed by privileged workflows.
  * @kind problem
  * @problem.severity warning
  * @precision medium
@@ -20,4 +20,4 @@ from PRHeadCheckoutStep checkout
 where
   // the checkout occurs in a non-privileged context
   inNonPrivilegedContext(checkout)
-select checkout, "Potential unsafe checkout of untrusted pull request on privileged workflow."
+select checkout, "Potential unsafe checkout of untrusted pull request on non-privileged workflow."

actions/ql/src/change-notes/2026-06-04-untrusted-checkout-medium-metadata.md

@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* The name, description, and alert message of `actions/untrusted-checkout/medium` have been corrected to describe a non-privileged context.

actions/ql/src/change-notes/released/0.6.29.md

@@ -15,4 +15,4 @@
 
 ### Bug Fixes
 
-* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check.
+* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on a minor point, added one more listed resource and added one more recommendation for things to check.

actions/ql/test/query-tests/Security/CWE-829/UntrustedCheckoutMedium.expected

@@ -1,10 +1,10 @@
-| .github/workflows/artifactpoisoning81.yml:11:9:14:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/dependabot2.yml:33:9:38:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/mend.yml:22:9:29:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/poc3.yml:18:7:25:4 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/poc.yml:30:9:36:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/priv_pull_request_checkout.yml:14:9:20:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/test3.yml:28:9:33:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/test4.yml:18:7:25:4 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/test8.yml:20:9:26:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/test9.yml:11:9:16:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
+| .github/workflows/artifactpoisoning81.yml:11:9:14:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/dependabot2.yml:33:9:38:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/mend.yml:22:9:29:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/poc3.yml:18:7:25:4 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/poc.yml:30:9:36:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/priv_pull_request_checkout.yml:14:9:20:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/test3.yml:28:9:33:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/test4.yml:18:7:25:4 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/test8.yml:20:9:26:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/test9.yml:11:9:16:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |

docs/codeql/reusables/supported-versions-compilers.rst

@@ -21,7 +21,7 @@
    Java,"Java 7 to 26 [6]_","javac (OpenJDK and Oracle JDK),
 
    Eclipse compiler for Java (ECJ) [7]_",``.java``
-   Kotlin,"Kotlin 1.8.0 to 2.4.\ *x*","kotlinc",``.kt``
+   Kotlin,"Kotlin 1.8.0 to 2.3.2\ *x*","kotlinc",``.kt``
    JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [8]_"
    Python [9]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13",Not applicable,``.py``
    Ruby [10]_,"up to 3.3",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``"

go/ql/lib/change-notes/2026-06-08-deprecate-functypeexpr-getresultdecl.md

@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* `FuncTypeExpr.getResultDecl()` has been deprecated. Use `FuncTypeExpr.getResultDecl(int i)` instead.

go/ql/lib/change-notes/2026-06-08-fix-result-nodes.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* `DataFlow::ResultNode`s are no longer created for returned expressions in functions with named result parameters. In this case there are already result nodes corresponding to `IR::ReadResultInstruction`s at the end of the function body.

go/ql/lib/change-notes/2026-06-08-functypeexpr-getnumresult.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* `FuncTypeExpr.getNumResult()` now gets the number of result parameters. It previously got the number of result declarations, which is different when one result declaration declares more than one variable, as in `x, y int`. All uses of it expected the number of result parameters. Its QLDoc has been updated.

go/ql/lib/semmle/go/Expr.qll

@@ -1049,17 +1049,29 @@ class FuncTypeExpr extends @functypeexpr, TypeExpr, ScopeNode, FieldParent {
    */
   int getNumParameter() { result = count(this.getAParameterDecl().getANameExpr()) }
 
-  /** Gets the `i`th result of this function type (0-based). */
+  /**
+   * Gets the `i`th result declaration of this function type (0-based).
+   *
+   * Note: `x, y int` is a single `ResultVariableDecl`.
+   */
   ResultVariableDecl getResultDecl(int i) { result = this.getField(-(i + 1)) }
 
-  /** Gets a result of this function type. */
+  /**
+   * Gets a result declaration of this function type.
+   *
+   * Note: `x, y int` is a single `ResultVariableDecl`.
+   */
   ResultVariableDecl getAResultDecl() { result = this.getResultDecl(_) }
 
-  /** Gets the number of results of this function type. */
-  int getNumResult() { result = count(this.getAResultDecl()) }
+  /** Gets the number of result parameters of this function type. */
+  int getNumResult() { result = count(this.getAResultDecl().getANameExpr()) }
 
-  /** Gets the result of this function type, if there is only one. */
-  ResultVariableDecl getResultDecl() { this.getNumResult() = 1 and result = this.getAResultDecl() }
+  /**
+   * DEPRECATED: Use `getResultDecl(int i)` instead.
+   */
+  deprecated ResultVariableDecl getResultDecl() {
+    this.getNumResult() = 1 and result = this.getAResultDecl()
+  }
 
   override string toString() { result = "function type" }
 

go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll

@@ -923,15 +923,20 @@ module Public {
   /**
    * A node whose value is returned as a result from a function.
    *
-   * This can either be a node corresponding to an expression in a return statement,
-   * or a node representing the current value of a named result variable at the exit
-   * of the function.
+   * If the function declares named result variables, this is a node representing
+   * the current value of one of those variables at function exit. Otherwise, this
+   * is a node corresponding to an expression in a return statement.
    */
   class ResultNode extends InstructionNode {
     int i;
 
     ResultNode() {
       exists(FuncDef fd |
+        // If the function has named result variables, then the
+        // `IR::ReadResultInstruction` nodes at the end of the function are
+        // the correct result nodes. Otherwise, the returned expressions are
+        // the result nodes.
+        not exists(fd.getAResultVar()) and
         exists(IR::ReturnInstruction ret | ret.getRoot() = fd | insn = ret.getResult(i))
         or
         insn.(IR::ReadResultInstruction).reads(fd.getResultVar(i))

go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql

@@ -55,7 +55,7 @@ class SyncFileFun extends Method {
 
 /**
  * Holds if a `call` to a function is "unhandled". That is, it is either
- * deferred or its result is not assigned to anything.
+ * deferred or used as an expression statement, so that its result is discarded.
  *
  * TODO: maybe we should check that something is actually done with the result
  */
@@ -77,7 +77,6 @@ predicate isWritableFileHandle(DataFlow::Node source, DataFlow::CallNode call) {
     // get the flags expression used for opening the file
     call.getArgument(1) = flags and
     // extract individual flags from the argument
-    // flag = flag.getAChild*() and
     flag = getConstants(flags.asExpr()) and
     // check for one which signals that the handle will be writable
     // note that we are underestimating here, since the flags may be
@@ -87,27 +86,18 @@ predicate isWritableFileHandle(DataFlow::Node source, DataFlow::CallNode call) {
 }
 
 /**
- * Holds if `os.File.Close` is called on `sink`.
+ * Holds if `postDominator` post-dominates `node` in the control-flow graph. That is,
+ * every path from `node` to the exit of the enclosing function passes through
+ * `postDominator`.
  */
-predicate isCloseSink(DataFlow::Node sink, DataFlow::CallNode closeCall) {
-  // find calls to the os.File.Close function
-  closeCall = any(CloseFileFun f).getACall() and
-  // that are unhandled
-  unhandledCall(closeCall) and
-  // where the function is called on the sink
-  closeCall.getReceiver() = sink and
-  // and check that it is not dominated by a call to `os.File.Sync`.
-  // TODO: fix this logic when `closeCall` is in a defer statement.
-  not exists(IR::Instruction syncInstr, DataFlow::Node syncReceiver, DataFlow::CallNode syncCall |
-    // match the instruction corresponding to an `os.File.Sync` call with the predecessor
-    syncCall.asInstruction() = syncInstr and
-    // check that the call to `os.File.Sync` is handled
-    isHandledSync(syncReceiver, syncCall) and
-    // find a predecessor to `closeCall` in the control flow graph which dominates the call to
-    // `os.File.Close`
-    syncInstr.dominatesNode(closeCall.asInstruction()) and
-    // check that `os.File.Sync` is called on the same object as `os.File.Close`
-    exists(DataFlow::SsaNode ssa | ssa.getAUse() = sink and ssa.getAUse() = syncReceiver)
+pragma[inline]
+predicate postDominatesNode(ControlFlow::Node postDominator, ControlFlow::Node node) {
+  exists(ReachableBasicBlock pdbb, ReachableBasicBlock nbb, int i, int j |
+    postDominator = pdbb.getNode(i) and node = nbb.getNode(j)
+  |
+    pdbb.strictlyPostDominates(nbb)
+    or
+    pdbb = nbb and i >= j
   )
 }
 
@@ -127,7 +117,39 @@ predicate isHandledSync(DataFlow::Node sink, DataFlow::CallNode syncCall) {
 module UnhandledFileCloseConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { isWritableFileHandle(source, _) }
 
-  predicate isSink(DataFlow::Node sink) { isCloseSink(sink, _) }
+  predicate isSink(DataFlow::Node sink) {
+    exists(DataFlow::CallNode closeCall |
+      // `closeCall` is an unhandled call to `os.File.Close` on `sink`
+      closeCall = any(CloseFileFun f).getACall() and
+      unhandledCall(closeCall) and
+      closeCall.getReceiver() = sink
+    |
+      // `closeCall` is not guaranteed to be preceded during
+      // execution by a handled call to `os.File.Sync` on the same file handle.
+      not exists(DataFlow::Node syncReceiver, DataFlow::CallNode syncCall |
+        // check that the call to `os.File.Sync` is handled
+        isHandledSync(syncReceiver, syncCall) and
+        // check that `os.File.Sync` is called on the same object as `os.File.Close`
+        exists(DataFlow::SsaNode ssa | ssa.getAUse() = sink and ssa.getAUse() = syncReceiver)
+      |
+        if exists(DeferStmt defer | defer.getCall() = closeCall.asExpr())
+        then
+          // When the call to `os.File.Close` is deferred it runs when the enclosing function
+          // returns, but the receiver of the deferred call is evaluated where the `defer`
+          // statement appears. It is therefore enough for the handled call to `os.File.Sync`
+          // to post-dominate that point, since that guarantees `os.File.Sync` runs before the
+          // deferred `os.File.Close` on every path on which the `os.File.Close` is registered.
+          // We cannot reuse the domination check below because the control-flow graph splices
+          // the deferred call in at the function exit, where it may be reachable along paths
+          // that do not pass through the call to `os.File.Sync`.
+          postDominatesNode(syncCall.asInstruction(), sink.asInstruction())
+        else
+          // Otherwise the call to `os.File.Close` is executed where it appears, so we require
+          // the handled call to `os.File.Sync` to dominate it.
+          syncCall.asInstruction().dominatesNode(closeCall.asInstruction())
+      )
+    )
+  }
 
   predicate observeDiffInformedIncrementalMode() { any() }
 
@@ -148,14 +170,12 @@ import UnhandledFileCloseFlow::PathGraph
 
 from
   UnhandledFileCloseFlow::PathNode source, DataFlow::CallNode openCall,
-  UnhandledFileCloseFlow::PathNode sink, DataFlow::CallNode closeCall
+  UnhandledFileCloseFlow::PathNode sink
 where
   // find data flow from an `os.OpenFile` call to an `os.File.Close` call
   // where the handle is writable
   UnhandledFileCloseFlow::flowPath(source, sink) and
-  isWritableFileHandle(source.getNode(), openCall) and
-  // get the `CallNode` corresponding to the sink
-  isCloseSink(sink.getNode(), closeCall)
+  isWritableFileHandle(source.getNode(), openCall)
 select sink, source, sink,
   "File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly.",
   openCall, openCall.toString()

go/ql/src/change-notes/2026-06-04-unhandled-writable-file-close.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The query `go/unhandled-writable-file-close` ("Writable file handle closed without error handling") now produces fewer false positives. A deferred call to `Close` that is preceded on every execution path by a handled call to `Sync` on the same file handle is no longer flagged.

go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/ControlFlowNode_getASuccessor.expected

@@ -735,129 +735,153 @@
 | main.go:48:11:48:12 | 42 | main.go:48:2:48:7 | assignment to result |
 | main.go:49:2:49:7 | return statement | main.go:47:13:47:18 | implicit read of result |
 | main.go:52:1:54:1 | entry | main.go:52:14:52:19 | zero value for result |
-| main.go:52:1:54:1 | function declaration | main.go:56:6:56:10 | skip |
+| main.go:52:1:54:1 | function declaration | main.go:56:6:56:9 | skip |
 | main.go:52:6:52:9 | skip | main.go:52:1:54:1 | function declaration |
 | main.go:52:14:52:19 | implicit read of result | main.go:52:1:54:1 | exit |
 | main.go:52:14:52:19 | initialization of result | main.go:53:2:53:7 | return statement |
 | main.go:52:14:52:19 | zero value for result | main.go:52:14:52:19 | initialization of result |
 | main.go:53:2:53:7 | return statement | main.go:52:14:52:19 | implicit read of result |
-| main.go:56:1:80:1 | entry | main.go:57:6:57:6 | skip |
-| main.go:56:1:80:1 | function declaration | main.go:82:6:82:13 | skip |
-| main.go:56:6:56:10 | skip | main.go:56:1:80:1 | function declaration |
-| main.go:57:6:57:6 | assignment to x | main.go:58:6:58:9 | cond |
-| main.go:57:6:57:6 | skip | main.go:57:6:57:6 | zero value for x |
-| main.go:57:6:57:6 | zero value for x | main.go:57:6:57:6 | assignment to x |
-| main.go:58:6:58:9 | cond | main.go:58:6:58:11 | call to cond |
-| main.go:58:6:58:11 | call to cond | main.go:56:1:80:1 | exit |
-| main.go:58:6:58:11 | call to cond | main.go:58:6:58:11 | call to cond is false |
-| main.go:58:6:58:11 | call to cond | main.go:58:6:58:11 | call to cond is true |
-| main.go:58:6:58:11 | call to cond is false | main.go:61:2:61:10 | selection of Print |
-| main.go:58:6:58:11 | call to cond is true | main.go:59:3:59:3 | skip |
-| main.go:59:3:59:3 | assignment to x | main.go:58:6:58:9 | cond |
-| main.go:59:3:59:3 | skip | main.go:59:7:59:7 | 2 |
-| main.go:59:7:59:7 | 2 | main.go:59:3:59:3 | assignment to x |
-| main.go:61:2:61:10 | selection of Print | main.go:61:12:61:12 | x |
-| main.go:61:2:61:13 | call to Print | main.go:56:1:80:1 | exit |
-| main.go:61:2:61:13 | call to Print | main.go:63:2:63:2 | skip |
-| main.go:61:12:61:12 | x | main.go:61:2:61:13 | call to Print |
-| main.go:63:2:63:2 | assignment to y | main.go:64:6:64:6 | skip |
-| main.go:63:2:63:2 | skip | main.go:63:7:63:7 | 1 |
-| main.go:63:7:63:7 | 1 | main.go:63:2:63:2 | assignment to y |
-| main.go:64:6:64:6 | assignment to i | main.go:65:6:65:9 | cond |
-| main.go:64:6:64:6 | skip | main.go:64:11:64:11 | 0 |
-| main.go:64:11:64:11 | 0 | main.go:64:6:64:6 | assignment to i |
-| main.go:64:16:64:16 | i | main.go:64:16:64:18 | 1 |
-| main.go:64:16:64:18 | 1 | main.go:64:16:64:18 | rhs of increment statement |
-| main.go:64:16:64:18 | increment statement | main.go:65:6:65:9 | cond |
-| main.go:64:16:64:18 | rhs of increment statement | main.go:64:16:64:18 | increment statement |
-| main.go:65:6:65:9 | cond | main.go:65:6:65:11 | call to cond |
-| main.go:65:6:65:11 | call to cond | main.go:56:1:80:1 | exit |
-| main.go:65:6:65:11 | call to cond | main.go:65:6:65:11 | call to cond is false |
-| main.go:65:6:65:11 | call to cond | main.go:65:6:65:11 | call to cond is true |
-| main.go:65:6:65:11 | call to cond is false | main.go:68:3:68:3 | skip |
-| main.go:65:6:65:11 | call to cond is true | main.go:66:4:66:8 | skip |
-| main.go:66:4:66:8 | skip | main.go:70:2:70:10 | selection of Print |
-| main.go:68:3:68:3 | assignment to y | main.go:64:16:64:16 | i |
-| main.go:68:3:68:3 | skip | main.go:68:7:68:7 | 2 |
-| main.go:68:7:68:7 | 2 | main.go:68:3:68:3 | assignment to y |
-| main.go:70:2:70:10 | selection of Print | main.go:70:12:70:12 | y |
-| main.go:70:2:70:13 | call to Print | main.go:56:1:80:1 | exit |
-| main.go:70:2:70:13 | call to Print | main.go:72:2:72:2 | skip |
-| main.go:70:12:70:12 | y | main.go:70:2:70:13 | call to Print |
-| main.go:72:2:72:2 | assignment to z | main.go:73:6:73:6 | skip |
-| main.go:72:2:72:2 | skip | main.go:72:7:72:7 | 1 |
-| main.go:72:7:72:7 | 1 | main.go:72:2:72:2 | assignment to z |
-| main.go:73:6:73:6 | assignment to i | main.go:74:3:74:3 | skip |
-| main.go:73:6:73:6 | skip | main.go:73:11:73:11 | 0 |
-| main.go:73:11:73:11 | 0 | main.go:73:6:73:6 | assignment to i |
-| main.go:73:16:73:16 | i | main.go:73:16:73:18 | 1 |
-| main.go:73:16:73:18 | 1 | main.go:73:16:73:18 | rhs of increment statement |
-| main.go:73:16:73:18 | increment statement | main.go:74:3:74:3 | skip |
-| main.go:73:16:73:18 | rhs of increment statement | main.go:73:16:73:18 | increment statement |
-| main.go:74:3:74:3 | assignment to z | main.go:75:6:75:9 | cond |
-| main.go:74:3:74:3 | skip | main.go:74:7:74:7 | 2 |
-| main.go:74:7:74:7 | 2 | main.go:74:3:74:3 | assignment to z |
+| main.go:56:1:64:1 | entry | main.go:56:11:56:18 | argument corresponding to selector |
+| main.go:56:1:64:1 | function declaration | main.go:66:6:66:10 | skip |
+| main.go:56:6:56:9 | skip | main.go:56:1:64:1 | function declaration |
+| main.go:56:11:56:18 | argument corresponding to selector | main.go:56:11:56:18 | initialization of selector |
+| main.go:56:11:56:18 | initialization of selector | main.go:56:26:56:31 | zero value for result |
+| main.go:56:26:56:31 | implicit read of result | main.go:56:1:64:1 | exit |
+| main.go:56:26:56:31 | initialization of result | main.go:57:2:57:7 | skip |
+| main.go:56:26:56:31 | zero value for result | main.go:56:26:56:31 | initialization of result |
+| main.go:57:2:57:7 | assignment to result | main.go:58:5:58:12 | selector |
+| main.go:57:2:57:7 | skip | main.go:57:11:57:11 | 0 |
+| main.go:57:11:57:11 | 0 | main.go:57:2:57:7 | assignment to result |
+| main.go:58:5:58:12 | selector | main.go:58:17:58:17 | 1 |
+| main.go:58:5:58:17 | ...==... | main.go:58:5:58:17 | ...==... is false |
+| main.go:58:5:58:17 | ...==... | main.go:58:5:58:17 | ...==... is true |
+| main.go:58:5:58:17 | ...==... is false | main.go:61:3:61:8 | skip |
+| main.go:58:5:58:17 | ...==... is true | main.go:59:10:59:10 | 1 |
+| main.go:58:17:58:17 | 1 | main.go:58:5:58:17 | ...==... |
+| main.go:59:3:59:10 | return statement | main.go:56:26:56:31 | implicit read of result |
+| main.go:59:10:59:10 | 1 | main.go:59:10:59:10 | implicit write of result |
+| main.go:59:10:59:10 | implicit write of result | main.go:59:3:59:10 | return statement |
+| main.go:61:3:61:8 | assignment to result | main.go:63:2:63:7 | return statement |
+| main.go:61:3:61:8 | skip | main.go:61:12:61:12 | 2 |
+| main.go:61:12:61:12 | 2 | main.go:61:3:61:8 | assignment to result |
+| main.go:63:2:63:7 | return statement | main.go:56:26:56:31 | implicit read of result |
+| main.go:66:1:90:1 | entry | main.go:67:6:67:6 | skip |
+| main.go:66:1:90:1 | function declaration | main.go:92:6:92:13 | skip |
+| main.go:66:6:66:10 | skip | main.go:66:1:90:1 | function declaration |
+| main.go:67:6:67:6 | assignment to x | main.go:68:6:68:9 | cond |
+| main.go:67:6:67:6 | skip | main.go:67:6:67:6 | zero value for x |
+| main.go:67:6:67:6 | zero value for x | main.go:67:6:67:6 | assignment to x |
+| main.go:68:6:68:9 | cond | main.go:68:6:68:11 | call to cond |
+| main.go:68:6:68:11 | call to cond | main.go:66:1:90:1 | exit |
+| main.go:68:6:68:11 | call to cond | main.go:68:6:68:11 | call to cond is false |
+| main.go:68:6:68:11 | call to cond | main.go:68:6:68:11 | call to cond is true |
+| main.go:68:6:68:11 | call to cond is false | main.go:71:2:71:10 | selection of Print |
+| main.go:68:6:68:11 | call to cond is true | main.go:69:3:69:3 | skip |
+| main.go:69:3:69:3 | assignment to x | main.go:68:6:68:9 | cond |
+| main.go:69:3:69:3 | skip | main.go:69:7:69:7 | 2 |
+| main.go:69:7:69:7 | 2 | main.go:69:3:69:3 | assignment to x |
+| main.go:71:2:71:10 | selection of Print | main.go:71:12:71:12 | x |
+| main.go:71:2:71:13 | call to Print | main.go:66:1:90:1 | exit |
+| main.go:71:2:71:13 | call to Print | main.go:73:2:73:2 | skip |
+| main.go:71:12:71:12 | x | main.go:71:2:71:13 | call to Print |
+| main.go:73:2:73:2 | assignment to y | main.go:74:6:74:6 | skip |
+| main.go:73:2:73:2 | skip | main.go:73:7:73:7 | 1 |
+| main.go:73:7:73:7 | 1 | main.go:73:2:73:2 | assignment to y |
+| main.go:74:6:74:6 | assignment to i | main.go:75:6:75:9 | cond |
+| main.go:74:6:74:6 | skip | main.go:74:11:74:11 | 0 |
+| main.go:74:11:74:11 | 0 | main.go:74:6:74:6 | assignment to i |
+| main.go:74:16:74:16 | i | main.go:74:16:74:18 | 1 |
+| main.go:74:16:74:18 | 1 | main.go:74:16:74:18 | rhs of increment statement |
+| main.go:74:16:74:18 | increment statement | main.go:75:6:75:9 | cond |
+| main.go:74:16:74:18 | rhs of increment statement | main.go:74:16:74:18 | increment statement |
 | main.go:75:6:75:9 | cond | main.go:75:6:75:11 | call to cond |
-| main.go:75:6:75:11 | call to cond | main.go:56:1:80:1 | exit |
+| main.go:75:6:75:11 | call to cond | main.go:66:1:90:1 | exit |
 | main.go:75:6:75:11 | call to cond | main.go:75:6:75:11 | call to cond is false |
 | main.go:75:6:75:11 | call to cond | main.go:75:6:75:11 | call to cond is true |
-| main.go:75:6:75:11 | call to cond is false | main.go:73:16:73:16 | i |
+| main.go:75:6:75:11 | call to cond is false | main.go:78:3:78:3 | skip |
 | main.go:75:6:75:11 | call to cond is true | main.go:76:4:76:8 | skip |
-| main.go:76:4:76:8 | skip | main.go:79:2:79:10 | selection of Print |
-| main.go:79:2:79:10 | selection of Print | main.go:79:12:79:12 | z |
-| main.go:79:2:79:13 | call to Print | main.go:56:1:80:1 | exit |
-| main.go:79:12:79:12 | z | main.go:79:2:79:13 | call to Print |
-| main.go:82:1:86:1 | entry | main.go:82:18:82:18 | zero value for a |
-| main.go:82:1:86:1 | function declaration | main.go:88:6:88:23 | skip |
-| main.go:82:6:82:13 | skip | main.go:82:1:86:1 | function declaration |
-| main.go:82:18:82:18 | implicit read of a | main.go:82:25:82:25 | implicit read of b |
-| main.go:82:18:82:18 | initialization of a | main.go:82:25:82:25 | zero value for b |
-| main.go:82:18:82:18 | zero value for a | main.go:82:18:82:18 | initialization of a |
-| main.go:82:25:82:25 | implicit read of b | main.go:82:1:86:1 | exit |
-| main.go:82:25:82:25 | initialization of b | main.go:83:2:83:2 | skip |
-| main.go:82:25:82:25 | zero value for b | main.go:82:25:82:25 | initialization of b |
-| main.go:83:2:83:2 | assignment to x | main.go:84:2:84:2 | skip |
-| main.go:83:2:83:2 | skip | main.go:83:7:83:8 | 23 |
-| main.go:83:7:83:8 | 23 | main.go:83:2:83:2 | assignment to x |
-| main.go:84:2:84:2 | assignment to x | main.go:84:5:84:5 | assignment to a |
-| main.go:84:2:84:2 | skip | main.go:84:5:84:5 | skip |
-| main.go:84:5:84:5 | assignment to a | main.go:85:2:85:7 | return statement |
-| main.go:84:5:84:5 | skip | main.go:84:9:84:9 | x |
-| main.go:84:9:84:9 | x | main.go:84:11:84:12 | 19 |
-| main.go:84:9:84:12 | ...+... | main.go:84:15:84:15 | x |
-| main.go:84:11:84:12 | 19 | main.go:84:9:84:12 | ...+... |
-| main.go:84:15:84:15 | x | main.go:84:2:84:2 | assignment to x |
-| main.go:85:2:85:7 | return statement | main.go:82:18:82:18 | implicit read of a |
-| main.go:88:1:96:1 | entry | main.go:88:25:88:25 | argument corresponding to x |
-| main.go:88:1:96:1 | function declaration | main.go:0:0:0:0 | exit |
-| main.go:88:6:88:23 | skip | main.go:88:1:96:1 | function declaration |
-| main.go:88:25:88:25 | argument corresponding to x | main.go:88:25:88:25 | initialization of x |
-| main.go:88:25:88:25 | initialization of x | main.go:89:2:89:2 | skip |
-| main.go:89:2:89:2 | assignment to a | main.go:89:5:89:5 | assignment to b |
-| main.go:89:2:89:2 | skip | main.go:89:5:89:5 | skip |
-| main.go:89:5:89:5 | assignment to b | main.go:90:5:90:8 | cond |
-| main.go:89:5:89:5 | skip | main.go:89:10:89:10 | x |
-| main.go:89:10:89:10 | x | main.go:89:13:89:13 | 0 |
-| main.go:89:13:89:13 | 0 | main.go:89:2:89:2 | assignment to a |
-| main.go:90:5:90:8 | cond | main.go:90:5:90:10 | call to cond |
-| main.go:90:5:90:10 | call to cond | main.go:88:1:96:1 | exit |
-| main.go:90:5:90:10 | call to cond | main.go:90:5:90:10 | call to cond is false |
-| main.go:90:5:90:10 | call to cond | main.go:90:5:90:10 | call to cond is true |
-| main.go:90:5:90:10 | call to cond is false | main.go:93:3:93:3 | skip |
-| main.go:90:5:90:10 | call to cond is true | main.go:91:3:91:3 | skip |
-| main.go:91:3:91:3 | assignment to a | main.go:95:9:95:9 | a |
-| main.go:91:3:91:3 | skip | main.go:91:6:91:6 | skip |
-| main.go:91:6:91:6 | skip | main.go:91:10:91:10 | b |
-| main.go:91:10:91:10 | b | main.go:91:13:91:13 | a |
-| main.go:91:13:91:13 | a | main.go:91:3:91:3 | assignment to a |
-| main.go:93:3:93:3 | skip | main.go:93:6:93:6 | skip |
-| main.go:93:6:93:6 | assignment to b | main.go:95:9:95:9 | a |
-| main.go:93:6:93:6 | skip | main.go:93:10:93:10 | b |
-| main.go:93:10:93:10 | b | main.go:93:13:93:13 | a |
-| main.go:93:13:93:13 | a | main.go:93:6:93:6 | assignment to b |
-| main.go:95:2:95:12 | return statement | main.go:88:1:96:1 | exit |
-| main.go:95:9:95:9 | a | main.go:95:12:95:12 | b |
-| main.go:95:12:95:12 | b | main.go:95:2:95:12 | return statement |
+| main.go:76:4:76:8 | skip | main.go:80:2:80:10 | selection of Print |
+| main.go:78:3:78:3 | assignment to y | main.go:74:16:74:16 | i |
+| main.go:78:3:78:3 | skip | main.go:78:7:78:7 | 2 |
+| main.go:78:7:78:7 | 2 | main.go:78:3:78:3 | assignment to y |
+| main.go:80:2:80:10 | selection of Print | main.go:80:12:80:12 | y |
+| main.go:80:2:80:13 | call to Print | main.go:66:1:90:1 | exit |
+| main.go:80:2:80:13 | call to Print | main.go:82:2:82:2 | skip |
+| main.go:80:12:80:12 | y | main.go:80:2:80:13 | call to Print |
+| main.go:82:2:82:2 | assignment to z | main.go:83:6:83:6 | skip |
+| main.go:82:2:82:2 | skip | main.go:82:7:82:7 | 1 |
+| main.go:82:7:82:7 | 1 | main.go:82:2:82:2 | assignment to z |
+| main.go:83:6:83:6 | assignment to i | main.go:84:3:84:3 | skip |
+| main.go:83:6:83:6 | skip | main.go:83:11:83:11 | 0 |
+| main.go:83:11:83:11 | 0 | main.go:83:6:83:6 | assignment to i |
+| main.go:83:16:83:16 | i | main.go:83:16:83:18 | 1 |
+| main.go:83:16:83:18 | 1 | main.go:83:16:83:18 | rhs of increment statement |
+| main.go:83:16:83:18 | increment statement | main.go:84:3:84:3 | skip |
+| main.go:83:16:83:18 | rhs of increment statement | main.go:83:16:83:18 | increment statement |
+| main.go:84:3:84:3 | assignment to z | main.go:85:6:85:9 | cond |
+| main.go:84:3:84:3 | skip | main.go:84:7:84:7 | 2 |
+| main.go:84:7:84:7 | 2 | main.go:84:3:84:3 | assignment to z |
+| main.go:85:6:85:9 | cond | main.go:85:6:85:11 | call to cond |
+| main.go:85:6:85:11 | call to cond | main.go:66:1:90:1 | exit |
+| main.go:85:6:85:11 | call to cond | main.go:85:6:85:11 | call to cond is false |
+| main.go:85:6:85:11 | call to cond | main.go:85:6:85:11 | call to cond is true |
+| main.go:85:6:85:11 | call to cond is false | main.go:83:16:83:16 | i |
+| main.go:85:6:85:11 | call to cond is true | main.go:86:4:86:8 | skip |
+| main.go:86:4:86:8 | skip | main.go:89:2:89:10 | selection of Print |
+| main.go:89:2:89:10 | selection of Print | main.go:89:12:89:12 | z |
+| main.go:89:2:89:13 | call to Print | main.go:66:1:90:1 | exit |
+| main.go:89:12:89:12 | z | main.go:89:2:89:13 | call to Print |
+| main.go:92:1:96:1 | entry | main.go:92:18:92:18 | zero value for a |
+| main.go:92:1:96:1 | function declaration | main.go:98:6:98:23 | skip |
+| main.go:92:6:92:13 | skip | main.go:92:1:96:1 | function declaration |
+| main.go:92:18:92:18 | implicit read of a | main.go:92:25:92:25 | implicit read of b |
+| main.go:92:18:92:18 | initialization of a | main.go:92:25:92:25 | zero value for b |
+| main.go:92:18:92:18 | zero value for a | main.go:92:18:92:18 | initialization of a |
+| main.go:92:25:92:25 | implicit read of b | main.go:92:1:96:1 | exit |
+| main.go:92:25:92:25 | initialization of b | main.go:93:2:93:2 | skip |
+| main.go:92:25:92:25 | zero value for b | main.go:92:25:92:25 | initialization of b |
+| main.go:93:2:93:2 | assignment to x | main.go:94:2:94:2 | skip |
+| main.go:93:2:93:2 | skip | main.go:93:7:93:8 | 23 |
+| main.go:93:7:93:8 | 23 | main.go:93:2:93:2 | assignment to x |
+| main.go:94:2:94:2 | assignment to x | main.go:94:5:94:5 | assignment to a |
+| main.go:94:2:94:2 | skip | main.go:94:5:94:5 | skip |
+| main.go:94:5:94:5 | assignment to a | main.go:95:2:95:7 | return statement |
+| main.go:94:5:94:5 | skip | main.go:94:9:94:9 | x |
+| main.go:94:9:94:9 | x | main.go:94:11:94:12 | 19 |
+| main.go:94:9:94:12 | ...+... | main.go:94:15:94:15 | x |
+| main.go:94:11:94:12 | 19 | main.go:94:9:94:12 | ...+... |
+| main.go:94:15:94:15 | x | main.go:94:2:94:2 | assignment to x |
+| main.go:95:2:95:7 | return statement | main.go:92:18:92:18 | implicit read of a |
+| main.go:98:1:106:1 | entry | main.go:98:25:98:25 | argument corresponding to x |
+| main.go:98:1:106:1 | function declaration | main.go:0:0:0:0 | exit |
+| main.go:98:6:98:23 | skip | main.go:98:1:106:1 | function declaration |
+| main.go:98:25:98:25 | argument corresponding to x | main.go:98:25:98:25 | initialization of x |
+| main.go:98:25:98:25 | initialization of x | main.go:99:2:99:2 | skip |
+| main.go:99:2:99:2 | assignment to a | main.go:99:5:99:5 | assignment to b |
+| main.go:99:2:99:2 | skip | main.go:99:5:99:5 | skip |
+| main.go:99:5:99:5 | assignment to b | main.go:100:5:100:8 | cond |
+| main.go:99:5:99:5 | skip | main.go:99:10:99:10 | x |
+| main.go:99:10:99:10 | x | main.go:99:13:99:13 | 0 |
+| main.go:99:13:99:13 | 0 | main.go:99:2:99:2 | assignment to a |
+| main.go:100:5:100:8 | cond | main.go:100:5:100:10 | call to cond |
+| main.go:100:5:100:10 | call to cond | main.go:98:1:106:1 | exit |
+| main.go:100:5:100:10 | call to cond | main.go:100:5:100:10 | call to cond is false |
+| main.go:100:5:100:10 | call to cond | main.go:100:5:100:10 | call to cond is true |
+| main.go:100:5:100:10 | call to cond is false | main.go:103:3:103:3 | skip |
+| main.go:100:5:100:10 | call to cond is true | main.go:101:3:101:3 | skip |
+| main.go:101:3:101:3 | assignment to a | main.go:105:9:105:9 | a |
+| main.go:101:3:101:3 | skip | main.go:101:6:101:6 | skip |
+| main.go:101:6:101:6 | skip | main.go:101:10:101:10 | b |
+| main.go:101:10:101:10 | b | main.go:101:13:101:13 | a |
+| main.go:101:13:101:13 | a | main.go:101:3:101:3 | assignment to a |
+| main.go:103:3:103:3 | skip | main.go:103:6:103:6 | skip |
+| main.go:103:6:103:6 | assignment to b | main.go:105:9:105:9 | a |
+| main.go:103:6:103:6 | skip | main.go:103:10:103:10 | b |
+| main.go:103:10:103:10 | b | main.go:103:13:103:13 | a |
+| main.go:103:13:103:13 | a | main.go:103:6:103:6 | assignment to b |
+| main.go:105:2:105:12 | return statement | main.go:98:1:106:1 | exit |
+| main.go:105:9:105:9 | a | main.go:105:12:105:12 | b |
+| main.go:105:12:105:12 | b | main.go:105:2:105:12 | return statement |
 | noretfunctions.go:0:0:0:0 | entry | noretfunctions.go:3:1:6:1 | skip |
 | noretfunctions.go:3:1:6:1 | skip | noretfunctions.go:8:6:8:12 | skip |
 | noretfunctions.go:8:1:10:1 | entry | noretfunctions.go:9:2:9:8 | selection of Exit |

go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/main.go

@@ -53,6 +53,16 @@ func baz2() (result int) {
 	return
 }
 
+func baz3(selector int) (result int) {
+	result = 0
+	if selector == 1 {
+		return 1
+	} else {
+		result = 2
+	}
+	return
+}
+
 func loops() {
 	var x int
 	for cond() {

go/ql/test/library-tests/semmle/go/dataflow/Nodes/BinaryOperationNodes.expected

@@ -2,3 +2,5 @@
 | main.go:7:19:7:23 | ...+... | + | main.go:7:19:7:19 | y | main.go:7:23:7:23 | z |
 | main.go:10:14:10:18 | ...+... | + | main.go:10:14:10:14 | x | main.go:10:18:10:18 | y |
 | main.go:17:2:17:13 | ... += ... | + | main.go:17:2:17:6 | index expression | main.go:17:11:17:13 | "!" |
+| resultParameters.go:4:5:4:17 | ...==... | == | resultParameters.go:4:5:4:12 | selector | resultParameters.go:4:17:4:17 | 0 |
+| resultParameters.go:23:5:23:17 | ...==... | == | resultParameters.go:23:5:23:12 | selector | resultParameters.go:23:17:23:17 | 1 |

go/ql/test/library-tests/semmle/go/dataflow/Nodes/ResultNode.expected

@@ -0,0 +1,8 @@
+| main.go:21:9:21:10 | 23 | Result node with index 0 |
+| main.go:21:13:21:14 | 42 | Result node with index 1 |
+| resultParameters.go:5:10:5:10 | 0 | Result node with index 0 |
+| resultParameters.go:9:10:9:10 | 1 | Result node with index 0 |
+| resultParameters.go:11:10:11:10 | 2 | Result node with index 0 |
+| resultParameters.go:13:9:13:9 | 3 | Result node with index 0 |
+| resultParameters.go:16:26:16:26 | implicit read of r | Result node with index 0 |
+| resultParameters.go:21:38:21:38 | implicit read of r | Result node with index 0 |

go/ql/test/library-tests/semmle/go/dataflow/Nodes/ResultNode.ql

@@ -0,0 +1,9 @@
+/**
+ * @kind problem
+ * @id result-node
+ */
+
+import go
+
+from DataFlow::ResultNode r
+select r, "Result node with index " + r.getIndex()

go/ql/test/library-tests/semmle/go/dataflow/Nodes/ResultNode.qlref

@@ -0,0 +1,2 @@
+query: ResultNode.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql

go/ql/test/library-tests/semmle/go/dataflow/Nodes/main.go

@@ -18,5 +18,5 @@ func f() {
 }
 
 func test() (int, int) {
-	return 23, 42
+	return 23, 42 // $ Alert[result-node]
 }

go/ql/test/library-tests/semmle/go/dataflow/Nodes/resultParameters.go

@@ -0,0 +1,27 @@
+package main
+
+func multipleReturns(selector int) int {
+	if selector == 0 {
+		return 0 // $ Alert[result-node]
+	}
+	switch selector {
+	case 1:
+		return 1 // $ Alert[result-node]
+	case 2:
+		return 2 // $ Alert[result-node]
+	}
+	return 3 // $ Alert[result-node]
+}
+
+func resultParameter1() (r int) { // $ Alert[result-node] // implicit reads of result parameters are located at the result parameter declaration
+	r = 0
+	return
+}
+
+func resultParameter2(selector int) (r int) { // $ Alert[result-node] // implicit reads of result parameters are located at the result parameter declaration
+	r = 0
+	if selector == 1 {
+		return 1
+	}
+	return
+}

go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.expected

@@ -5,9 +5,9 @@
 | tests.go:15:3:15:3 | f | tests.go:46:5:46:76 | ... := ...[0] | tests.go:15:3:15:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:46:15:46:76 | call to OpenFile | call to OpenFile |
 | tests.go:57:3:57:3 | f | tests.go:55:5:55:78 | ... := ...[0] | tests.go:57:3:57:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:55:15:55:78 | call to OpenFile | call to OpenFile |
 | tests.go:69:3:69:3 | f | tests.go:67:5:67:76 | ... := ...[0] | tests.go:69:3:69:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:67:15:67:76 | call to OpenFile | call to OpenFile |
-| tests.go:111:9:111:9 | f | tests.go:109:5:109:78 | ... := ...[0] | tests.go:111:9:111:9 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:109:15:109:78 | call to OpenFile | call to OpenFile |
-| tests.go:130:3:130:3 | f | tests.go:126:5:126:78 | ... := ...[0] | tests.go:130:3:130:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:126:15:126:78 | call to OpenFile | call to OpenFile |
-| tests.go:151:8:151:8 | f | tests.go:147:2:147:74 | ... := ...[0] | tests.go:151:8:151:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:147:12:147:74 | call to OpenFile | call to OpenFile |
+| tests.go:126:9:126:9 | f | tests.go:124:5:124:78 | ... := ...[0] | tests.go:126:9:126:9 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:124:15:124:78 | call to OpenFile | call to OpenFile |
+| tests.go:145:3:145:3 | f | tests.go:141:5:141:78 | ... := ...[0] | tests.go:145:3:145:3 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:141:15:141:78 | call to OpenFile | call to OpenFile |
+| tests.go:166:8:166:8 | f | tests.go:162:2:162:74 | ... := ...[0] | tests.go:166:8:166:8 | f | File handle may be writable as a result of data flow from a $@ and closing it may result in data loss upon failure, which is not handled explicitly. | tests.go:162:12:162:74 | call to OpenFile | call to OpenFile |
 edges
 | tests.go:9:24:9:24 | definition of f | tests.go:10:8:10:8 | f | provenance |  |
 | tests.go:13:32:13:32 | definition of f | tests.go:14:13:16:2 | capture variable f | provenance |  |
@@ -22,9 +22,9 @@ edges
 | tests.go:48:29:48:29 | f | tests.go:13:32:13:32 | definition of f | provenance |  |
 | tests.go:55:5:55:78 | ... := ...[0] | tests.go:57:3:57:3 | f | provenance | Src:MaD:1  |
 | tests.go:67:5:67:76 | ... := ...[0] | tests.go:69:3:69:3 | f | provenance | Src:MaD:1  |
-| tests.go:109:5:109:78 | ... := ...[0] | tests.go:111:9:111:9 | f | provenance | Src:MaD:1  |
-| tests.go:126:5:126:78 | ... := ...[0] | tests.go:130:3:130:3 | f | provenance | Src:MaD:1  |
-| tests.go:147:2:147:74 | ... := ...[0] | tests.go:151:8:151:8 | f | provenance | Src:MaD:1  |
+| tests.go:124:5:124:78 | ... := ...[0] | tests.go:126:9:126:9 | f | provenance | Src:MaD:1  |
+| tests.go:141:5:141:78 | ... := ...[0] | tests.go:145:3:145:3 | f | provenance | Src:MaD:1  |
+| tests.go:162:2:162:74 | ... := ...[0] | tests.go:166:8:166:8 | f | provenance | Src:MaD:1  |
 models
 | 1 | Source: os; ; false; OpenFile; ; ; ReturnValue[0]; file; manual |
 nodes
@@ -43,10 +43,10 @@ nodes
 | tests.go:57:3:57:3 | f | semmle.label | f |
 | tests.go:67:5:67:76 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tests.go:69:3:69:3 | f | semmle.label | f |
-| tests.go:109:5:109:78 | ... := ...[0] | semmle.label | ... := ...[0] |
-| tests.go:111:9:111:9 | f | semmle.label | f |
-| tests.go:126:5:126:78 | ... := ...[0] | semmle.label | ... := ...[0] |
-| tests.go:130:3:130:3 | f | semmle.label | f |
-| tests.go:147:2:147:74 | ... := ...[0] | semmle.label | ... := ...[0] |
-| tests.go:151:8:151:8 | f | semmle.label | f |
+| tests.go:124:5:124:78 | ... := ...[0] | semmle.label | ... := ...[0] |
+| tests.go:126:9:126:9 | f | semmle.label | f |
+| tests.go:141:5:141:78 | ... := ...[0] | semmle.label | ... := ...[0] |
+| tests.go:145:3:145:3 | f | semmle.label | f |
+| tests.go:162:2:162:74 | ... := ...[0] | semmle.label | ... := ...[0] |
+| tests.go:166:8:166:8 | f | semmle.label | f |
 subpaths

go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/tests.go

@@ -104,6 +104,21 @@ func deferredCloseWithSync() {
 	}
 }
 
+func deferredCloseWithSync2() {
+	// open file for writing
+	if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil {
+		// a call to `Close` is deferred, but we have a call to `Sync` later which
+		// precedes the call to `Close` during execution
+		defer f.Close()
+
+		if err := f.Sync(); err != nil {
+			log.Fatal(err)
+		}
+	}
+	var a int
+	_ = a
+}
+
 func deferredCloseWithSyncEarlyReturn(n int) {
 	// open file for writing
 	if f, err := os.OpenFile("foo.txt", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0666); err != nil { // $ Source

java/kotlin-extractor/BUILD.bazel

@@ -53,10 +53,6 @@ _extractor_name_prefix = "%s-%s" % (
     "embeddable" if _for_embeddable else "standalone",
 )
 
-_compiler_plugin_registrar_service_source = "src/main/resources/META-INF/services/org.jetbrains.kotlin.compiler.plugin.CompilerPluginRegistrar"
-
-_compiler_plugin_registrar_service_target = "META-INF/services/org.jetbrains.kotlin.compiler.plugin.CompilerPluginRegistrar"
-
 py_binary(
     name = "generate_dbscheme",
     srcs = ["generate_dbscheme.py"],
@@ -68,14 +64,8 @@ _resources = [
         r[len("src/main/resources/"):],
     )
     for r in glob(["src/main/resources/**"])
-    if r != _compiler_plugin_registrar_service_source
 ]
 
-_compiler_plugin_registrar_service = (
-    _compiler_plugin_registrar_service_source,
-    _compiler_plugin_registrar_service_target,
-)
-
 kt_javac_options(
     name = "javac-options",
     release = "8",
@@ -101,32 +91,19 @@ kt_javac_options(
         # * `resource_strip_prefix` is unique per jar, so we must also put other resources under the same version prefix
         genrule(
             name = "resources-%s" % v,
-            srcs = [src for src, _ in _resources] + (
-                [_compiler_plugin_registrar_service[0]] if not version_less(v, "2.4.0") else []
-            ),
+            srcs = [src for src, _ in _resources],
             outs = [
                 "%s/com/github/codeql/extractor.name" % v,
             ] + [
                 "%s/%s" % (v, target)
                 for _, target in _resources
-            ] + (
-                ["%s/%s" % (
-                    v,
-                    _compiler_plugin_registrar_service[1],
-                )] if not version_less(v, "2.4.0") else []
-            ),
+            ],
             cmd = "\n".join([
                 "echo %s-%s > $(RULEDIR)/%s/com/github/codeql/extractor.name" % (_extractor_name_prefix, v, v),
             ] + [
                 "cp $(execpath %s) $(RULEDIR)/%s/%s" % (source, v, target)
                 for source, target in _resources
-            ] + (
-                ["cp $(execpath %s) $(RULEDIR)/%s/%s" % (
-                    _compiler_plugin_registrar_service[0],
-                    v,
-                    _compiler_plugin_registrar_service[1],
-                )] if not version_less(v, "2.4.0") else []
-            )),
+            ]),
         ),
         kt_jvm_library(
             name = "%s-%s" % (_extractor_name_prefix, v),

java/kotlin-extractor/dev/wrapper.py

@@ -27,7 +27,7 @@ import shutil
 import io
 import os
 
-DEFAULT_VERSION = "2.4.0"
+DEFAULT_VERSION = "2.3.20"
 
 
 def options():

java/kotlin-extractor/src/main/kotlin/KotlinExtractorComponentRegistrar.kt

@@ -3,21 +3,32 @@
 
 package com.github.codeql
 
+import com.intellij.mock.MockProject
+import com.intellij.openapi.extensions.LoadingOrder
+import org.jetbrains.kotlin.backend.common.extensions.IrGenerationExtension
 import org.jetbrains.kotlin.config.CompilerConfiguration
 
 class KotlinExtractorComponentRegistrar : Kotlin2ComponentRegistrar() {
-    override fun doRegisterExtensions(configuration: CompilerConfiguration) {
+    override fun registerProjectComponents(
+        project: MockProject,
+        configuration: CompilerConfiguration
+    ) {
         val invocationTrapFile = configuration[KEY_INVOCATION_TRAP_FILE]
         if (invocationTrapFile == null) {
             throw Exception("Required argument for TRAP invocation file not given")
         }
-        registerExtractorExtension(
+        // Register with LoadingOrder.LAST to ensure the extractor runs after other
+        // IR generation plugins (like kotlinx.serialization) have generated their code.
+        val extensionPoint = project.extensionArea.getExtensionPoint(IrGenerationExtension.extensionPointName)
+        extensionPoint.registerExtension(
             KotlinExtractorExtension(
                 invocationTrapFile,
                 configuration[KEY_CHECK_TRAP_IDENTICAL] ?: false,
                 configuration[KEY_COMPILATION_STARTTIME],
                 configuration[KEY_EXIT_AFTER_EXTRACTION] ?: false
-            )
+            ),
+            LoadingOrder.LAST,
+            project
         )
     }
 }

java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt

@@ -173,9 +173,9 @@ open class KotlinFileExtractor(
         when (d) {
             is IrFunction ->
                 when (d.name.asString()) {
-                    "toString" -> d.codeQlValueParameters.isEmpty()
-                    "hashCode" -> d.codeQlValueParameters.isEmpty()
-                    "equals" -> d.codeQlValueParameters.singleOrNull()?.type?.isNullableAny() ?: false
+                    "toString" -> d.valueParameters.isEmpty()
+                    "hashCode" -> d.valueParameters.isEmpty()
+                    "equals" -> d.valueParameters.singleOrNull()?.type?.isNullableAny() ?: false
                     else -> false
                 } && isJavaBinaryDeclaration(d)
             else -> false
@@ -721,7 +721,7 @@ open class KotlinFileExtractor(
             (it.type as? IrSimpleType)?.classFqName?.asString() != "kotlin.Deprecated"
         } +
             // Note we lose any arguments to @java.lang.Deprecated that were written in source.
-            codeQlAnnotationFromSymbolOwner(
+            IrConstructorCallImpl.fromSymbolOwner(
                 UNDEFINED_OFFSET,
                 UNDEFINED_OFFSET,
                 jldConstructor.returnType,
@@ -781,13 +781,13 @@ open class KotlinFileExtractor(
         val locId = tw.getLocation(constructorCall)
         tw.writeHasLocation(id, locId)
 
-        for (i in 0 until constructorCall.codeQlValueArgumentsCount) {
-            val param = constructorCall.symbol.owner.codeQlValueParameters[i]
+        for (i in 0 until constructorCall.valueArgumentsCount) {
+            val param = constructorCall.symbol.owner.valueParameters[i]
             val prop =
                 constructorCall.symbol.owner.parentAsClass.declarations
                     .filterIsInstance<IrProperty>()
                     .first { it.name == param.name }
-            val v = constructorCall.codeQlGetValueArgument(i) ?: param.defaultValue?.expression
+            val v = constructorCall.getValueArgument(i) ?: param.defaultValue?.expression
             val getter = prop.getter
             if (getter == null) {
                 logger.warnElement("Expected annotation property to define a getter", prop)
@@ -1115,9 +1115,9 @@ open class KotlinFileExtractor(
                         returnId,
                         0,
                         returnId,
-                        f.codeQlValueParameters.size,
+                        f.valueParameters.size,
                         { argParent, idxOffset ->
-                            f.codeQlValueParameters.forEachIndexed { idx, param ->
+                            f.valueParameters.forEachIndexed { idx, param ->
                                 val syntheticParamId = useValueParameter(param, proxyFunctionId)
                                 extractVariableAccess(
                                     syntheticParamId,
@@ -1695,9 +1695,9 @@ open class KotlinFileExtractor(
                             returnId,
                             0,
                             returnId,
-                            f.codeQlValueParameters.size,
+                            f.valueParameters.size,
                             { argParentId, idxOffset ->
-                                f.codeQlValueParameters.mapIndexed { idx, param ->
+                                f.valueParameters.mapIndexed { idx, param ->
                                     val syntheticParamId = useValueParameter(param, functionId)
                                     extractVariableAccess(
                                         syntheticParamId,
@@ -1792,7 +1792,7 @@ open class KotlinFileExtractor(
         extractBody: Boolean,
         extractMethodAndParameterTypeAccesses: Boolean
     ) {
-        if (f.codeQlValueParameters.none { it.defaultValue != null }) return
+        if (f.valueParameters.none { it.defaultValue != null }) return
 
         val id = getDefaultsMethodLabel(f)
         if (id == null) {
@@ -1800,7 +1800,7 @@ open class KotlinFileExtractor(
             return
         }
         val locId = getLocation(f, null)
-        val extReceiver = f.codeQlExtensionReceiverParameter
+        val extReceiver = f.extensionReceiverParameter
         val dispatchReceiver = if (f.shouldExtractAsStatic) null else f.dispatchReceiverParameter
         val parameterTypes = getDefaultsMethodArgTypes(f)
         val allParamTypeResults =
@@ -1869,7 +1869,7 @@ open class KotlinFileExtractor(
         tw.writeCompiler_generated(id, CompilerGeneratedKinds.DEFAULT_ARGUMENTS_METHOD.kind)
 
         if (extractBody) {
-            val nonSyntheticParams = listOfNotNull(dispatchReceiver) + f.codeQlValueParameters
+            val nonSyntheticParams = listOfNotNull(dispatchReceiver) + f.valueParameters
             // This stack entry represents as if we're extracting the 'real' function `f`, giving
             // the indices of its non-synthetic parameters
             // such that when we extract the default expressions below, any reference to f's nth
@@ -1895,12 +1895,12 @@ open class KotlinFileExtractor(
                     val realParamsVarId = getValueParameterLabel(id, parameterTypes.size - 2)
                     val intType = pluginContext.irBuiltIns.intType
                     val paramIdxOffset =
-                        listOf(dispatchReceiver, f.codeQlExtensionReceiverParameter).count { it != null }
+                        listOf(dispatchReceiver, f.extensionReceiverParameter).count { it != null }
                     extractBlockBody(id, locId).also { blockId ->
                         var nextStmt = 0
                         // For each parameter with a default, sub in the default value if the caller
                         // hasn't supplied a value:
-                        f.codeQlValueParameters.forEachIndexed { paramIdx, param ->
+                        f.valueParameters.forEachIndexed { paramIdx, param ->
                             val defaultVal = param.defaultValue
                             if (defaultVal != null) {
                                 extractIfStmt(locId, blockId, nextStmt++, id).also { ifId ->
@@ -1975,7 +1975,7 @@ open class KotlinFileExtractor(
                                     id
                                 )
                                 tw.writeHasLocation(thisCallId, locId)
-                                f.codeQlValueParameters.forEachIndexed { idx, param ->
+                                f.valueParameters.forEachIndexed { idx, param ->
                                     extractVariableAccess(
                                         tw.getLabelFor<DbParam>(getValueParameterLabel(id, idx)),
                                         param.type,
@@ -2003,9 +2003,9 @@ open class KotlinFileExtractor(
                                     )
                                     .also { thisCallId ->
                                         val realFnIdxOffset =
-                                            if (f.codeQlExtensionReceiverParameter != null) 1 else 0
+                                            if (f.extensionReceiverParameter != null) 1 else 0
                                         val paramMappings =
-                                            f.codeQlValueParameters.mapIndexed { idx, param ->
+                                            f.valueParameters.mapIndexed { idx, param ->
                                                 Triple(
                                                     param.type,
                                                     idx + paramIdxOffset,
@@ -2156,7 +2156,7 @@ open class KotlinFileExtractor(
                         val dispatchReceiver =
                             f.dispatchReceiverParameter?.let { IrGetValueImpl(-1, -1, it.symbol) }
                         val extensionReceiver =
-                            f.codeQlExtensionReceiverParameter?.let { IrGetValueImpl(-1, -1, it.symbol) }
+                            f.extensionReceiverParameter?.let { IrGetValueImpl(-1, -1, it.symbol) }
 
                         extractExpressionBody(overloadId, realFunctionLocId).also { returnId ->
                             extractsDefaultsCall(
@@ -2180,28 +2180,28 @@ open class KotlinFileExtractor(
         if (!f.hasAnnotation(jvmOverloadsFqName)) {
             if (
                 f is IrConstructor &&
-                    f.codeQlValueParameters.isNotEmpty() &&
-                    f.codeQlValueParameters.all { it.defaultValue != null } &&
+                    f.valueParameters.isNotEmpty() &&
+                    f.valueParameters.all { it.defaultValue != null } &&
                     f.parentClassOrNull?.let {
                         // Don't create a default constructor for an annotation class, or a class
                         // that explicitly declares a no-arg constructor.
                         !it.isAnnotationClass &&
                             it.declarations.none { d ->
-                                d is IrConstructor && d.codeQlValueParameters.isEmpty()
+                                d is IrConstructor && d.valueParameters.isEmpty()
                             }
                     } == true
             ) {
                 // Per https://kotlinlang.org/docs/classes.html#creating-instances-of-classes, a
                 // single default overload gets created specifically
                 // when we have all default parameters, regardless of `@JvmOverloads`.
-                extractGeneratedOverload(f.codeQlValueParameters.map { _ -> null })
+                extractGeneratedOverload(f.valueParameters.map { _ -> null })
             }
             return
         }
 
-        val paramList: MutableList<IrValueParameter?> = f.codeQlValueParameters.toMutableList()
-        for (n in (f.codeQlValueParameters.size - 1) downTo 0) {
-            if (f.codeQlValueParameters[n].defaultValue != null) {
+        val paramList: MutableList<IrValueParameter?> = f.valueParameters.toMutableList()
+        for (n in (f.valueParameters.size - 1) downTo 0) {
+            if (f.valueParameters[n].defaultValue != null) {
                 paramList[n] = null // Remove this parameter, to be replaced by a default value
                 extractGeneratedOverload(paramList)
             }
@@ -2327,7 +2327,7 @@ open class KotlinFileExtractor(
             getClassByFqName(pluginContext, it)?.let { annotationClass ->
                 annotationClass.owner.declarations.firstIsInstanceOrNull<IrConstructor>()?.let {
                     annotationConstructor ->
-                    codeQlAnnotationFromSymbolOwner(
+                    IrConstructorCallImpl.fromSymbolOwner(
                         UNDEFINED_OFFSET,
                         UNDEFINED_OFFSET,
                         annotationConstructor.returnType,
@@ -2388,13 +2388,13 @@ open class KotlinFileExtractor(
                             id
                         }
 
-                val extReceiver = f.codeQlExtensionReceiverParameter
+                val extReceiver = f.extensionReceiverParameter
                 // The following parameter order is correct, because member $default methods (where
                 // the order would be [dispatchParam], [extensionParam], normalParams) are not
                 // extracted here
                 val fParameters =
                     listOfNotNull(extReceiver) +
-                        (overriddenAttributes?.valueParameters ?: f.codeQlValueParameters)
+                        (overriddenAttributes?.valueParameters ?: f.valueParameters)
                 val paramTypes =
                     fParameters.mapIndexed { i, vp ->
                         extractValueParameter(
@@ -3069,14 +3069,14 @@ open class KotlinFileExtractor(
             logger.errorElement("Unexpected dispatch receiver found", c)
         }
 
-        if (c.codeQlValueArgumentsCount < 1) {
+        if (c.valueArgumentsCount < 1) {
             logger.errorElement("No arguments found", c)
             return
         }
 
         extractArgument(id, c, callable, enclosingStmt, 0, "Operand null")
 
-        if (c.codeQlValueArgumentsCount > 1) {
+        if (c.valueArgumentsCount > 1) {
             logger.errorElement("Extra arguments found", c)
         }
     }
@@ -3095,21 +3095,21 @@ open class KotlinFileExtractor(
             logger.errorElement("Unexpected dispatch receiver found", c)
         }
 
-        if (c.codeQlValueArgumentsCount < 1) {
+        if (c.valueArgumentsCount < 1) {
             logger.errorElement("No arguments found", c)
             return
         }
 
         extractArgument(id, c, callable, enclosingStmt, 0, "LHS null")
 
-        if (c.codeQlValueArgumentsCount < 2) {
+        if (c.valueArgumentsCount < 2) {
             logger.errorElement("No RHS found", c)
             return
         }
 
         extractArgument(id, c, callable, enclosingStmt, 1, "RHS null")
 
-        if (c.codeQlValueArgumentsCount > 2) {
+        if (c.valueArgumentsCount > 2) {
             logger.errorElement("Extra arguments found", c)
         }
     }
@@ -3122,7 +3122,7 @@ open class KotlinFileExtractor(
         idx: Int,
         msg: String
     ) {
-        val op = c.codeQlGetValueArgument(idx)
+        val op = c.getValueArgument(idx)
         if (op == null) {
             logger.errorElement(msg, c)
         } else {
@@ -3267,8 +3267,8 @@ open class KotlinFileExtractor(
         // and which should be replaced by defaults. The final Object parameter is apparently always
         // null.
         (listOfNotNull(if (f.shouldExtractAsStatic) null else f.dispatchReceiverParameter?.type) +
-                listOfNotNull(f.codeQlExtensionReceiverParameter?.type) +
-                f.codeQlValueParameters.map { it.type } +
+                listOfNotNull(f.extensionReceiverParameter?.type) +
+                f.valueParameters.map { it.type } +
                 listOf(pluginContext.irBuiltIns.intType, getDefaultsMethodLastArgType(f)))
             .map { erase(it) }
 
@@ -3345,7 +3345,7 @@ open class KotlinFileExtractor(
         val overriddenCallTarget =
             (callTarget as? IrSimpleFunction)?.allOverridden(includeSelf = true)?.firstOrNull {
                 it.overriddenSymbols.isEmpty() &&
-                    it.codeQlValueParameters.any { p -> p.defaultValue != null }
+                    it.valueParameters.any { p -> p.defaultValue != null }
             } ?: callTarget
         if (isExternalDeclaration(overriddenCallTarget)) {
             // Likewise, ensure the overridden target gets extracted.
@@ -3419,7 +3419,7 @@ open class KotlinFileExtractor(
         }
 
         val valueArgsWithDummies =
-            valueArguments.zip(callTarget.codeQlValueParameters).map { (expr, param) ->
+            valueArguments.zip(callTarget.valueParameters).map { (expr, param) ->
                 expr ?: IrConstImpl.defaultValueForType(0, 0, param.type)
             }
 
@@ -3529,7 +3529,7 @@ open class KotlinFileExtractor(
         callTarget: IrFunction,
         valueArguments: List<IrExpression?>
     ): Boolean {
-        val varargParam = callTarget.codeQlValueParameters.withIndex().find { it.value.isVararg }
+        val varargParam = callTarget.valueParameters.withIndex().find { it.value.isVararg }
         // If the vararg param is the only one not specified, and it has no default value, then we
         // don't need to call a $default method,
         // as omitting it already implies passing an empty vararg array.
@@ -3805,7 +3805,7 @@ open class KotlinFileExtractor(
     ) =
         extractCallValueArguments(
             callId,
-            (0 until call.codeQlValueArgumentsCount).map { call.codeQlGetValueArgument(it) },
+            (0 until call.valueArgumentsCount).map { call.getValueArgument(it) },
             enclosingStmt,
             enclosingCallable,
             idxOffset
@@ -3874,7 +3874,7 @@ open class KotlinFileExtractor(
                     (owner.parentClassOrNull?.fqNameWhenAvailable?.asString() == type ||
                         (owner.parent is IrExternalPackageFragment &&
                             getFileClassFqName(owner)?.asString() == type)) &&
-                        owner.codeQlValueParameters
+                        owner.valueParameters
                             .map { it.type.classFqName?.asString() }
                             .toTypedArray() contentEquals parameterTypes
                 }
@@ -3926,8 +3926,8 @@ open class KotlinFileExtractor(
         val result =
             javaLangString?.declarations?.findSubType<IrFunction> {
                 it.name.asString() == "valueOf" &&
-                    it.codeQlValueParameters.size == 1 &&
-                    it.codeQlValueParameters[0].type == pluginContext.irBuiltIns.anyNType
+                    it.valueParameters.size == 1 &&
+                    it.valueParameters[0].type == pluginContext.irBuiltIns.anyNType
             }
         if (result == null) {
             logger.error("Couldn't find declaration java.lang.String.valueOf(Object)")
@@ -3951,7 +3951,7 @@ open class KotlinFileExtractor(
     val kotlinNoWhenBranchMatchedConstructor by lazy {
         val result =
             kotlinNoWhenBranchMatchedExn?.declarations?.findSubType<IrConstructor> {
-                it.codeQlValueParameters.isEmpty()
+                it.valueParameters.isEmpty()
             }
         if (result == null) {
             logger.error("Couldn't find no-arg constructor for kotlin.NoWhenBranchMatchedException")
@@ -3990,7 +3990,7 @@ open class KotlinFileExtractor(
             verboseln("No match as function name is ${target.name.asString()} not $fName")
             return false
         }
-        val extensionReceiverParameter = target.codeQlExtensionReceiverParameter
+        val extensionReceiverParameter = target.extensionReceiverParameter
         val targetClass =
             if (extensionReceiverParameter == null) {
                 if (isNullable == true) {
@@ -4098,8 +4098,8 @@ open class KotlinFileExtractor(
             ) {
                 val typeArgs =
                     if (extractMethodTypeArguments)
-                        (0 until c.codeQlTypeArgumentsCount)
-                            .map { c.codeQlGetTypeArgument(it) }
+                        (0 until c.typeArgumentsCount)
+                            .map { c.getTypeArgument(it) }
                             .requireNoNullsOrNull()
                     else listOf()
 
@@ -4116,9 +4116,9 @@ open class KotlinFileExtractor(
                     parent,
                     idx,
                     enclosingStmt,
-                    (0 until c.codeQlValueArgumentsCount).map { c.codeQlGetValueArgument(it) },
+                    (0 until c.valueArgumentsCount).map { c.getValueArgument(it) },
                     c.dispatchReceiver,
-                    c.codeQlExtensionReceiver,
+                    c.extensionReceiver,
                     typeArgs,
                     extractClassTypeArguments,
                     c.superQualifierSymbol
@@ -4126,12 +4126,12 @@ open class KotlinFileExtractor(
             }
 
             fun extractSpecialEnumFunction(fnName: String) {
-                if (c.codeQlTypeArgumentsCount != 1) {
+                if (c.typeArgumentsCount != 1) {
                     logger.errorElement("Expected to find exactly one type argument", c)
                     return
                 }
 
-                val enumType = (c.codeQlGetTypeArgument(0) as? IrSimpleType)?.classifier?.owner
+                val enumType = (c.getTypeArgument(0) as? IrSimpleType)?.classifier?.owner
                 if (enumType == null) {
                     logger.errorElement("Couldn't find type of enum type", c)
                     return
@@ -4178,13 +4178,13 @@ open class KotlinFileExtractor(
                 } else {
                     extractExpressionExpr(receiver, callable, id, 0, enclosingStmt)
                 }
-                if (c.codeQlValueArgumentsCount < 1) {
+                if (c.valueArgumentsCount < 1) {
                     logger.errorElement("No RHS found", c)
                 } else {
-                    if (c.codeQlValueArgumentsCount > 1) {
+                    if (c.valueArgumentsCount > 1) {
                         logger.errorElement("Extra arguments found", c)
                     }
-                    val arg = c.codeQlGetValueArgument(0)
+                    val arg = c.getValueArgument(0)
                     if (arg == null) {
                         logger.errorElement("RHS null", c)
                     } else {
@@ -4205,7 +4205,7 @@ open class KotlinFileExtractor(
                 } else {
                     extractExpressionExpr(receiver, callable, id, 0, enclosingStmt)
                 }
-                if (c.codeQlValueArgumentsCount > 0) {
+                if (c.valueArgumentsCount > 0) {
                     logger.errorElement("Extra arguments found", c)
                 }
             }
@@ -4219,7 +4219,7 @@ open class KotlinFileExtractor(
             }
 
             fun binopExt(id: Label<out DbExpr>) {
-                binopReceiver(id, c.codeQlExtensionReceiver, "Extension receiver")
+                binopReceiver(id, c.extensionReceiver, "Extension receiver")
             }
 
             fun unaryopDisp(id: Label<out DbExpr>) {
@@ -4227,7 +4227,7 @@ open class KotlinFileExtractor(
             }
 
             fun unaryopExt(id: Label<out DbExpr>) {
-                unaryopReceiver(id, c.codeQlExtensionReceiver, "Extension receiver")
+                unaryopReceiver(id, c.extensionReceiver, "Extension receiver")
             }
 
             val dr = c.dispatchReceiver
@@ -4249,7 +4249,7 @@ open class KotlinFileExtractor(
                             parent,
                             idx,
                             enclosingStmt,
-                            listOf(c.codeQlExtensionReceiver, c.codeQlGetValueArgument(0)),
+                            listOf(c.extensionReceiver, c.getValueArgument(0)),
                             null,
                             null
                         )
@@ -4350,7 +4350,7 @@ open class KotlinFileExtractor(
                 // != gets desugared into not and ==. Here we resugar it.
                 c.origin == IrStatementOrigin.EXCLEQ &&
                     isFunction(target, "kotlin", "Boolean", "not") &&
-                    c.codeQlValueArgumentsCount == 0 &&
+                    c.valueArgumentsCount == 0 &&
                     dr != null &&
                     dr is IrCall &&
                     isBuiltinCallInternal(dr, "EQEQ") -> {
@@ -4362,7 +4362,7 @@ open class KotlinFileExtractor(
                 }
                 c.origin == IrStatementOrigin.EXCLEQEQ &&
                     isFunction(target, "kotlin", "Boolean", "not") &&
-                    c.codeQlValueArgumentsCount == 0 &&
+                    c.valueArgumentsCount == 0 &&
                     dr != null &&
                     dr is IrCall &&
                     isBuiltinCallInternal(dr, "EQEQEQ") -> {
@@ -4374,7 +4374,7 @@ open class KotlinFileExtractor(
                 }
                 c.origin == IrStatementOrigin.EXCLEQ &&
                     isFunction(target, "kotlin", "Boolean", "not") &&
-                    c.codeQlValueArgumentsCount == 0 &&
+                    c.valueArgumentsCount == 0 &&
                     dr != null &&
                     dr is IrCall &&
                     isBuiltinCallInternal(dr, "ieee754equals") -> {
@@ -4576,7 +4576,7 @@ open class KotlinFileExtractor(
                             parent,
                             idx,
                             enclosingStmt,
-                            listOf(c.codeQlExtensionReceiver),
+                            listOf(c.extensionReceiver),
                             null,
                             null
                         )
@@ -4596,8 +4596,8 @@ open class KotlinFileExtractor(
                     val locId = tw.getLocation(c)
                     extractExprContext(id, locId, callable, enclosingStmt)
 
-                    if (c.codeQlTypeArgumentsCount == 1) {
-                        val typeArgument = c.codeQlGetTypeArgument(0)
+                    if (c.typeArgumentsCount == 1) {
+                        val typeArgument = c.getTypeArgument(0)
                         if (typeArgument == null) {
                             logger.errorElement("Type argument missing in an arrayOfNulls call", c)
                         } else {
@@ -4618,8 +4618,8 @@ open class KotlinFileExtractor(
                         )
                     }
 
-                    if (c.codeQlValueArgumentsCount == 1) {
-                        val dim = c.codeQlGetValueArgument(0)
+                    if (c.valueArgumentsCount == 1) {
+                        val dim = c.getValueArgument(0)
                         if (dim != null) {
                             extractExpressionExpr(dim, callable, id, 0, enclosingStmt)
                         } else {
@@ -4651,8 +4651,8 @@ open class KotlinFileExtractor(
                             c.type.getArrayElementTypeCodeQL(pluginContext.irBuiltIns)
                         } else {
                             // TODO: is there any reason not to always use getArrayElementTypeCodeQL?
-                            if (c.codeQlTypeArgumentsCount == 1) {
-                                c.codeQlGetTypeArgument(0).also {
+                            if (c.typeArgumentsCount == 1) {
+                                c.getTypeArgument(0).also {
                                     if (it == null) {
                                         logger.errorElement(
                                             "Type argument missing in an arrayOf call",
@@ -4670,7 +4670,7 @@ open class KotlinFileExtractor(
                         }
 
                     val arg =
-                        if (c.codeQlValueArgumentsCount == 1) c.codeQlGetValueArgument(0)
+                        if (c.valueArgumentsCount == 1) c.getValueArgument(0)
                             else {
                                 logger.errorElement(
                                     "Expected to find only one (vararg) argument in ${c.symbol.owner.name.asString()} call",
@@ -4719,7 +4719,7 @@ open class KotlinFileExtractor(
                                 return
                             }
 
-                            val ext = c.codeQlExtensionReceiver
+                            val ext = c.extensionReceiver
                             if (ext == null) {
                                 logger.errorElement(
                                     "No extension receiver found for `KClass::java` call",
@@ -4826,8 +4826,8 @@ open class KotlinFileExtractor(
                     c.origin == IrStatementOrigin.EQ &&
                     c.dispatchReceiver != null -> {
                     val array = c.dispatchReceiver
-                    val arrayIdx = c.codeQlGetValueArgument(0)
-                    val assignedValue = c.codeQlGetValueArgument(1)
+                    val arrayIdx = c.getValueArgument(0)
+                    val assignedValue = c.getValueArgument(1)
 
                     if (array != null && arrayIdx != null && assignedValue != null) {
 
@@ -4882,22 +4882,22 @@ open class KotlinFileExtractor(
                 }
                 isBuiltinCall(c, "<unsafe-coerce>", "kotlin.jvm.internal") -> {
 
-                    if (c.codeQlValueArgumentsCount != 1) {
+                    if (c.valueArgumentsCount != 1) {
                         logger.errorElement(
-                            "Expected to find one argument for a kotlin.jvm.internal.<unsafe-coerce>() call, but found ${c.codeQlValueArgumentsCount}",
+                            "Expected to find one argument for a kotlin.jvm.internal.<unsafe-coerce>() call, but found ${c.valueArgumentsCount}",
                             c
                         )
                         return
                     }
 
-                    if (c.codeQlTypeArgumentsCount != 2) {
+                    if (c.typeArgumentsCount != 2) {
                         logger.errorElement(
-                            "Expected to find two type arguments for a kotlin.jvm.internal.<unsafe-coerce>() call, but found ${c.codeQlTypeArgumentsCount}",
+                            "Expected to find two type arguments for a kotlin.jvm.internal.<unsafe-coerce>() call, but found ${c.typeArgumentsCount}",
                             c
                         )
                         return
                     }
-                    val valueArg = c.codeQlGetValueArgument(0)
+                    val valueArg = c.getValueArgument(0)
                     if (valueArg == null) {
                         logger.errorElement(
                             "Cannot find value argument for a kotlin.jvm.internal.<unsafe-coerce>() call",
@@ -4905,7 +4905,7 @@ open class KotlinFileExtractor(
                         )
                         return
                     }
-                    val typeArg = c.codeQlGetTypeArgument(1)
+                    val typeArg = c.getTypeArgument(1)
                     if (typeArg == null) {
                         logger.errorElement(
                             "Cannot find type argument for a kotlin.jvm.internal.<unsafe-coerce>() call",
@@ -4924,7 +4924,7 @@ open class KotlinFileExtractor(
                     extractExpressionExpr(valueArg, callable, id, 1, enclosingStmt)
                 }
                 isBuiltinCallInternal(c, "dataClassArrayMemberToString") -> {
-                    val arrayArg = c.codeQlGetValueArgument(0)
+                    val arrayArg = c.getValueArgument(0)
                     val realArrayClass = arrayArg?.type?.classOrNull
                     if (realArrayClass == null) {
                         logger.errorElement(
@@ -4936,8 +4936,8 @@ open class KotlinFileExtractor(
                     val realCallee =
                         javaUtilArrays?.declarations?.findSubType<IrFunction> { decl ->
                             decl.name.asString() == "toString" &&
-                                decl.codeQlValueParameters.size == 1 &&
-                                decl.codeQlValueParameters[0].type.classOrNull?.let {
+                                decl.valueParameters.size == 1 &&
+                                decl.valueParameters[0].type.classOrNull?.let {
                                     it == realArrayClass
                                 } == true
                         }
@@ -4962,7 +4962,7 @@ open class KotlinFileExtractor(
                     }
                 }
                 isBuiltinCallInternal(c, "dataClassArrayMemberHashCode") -> {
-                    val arrayArg = c.codeQlGetValueArgument(0)
+                    val arrayArg = c.getValueArgument(0)
                     val realArrayClass = arrayArg?.type?.classOrNull
                     if (realArrayClass == null) {
                         logger.errorElement(
@@ -4974,8 +4974,8 @@ open class KotlinFileExtractor(
                     val realCallee =
                         javaUtilArrays?.declarations?.findSubType<IrFunction> { decl ->
                             decl.name.asString() == "hashCode" &&
-                                decl.codeQlValueParameters.size == 1 &&
-                                decl.codeQlValueParameters[0].type.classOrNull?.let {
+                                decl.valueParameters.size == 1 &&
+                                decl.valueParameters[0].type.classOrNull?.let {
                                     it == realArrayClass
                                 } == true
                         }
@@ -5155,7 +5155,7 @@ open class KotlinFileExtractor(
         val type = useType(eType)
         val isAnonymous = eType.isAnonymous
         val locId = tw.getLocation(e)
-        val valueArgs = (0 until e.codeQlValueArgumentsCount).map { e.codeQlGetValueArgument(it) }
+        val valueArgs = (0 until e.valueArgumentsCount).map { e.getValueArgument(it) }
 
         val id =
             if (
@@ -5211,10 +5211,10 @@ open class KotlinFileExtractor(
                         realCallTarget is IrConstructor &&
                         realCallTarget.parentClassOrNull?.fqNameWhenAvailable?.asString() ==
                             "kotlin.Enum" &&
-                        realCallTarget.codeQlValueParameters.size == 2 &&
-                        realCallTarget.codeQlValueParameters[0].type ==
+                        realCallTarget.valueParameters.size == 2 &&
+                        realCallTarget.valueParameters[0].type ==
                             pluginContext.irBuiltIns.stringType &&
-                        realCallTarget.codeQlValueParameters[1].type == pluginContext.irBuiltIns.intType
+                        realCallTarget.valueParameters[1].type == pluginContext.irBuiltIns.intType
                 ) {
 
                     val id0 =
@@ -5287,7 +5287,7 @@ open class KotlinFileExtractor(
             }
 
             val args =
-                (0 until e.codeQlTypeArgumentsCount).map { e.codeQlGetTypeArgument(it) }.requireNoNullsOrNull()
+                (0 until e.typeArgumentsCount).map { e.getTypeArgument(it) }.requireNoNullsOrNull()
             if (args == null) {
                 logger.warnElement("Found null type argument in enum constructor call", e)
                 return
@@ -5365,7 +5365,7 @@ open class KotlinFileExtractor(
                 // Check for an expression like x = get(x).op(e):
                 val opReceiver = updateRhs.dispatchReceiver
                 if (isExpectedLhs(opReceiver)) {
-                    updateRhs.codeQlGetValueArgument(0)
+                    updateRhs.getValueArgument(0)
                 } else null
             } else null
         }
@@ -5560,7 +5560,7 @@ open class KotlinFileExtractor(
                                     "set"
                                 )
                             ) {
-                                val updateRhs0 = arraySetCall.codeQlGetValueArgument(1)
+                                val updateRhs0 = arraySetCall.getValueArgument(1)
                                 if (updateRhs0 == null) {
                                     logger.errorElement("Update RHS not found", e)
                                     return false
@@ -6403,12 +6403,12 @@ open class KotlinFileExtractor(
                     val ids = getLocallyVisibleFunctionLabels(e.function)
                     val locId = tw.getLocation(e)
 
-                    val ext = e.function.codeQlExtensionReceiverParameter
+                    val ext = e.function.extensionReceiverParameter
                     val parameters =
                         if (ext != null) {
-                            listOf(ext) + e.function.codeQlValueParameters
+                            listOf(ext) + e.function.valueParameters
                         } else {
-                            e.function.codeQlValueParameters
+                            e.function.valueParameters
                         }
 
                     var types = parameters.map { it.type }
@@ -6670,7 +6670,7 @@ open class KotlinFileExtractor(
                 is IrFunction -> {
                     if (
                         ownerParent.dispatchReceiverParameter == owner &&
-                            ownerParent.codeQlExtensionReceiverParameter != null
+                            ownerParent.extensionReceiverParameter != null
                     ) {
 
                         val ownerParent2 = ownerParent.parent
@@ -7089,7 +7089,7 @@ open class KotlinFileExtractor(
             makeReceiverInfo(callableReferenceExpr.dispatchReceiver, 0)
         private val extensionReceiverInfo =
             makeReceiverInfo(
-                callableReferenceExpr.codeQlExtensionReceiver,
+                callableReferenceExpr.extensionReceiver,
                 if (dispatchReceiverInfo == null) 0 else 1
             )
 
@@ -7627,8 +7627,8 @@ open class KotlinFileExtractor(
                     }
 
             val expressionTypeArguments =
-                (0 until propertyReferenceExpr.codeQlTypeArgumentsCount).mapNotNull {
-                    propertyReferenceExpr.codeQlGetTypeArgument(it)
+                (0 until propertyReferenceExpr.typeArgumentsCount).mapNotNull {
+                    propertyReferenceExpr.getTypeArgument(it)
                 }
 
             val idPropertyRef = tw.getFreshIdLabel<DbPropertyref>()
@@ -7829,7 +7829,7 @@ open class KotlinFileExtractor(
 
             if (
                 functionReferenceExpr.dispatchReceiver != null &&
-                    functionReferenceExpr.codeQlExtensionReceiver != null
+                    functionReferenceExpr.extensionReceiver != null
             ) {
                 logger.errorElement(
                     "Unexpected: dispatchReceiver and extensionReceiver are both non-null",
@@ -7840,7 +7840,7 @@ open class KotlinFileExtractor(
 
             if (
                 target.owner.dispatchReceiverParameter != null &&
-                    target.owner.codeQlExtensionReceiverParameter != null
+                    target.owner.extensionReceiverParameter != null
             ) {
                 logger.errorElement(
                     "Unexpected: dispatch and extension parameters are both non-null",
@@ -7899,8 +7899,8 @@ open class KotlinFileExtractor(
                             null
                         }
                 expressionTypeArguments =
-                    (0 until functionReferenceExpr.codeQlTypeArgumentsCount).mapNotNull {
-                        functionReferenceExpr.codeQlGetTypeArgument(it)
+                    (0 until functionReferenceExpr.typeArgumentsCount).mapNotNull {
+                        functionReferenceExpr.getTypeArgument(it)
                     }
                 dispatchReceiverIdx = -1
             }
@@ -7965,7 +7965,7 @@ open class KotlinFileExtractor(
                         functionReferenceExpr,
                         declarationParent,
                         null,
-                        { it.codeQlValueParameters.size == 1 }
+                        { it.valueParameters.size == 1 }
                     ) {
                         // The argument to FunctionReference's constructor is the function arity.
                         extractConstantInteger(
@@ -8572,7 +8572,7 @@ open class KotlinFileExtractor(
         reverse: Boolean = false
     ) {
         val typeArguments =
-            (0 until c.codeQlTypeArgumentsCount).map { c.codeQlGetTypeArgument(it) }.requireNoNullsOrNull()
+            (0 until c.typeArgumentsCount).map { c.getTypeArgument(it) }.requireNoNullsOrNull()
         if (typeArguments == null) {
             logger.errorElement("Found a null type argument for a member access expression", c)
         } else {
@@ -8923,11 +8923,11 @@ open class KotlinFileExtractor(
                     tw.writeVariableBinding(lhsId, fieldId)
 
                     val parameters = mutableListOf<IrValueParameter>()
-                    val extParam = samMember.codeQlExtensionReceiverParameter
+                    val extParam = samMember.extensionReceiverParameter
                     if (extParam != null) {
                         parameters.add(extParam)
                     }
-                    parameters.addAll(samMember.codeQlValueParameters)
+                    parameters.addAll(samMember.valueParameters)
 
                     fun extractArgument(
                         p: IrValueParameter,
@@ -9032,7 +9032,7 @@ open class KotlinFileExtractor(
         elementToReportOn: IrElement,
         declarationParent: IrDeclarationParent,
         compilerGeneratedKindOverride: CompilerGeneratedKinds? = null,
-        superConstructorSelector: (IrFunction) -> Boolean = { it.codeQlValueParameters.isEmpty() },
+        superConstructorSelector: (IrFunction) -> Boolean = { it.valueParameters.isEmpty() },
         extractSuperconstructorArgs: (Label<DbSuperconstructorinvocationstmt>) -> Unit = {},
     ): Label<out DbClassorinterface> {
         // Write class

java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt

@@ -12,7 +12,7 @@ import org.jetbrains.kotlin.ir.ObsoleteDescriptorBasedAPI
 import org.jetbrains.kotlin.ir.declarations.*
 import org.jetbrains.kotlin.ir.expressions.*
 import org.jetbrains.kotlin.ir.symbols.*
-import com.github.codeql.utils.versions.codeQlAddAnnotations
+import org.jetbrains.kotlin.ir.types.addAnnotations
 import org.jetbrains.kotlin.ir.types.classFqName
 import org.jetbrains.kotlin.ir.types.classifierOrNull
 import org.jetbrains.kotlin.ir.types.classOrNull
@@ -355,7 +355,7 @@ open class KotlinUsesExtractor(
     }
 
     private fun propertySignature(p: IrProperty) =
-        ((p.getter ?: p.setter)?.codeQlExtensionReceiverParameter?.let {
+        ((p.getter ?: p.setter)?.extensionReceiverParameter?.let {
             useType(erase(it.type)).javaResult.signature
         } ?: "")
 
@@ -368,7 +368,7 @@ open class KotlinUsesExtractor(
                 // useDeclarationParent -> useFunction
                 // -> extractFunctionLaterIfExternalFileMember, which would result for `fun <T> f(t:
                 // T) { ... }` for example.
-                (listOfNotNull(d.codeQlExtensionReceiverParameter) + d.codeQlValueParameters)
+                (listOfNotNull(d.extensionReceiverParameter) + d.valueParameters)
                     .map { useType(erase(it.type)).javaResult.signature }
                     .joinToString(separator = ",", prefix = "(", postfix = ")")
             is IrProperty -> propertySignature(d) + externalClassExtractor.propertySignature
@@ -488,8 +488,8 @@ open class KotlinUsesExtractor(
             val result =
                 replacementClass.declarations.findSubType<IrSimpleFunction> { replacementDecl ->
                     replacementDecl.name == f.name &&
-                        replacementDecl.codeQlValueParameters.size == f.codeQlValueParameters.size &&
-                        replacementDecl.codeQlValueParameters.zip(f.codeQlValueParameters).all {
+                        replacementDecl.valueParameters.size == f.valueParameters.size &&
+                        replacementDecl.valueParameters.zip(f.valueParameters).all {
                             erase(it.first.type) == erase(it.second.type)
                         }
                 }
@@ -1265,7 +1265,7 @@ open class KotlinUsesExtractor(
     private fun getWildcardSuppressionDirective(t: IrAnnotationContainer): Boolean? =
         t.getAnnotation(jvmWildcardSuppressionAnnotation)?.let {
             @Suppress("USELESS_CAST") // `as? Boolean` is not needed for Kotlin < 2.1
-            (it.codeQlGetValueArgument(0) as? CodeQLIrConst<Boolean>)?.value as? Boolean ?: true
+            (it.getValueArgument(0) as? CodeQLIrConst<Boolean>)?.value as? Boolean ?: true
         }
 
     private fun addJavaLoweringArgumentWildcards(
@@ -1376,9 +1376,9 @@ open class KotlinUsesExtractor(
             f.parent,
             parentId,
             getFunctionShortName(f).nameInDB,
-            (maybeParameterList ?: f.codeQlValueParameters).map { it.type },
+            (maybeParameterList ?: f.valueParameters).map { it.type },
             getAdjustedReturnType(f),
-            f.codeQlExtensionReceiverParameter?.type,
+            f.extensionReceiverParameter?.type,
             getFunctionTypeParameters(f),
             classTypeArgsIncludingOuterClasses,
             overridesCollectionsMethodWithAlteredParameterTypes(f),
@@ -1401,12 +1401,12 @@ open class KotlinUsesExtractor(
         // The name of the function; normally f.name.asString().
         name: String,
         // The types of the value parameters that the functions takes; normally
-        // f.codeQlValueParameters.map { it.type }.
+        // f.valueParameters.map { it.type }.
         parameterTypes: List<IrType>,
         // The return type of the function; normally f.returnType.
         returnType: IrType,
         // The extension receiver of the function, if any; normally
-        // f.codeQlExtensionReceiverParameter?.type.
+        // f.extensionReceiverParameter?.type.
         extensionParamType: IrType?,
         // The type parameters of the function. This does not include type parameters of enclosing
         // classes.
@@ -1579,7 +1579,7 @@ open class KotlinUsesExtractor(
                 parentClass.fqNameWhenAvailable?.asString() !=
                     "java.util.concurrent.ConcurrentHashMap" ||
                 getFunctionShortName(f).nameInDB != "keySet" ||
-                f.codeQlValueParameters.isNotEmpty() ||
+                f.valueParameters.isNotEmpty() ||
                 f.returnType.classFqName?.asString() != "kotlin.collections.MutableSet"
         ) {
             return f.returnType
@@ -1587,7 +1587,7 @@ open class KotlinUsesExtractor(
 
         val otherKeySet =
             parentClass.declarations.findSubType<IrFunction> {
-                it.name.asString() == "keySet" && it.codeQlValueParameters.size == 1
+                it.name.asString() == "keySet" && it.valueParameters.size == 1
             } ?: return f.returnType
 
         return otherKeySet.returnType.codeQlWithHasQuestionMark(false)
@@ -1695,8 +1695,8 @@ open class KotlinUsesExtractor(
                         javaClass.declarations.findSubType<IrFunction> { decl ->
                             !decl.isFakeOverride &&
                                 decl.name.asString() == jvmName &&
-                                decl.codeQlValueParameters.size == f.codeQlValueParameters.size &&
-                                decl.codeQlValueParameters.zip(f.codeQlValueParameters).all { p ->
+                                decl.valueParameters.size == f.valueParameters.size &&
+                                decl.valueParameters.zip(f.valueParameters).all { p ->
                                     erase(p.first.type).classifierOrNull ==
                                         erase(p.second.type).classifierOrNull
                                 }
@@ -2125,7 +2125,7 @@ open class KotlinUsesExtractor(
                 }
 
                 return if (t.arguments.isNotEmpty())
-                    t.codeQlAddAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
+                    t.addAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
                 else t
             }
         }
@@ -2153,7 +2153,7 @@ open class KotlinUsesExtractor(
         val idxOffset =
             if (
                 declarationParent is IrFunction &&
-                    declarationParent.codeQlExtensionReceiverParameter != null
+                    declarationParent.extensionReceiverParameter != null
             )
             // For extension functions increase the index to match what the java extractor sees:
             1
@@ -2187,7 +2187,7 @@ open class KotlinUsesExtractor(
     // Gets a field's corresponding property's extension receiver type, if any
     fun getExtensionReceiverType(f: IrField) =
         f.correspondingPropertySymbol?.owner?.let {
-            (it.getter ?: it.setter)?.codeQlExtensionReceiverParameter?.type
+            (it.getter ?: it.setter)?.extensionReceiverParameter?.type
         }
 
     fun getFieldLabel(f: IrField): String {
@@ -2222,14 +2222,14 @@ open class KotlinUsesExtractor(
         val setter = p.setter
 
         val func = getter ?: setter
-        val ext = func?.codeQlExtensionReceiverParameter
+        val ext = func?.extensionReceiverParameter
 
         return if (ext == null) {
             "@\"property;{$parentId};${p.name.asString()}\""
         } else {
             val returnType =
                 getter?.returnType
-                    ?: setter?.codeQlValueParameters?.singleOrNull()?.type
+                    ?: setter?.valueParameters?.singleOrNull()?.type
                     ?: pluginContext.irBuiltIns.unitType
             val typeParams = getFunctionTypeParameters(func)
 

java/kotlin-extractor/src/main/kotlin/MetaAnnotationSupport.kt

@@ -1,10 +1,5 @@
 package com.github.codeql
 
-import com.github.codeql.utils.versions.codeQlAnnotationFromSymbolOwner
-import com.github.codeql.utils.versions.codeQlGetValueArgument
-import com.github.codeql.utils.versions.codeQlPutValueArgument
-import com.github.codeql.utils.versions.codeQlSetAnnotations
-import com.github.codeql.utils.versions.codeQlSetDispatchReceiverParameter
 import com.github.codeql.utils.versions.createImplicitParameterDeclarationWithWrappedDescriptor
 import java.lang.annotation.ElementType
 import java.util.HashSet
@@ -100,7 +95,7 @@ class MetaAnnotationSupport(
                     JvmAnnotationNames.REPEATABLE_ANNOTATION
             }
         return if (jvmRepeatable != null) {
-            ((jvmRepeatable.codeQlGetValueArgument(0) as? IrClassReference)?.symbol as? IrClassSymbol)
+            ((jvmRepeatable.getValueArgument(0) as? IrClassReference)?.symbol as? IrClassSymbol)
                 ?.owner
         } else {
             getOrCreateSyntheticRepeatableAnnotationContainer(annotationClass)
@@ -122,12 +117,12 @@ class MetaAnnotationSupport(
             )
             return null
         } else {
-            return codeQlAnnotationFromSymbolOwner(
+            return IrConstructorCallImpl.fromSymbolOwner(
                     containerClass.defaultType,
                     containerConstructor.symbol
                 )
                 .apply {
-                    codeQlPutValueArgument(
+                    putValueArgument(
                         0,
                         IrVarargImpl(
                             UNDEFINED_OFFSET,
@@ -149,7 +144,7 @@ class MetaAnnotationSupport(
 
     // Taken from AdditionalClassAnnotationLowering.kt
     private fun loadAnnotationTargets(targetEntry: IrConstructorCall): Set<KotlinTarget>? {
-        val valueArgument = targetEntry.codeQlGetValueArgument(0) as? IrVararg ?: return null
+        val valueArgument = targetEntry.getValueArgument(0) as? IrVararg ?: return null
         return valueArgument.elements
             .filterIsInstance<IrGetEnumValue>()
             .mapNotNull { KotlinTarget.valueOrNull(it.symbol.owner.name.asString()) }
@@ -235,14 +230,14 @@ class MetaAnnotationSupport(
             )
         }
 
-        return codeQlAnnotationFromSymbolOwner(
+        return IrConstructorCallImpl.fromSymbolOwner(
                 UNDEFINED_OFFSET,
                 UNDEFINED_OFFSET,
                 targetConstructor.returnType,
                 targetConstructor.symbol,
                 0
             )
-            .apply { codeQlPutValueArgument(0, vararg) }
+            .apply { putValueArgument(0, vararg) }
     }
 
     private val javaAnnotationRetention by lazy {
@@ -268,7 +263,7 @@ class MetaAnnotationSupport(
     // Taken from AnnotationCodegen.kt (not available in Kotlin < 1.6.20)
     private fun IrClass.getAnnotationRetention(): KotlinRetention? {
         val retentionArgument =
-            getAnnotation(StandardNames.FqNames.retention)?.codeQlGetValueArgument(0) as? IrGetEnumValue
+            getAnnotation(StandardNames.FqNames.retention)?.getValueArgument(0) as? IrGetEnumValue
                 ?: return null
         val retentionArgumentValue = retentionArgument.symbol.owner
         return KotlinRetention.valueOf(retentionArgumentValue.name.asString())
@@ -288,7 +283,7 @@ class MetaAnnotationSupport(
         val targetConstructor =
             retentionType.declarations.firstIsInstanceOrNull<IrConstructor>() ?: return null
 
-        return codeQlAnnotationFromSymbolOwner(
+        return IrConstructorCallImpl.fromSymbolOwner(
                 UNDEFINED_OFFSET,
                 UNDEFINED_OFFSET,
                 targetConstructor.returnType,
@@ -296,7 +291,7 @@ class MetaAnnotationSupport(
                 0
             )
             .apply {
-                codeQlPutValueArgument(
+                putValueArgument(
                     0,
                     IrGetEnumValueImpl(
                         UNDEFINED_OFFSET,
@@ -338,7 +333,7 @@ class MetaAnnotationSupport(
                             return
                         }
                 val newParam = thisReceiever.copyTo(this)
-                codeQlSetDispatchReceiverParameter(newParam)
+                dispatchReceiverParameter = newParam
                 body =
                     factory
                         .createBlockBody(UNDEFINED_OFFSET, UNDEFINED_OFFSET)
@@ -411,7 +406,7 @@ class MetaAnnotationSupport(
             val repeatableContainerAnnotation =
                 kotlinAnnotationRepeatableContainer?.constructors?.single()
 
-            codeQlSetAnnotations(containerClass,
+            containerClass.annotations =
                 annotationClass.annotations
                     .filter {
                         it.isAnnotationWithEqualFqName(StandardNames.FqNames.retention) ||
@@ -420,7 +415,7 @@ class MetaAnnotationSupport(
                     .map { it.deepCopyWithSymbols(containerClass) } +
                     listOfNotNull(
                         repeatableContainerAnnotation?.let {
-                            codeQlAnnotationFromSymbolOwner(
+                            IrConstructorCallImpl.fromSymbolOwner(
                                 UNDEFINED_OFFSET,
                                 UNDEFINED_OFFSET,
                                 it.returnType,
@@ -429,7 +424,6 @@ class MetaAnnotationSupport(
                             )
                         }
                     )
-            )
 
             containerClass
         }
@@ -468,14 +462,14 @@ class MetaAnnotationSupport(
                 containerClass.symbol,
                 containerClass.defaultType
             )
-        return codeQlAnnotationFromSymbolOwner(
+        return IrConstructorCallImpl.fromSymbolOwner(
                 UNDEFINED_OFFSET,
                 UNDEFINED_OFFSET,
                 repeatableConstructor.returnType,
                 repeatableConstructor.symbol,
                 0
             )
-            .apply { codeQlPutValueArgument(0, containerReference) }
+            .apply { putValueArgument(0, containerReference) }
     }
 
     private val javaAnnotationDocumented by lazy {
@@ -494,7 +488,7 @@ class MetaAnnotationSupport(
             javaAnnotationDocumented?.declarations?.firstIsInstanceOrNull<IrConstructor>()
                 ?: return null
 
-        return codeQlAnnotationFromSymbolOwner(
+        return IrConstructorCallImpl.fromSymbolOwner(
             UNDEFINED_OFFSET,
             UNDEFINED_OFFSET,
             documentedConstructor.returnType,

java/kotlin-extractor/src/main/kotlin/TrapWriter.kt

@@ -1,7 +1,6 @@
 package com.github.codeql
 
 import com.github.codeql.KotlinUsesExtractor.LocallyVisibleFunctionLabels
-import com.github.codeql.utils.versions.codeQlExtensionReceiver
 import com.semmle.extractor.java.PopulateFile
 import com.semmle.util.unicode.UTF8Util
 import java.io.BufferedWriter
@@ -332,7 +331,7 @@ open class FileTrapWriter(
             is IrCall -> {
                 // Calls have incorrect startOffset, so we adjust them:
                 val dr = e.dispatchReceiver?.let { getStartOffset(it) }
-                val er = e.codeQlExtensionReceiver?.let { getStartOffset(it) }
+                val er = e.extensionReceiver?.let { getStartOffset(it) }
                 offsetMinOf(e.startOffset, dr, er)
             }
             else -> e.startOffset

java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt

@@ -2,7 +2,6 @@ package com.github.codeql.comments
 
 import com.github.codeql.*
 import com.github.codeql.utils.isLocalFunction
-import com.github.codeql.utils.versions.codeQlExtensionReceiverParameter
 import com.github.codeql.utils.versions.isDispatchReceiver
 import org.jetbrains.kotlin.ir.IrElement
 import org.jetbrains.kotlin.ir.declarations.*
@@ -12,7 +11,7 @@ import org.jetbrains.kotlin.ir.util.parentClassOrNull
 
 private fun IrValueParameter.isExtensionReceiver(): Boolean {
     val parentFun = parent as? IrFunction ?: return false
-    return parentFun.codeQlExtensionReceiverParameter == this
+    return parentFun.extensionReceiverParameter == this
 }
 
 open class CommentExtractor(

java/kotlin-extractor/src/main/kotlin/utils/JvmNames.kt

@@ -1,8 +1,6 @@
 package com.github.codeql.utils
 
 import com.github.codeql.utils.versions.CodeQLIrConst
-import com.github.codeql.utils.versions.codeQlGetValueArgument
-import com.github.codeql.utils.versions.codeQlValueArgumentsCount
 import org.jetbrains.kotlin.builtins.StandardNames
 import org.jetbrains.kotlin.ir.declarations.IrAnnotationContainer
 import org.jetbrains.kotlin.ir.declarations.IrClass
@@ -78,9 +76,9 @@ private fun getSpecialJvmName(f: IrFunction): String? {
 fun getJvmName(container: IrAnnotationContainer): String? {
     for (a: IrConstructorCall in container.annotations) {
         val t = a.type
-        if (t is IrSimpleType && a.codeQlValueArgumentsCount == 1) {
+        if (t is IrSimpleType && a.valueArgumentsCount == 1) {
             val owner = t.classifier.owner
-            val v = a.codeQlGetValueArgument(0)
+            val v = a.getValueArgument(0)
             if (owner is IrClass) {
                 val aPkg = owner.packageFqName?.asString()
                 val name = owner.name.asString()

java/kotlin-extractor/src/main/kotlin/utils/TypeSubstitution.kt

@@ -18,7 +18,7 @@ import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
 import org.jetbrains.kotlin.ir.expressions.impl.*
 import org.jetbrains.kotlin.ir.symbols.IrTypeParameterSymbol
 import org.jetbrains.kotlin.ir.symbols.impl.DescriptorlessExternalPackageFragmentSymbol
-import com.github.codeql.utils.versions.codeQlAddAnnotations
+import org.jetbrains.kotlin.ir.types.addAnnotations
 import org.jetbrains.kotlin.ir.types.classifierOrNull
 import org.jetbrains.kotlin.ir.types.makeNotNull
 import org.jetbrains.kotlin.ir.types.makeNullable
@@ -192,7 +192,7 @@ object RawTypeAnnotation {
                     addConstructor { isPrimary = true }
                 }
         val constructor = annoClass.constructors.single()
-        codeQlAnnotationFromSymbolOwner(constructor.constructedClassType, constructor.symbol)
+        IrConstructorCallImpl.fromSymbolOwner(constructor.constructedClassType, constructor.symbol)
     }
 }
 
@@ -202,7 +202,7 @@ fun IrType.toRawType(): IrType =
             when (val owner = this.classifier.owner) {
                 is IrClass -> {
                     if (this.arguments.isNotEmpty())
-                        this.codeQlAddAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
+                        this.addAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
                     else this
                 }
                 is IrTypeParameter -> owner.superTypes[0].toRawType()
@@ -215,7 +215,7 @@ fun IrType.toRawType(): IrType =
 fun IrClass.toRawType(): IrType {
     val result = this.typeWith(listOf())
     return if (this.typeParameters.isNotEmpty())
-        result.codeQlAddAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
+        result.addAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
     else result
 }
 

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/IrCompat.kt

@@ -1,70 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.declarations.IrFunction
-import org.jetbrains.kotlin.ir.declarations.IrValueParameter
-import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
-import org.jetbrains.kotlin.ir.expressions.IrExpression
-import org.jetbrains.kotlin.ir.expressions.IrMemberAccessExpression
-import org.jetbrains.kotlin.ir.expressions.impl.*
-import org.jetbrains.kotlin.ir.symbols.IrConstructorSymbol
-import org.jetbrains.kotlin.ir.types.IrType
-import org.jetbrains.kotlin.ir.types.addAnnotations
-
-/**
- * Compatibility accessors for pre-2.4.0 API patterns.
- * In pre-2.4.0 versions, these delegate directly to the existing APIs.
- */
-
-// IrFunction: valueParameters
-val IrFunction.codeQlValueParameters: List<IrValueParameter>
-    get() = valueParameters
-
-// IrFunction: extensionReceiverParameter
-val IrFunction.codeQlExtensionReceiverParameter: IrValueParameter?
-    get() = extensionReceiverParameter
-
-// IrMemberAccessExpression: valueArgumentsCount
-val IrMemberAccessExpression<*>.codeQlValueArgumentsCount: Int
-    get() = valueArgumentsCount
-
-// IrMemberAccessExpression: getValueArgument
-fun IrMemberAccessExpression<*>.codeQlGetValueArgument(index: Int): IrExpression? = getValueArgument(index)
-
-// IrMemberAccessExpression: putValueArgument
-fun IrMemberAccessExpression<*>.codeQlPutValueArgument(index: Int, value: IrExpression?) {
-    putValueArgument(index, value)
-}
-
-// IrMemberAccessExpression: extensionReceiver
-val IrMemberAccessExpression<*>.codeQlExtensionReceiver: IrExpression?
-    get() = extensionReceiver
-
-// IrMemberAccessExpression: typeArgumentsCount
-val IrMemberAccessExpression<*>.codeQlTypeArgumentsCount: Int
-    get() = typeArgumentsCount
-
-// IrMemberAccessExpression: getTypeArgument
-fun IrMemberAccessExpression<*>.codeQlGetTypeArgument(index: Int): IrType? = getTypeArgument(index)
-
-// addAnnotations compat: in pre-2.4.0, addAnnotations expects List<IrConstructorCall>
-fun IrType.codeQlAddAnnotations(annotations: List<IrConstructorCall>): IrType =
-    addAnnotations(annotations)
-
-// IrMutableAnnotationContainer.annotations setter: in pre-2.4.0, annotations is var with List<IrConstructorCall>
-fun codeQlSetAnnotations(container: org.jetbrains.kotlin.ir.declarations.IrMutableAnnotationContainer, annotations: List<IrConstructorCall>) {
-    container.annotations = annotations
-}
-
-// IrFunction: set dispatch receiver parameter (pre-2.4.0 it's a var)
-fun IrFunction.codeQlSetDispatchReceiverParameter(param: IrValueParameter?) {
-    dispatchReceiverParameter = param
-}
-
-// In pre-2.4.0, annotations are List<IrConstructorCall> so IrConstructorCallImpl works directly.
-fun codeQlAnnotationFromSymbolOwner(
-    startOffset: Int, endOffset: Int, type: IrType, symbol: IrConstructorSymbol, typeArgumentsCount: Int
-): IrConstructorCall =
-    IrConstructorCallImpl.fromSymbolOwner(startOffset, endOffset, type, symbol, typeArgumentsCount)
-
-fun codeQlAnnotationFromSymbolOwner(type: IrType, symbol: IrConstructorSymbol): IrConstructorCall =
-    IrConstructorCallImpl.fromSymbolOwner(type, symbol)

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/Kotlin2ComponentRegistrar.kt

@@ -3,32 +3,10 @@
 
 package com.github.codeql
 
-import com.intellij.mock.MockProject
-import com.intellij.openapi.extensions.LoadingOrder
-import org.jetbrains.kotlin.backend.common.extensions.IrGenerationExtension
 import org.jetbrains.kotlin.compiler.plugin.ComponentRegistrar
 import org.jetbrains.kotlin.compiler.plugin.ExperimentalCompilerApi
-import org.jetbrains.kotlin.config.CompilerConfiguration
 
 @OptIn(ExperimentalCompilerApi::class)
 abstract class Kotlin2ComponentRegistrar : ComponentRegistrar {
     /* Nothing to do; supportsK2 doesn't exist yet. */
-
-    private var project: MockProject? = null
-
-    override fun registerProjectComponents(
-        project: MockProject,
-        configuration: CompilerConfiguration
-    ) {
-        this.project = project
-        doRegisterExtensions(configuration)
-    }
-
-    abstract fun doRegisterExtensions(configuration: CompilerConfiguration)
-
-    fun registerExtractorExtension(extension: IrGenerationExtension) {
-        val p = project ?: throw IllegalStateException("registerExtractorExtension called before registerProjectComponents")
-        val extensionPoint = p.extensionArea.getExtensionPoint(IrGenerationExtension.extensionPointName)
-        extensionPoint.registerExtension(extension, LoadingOrder.LAST, p)
-    }
 }

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_9_0-Beta/Kotlin2ComponentRegistrar.kt

@@ -3,35 +3,11 @@
 
 package com.github.codeql
 
-import com.intellij.mock.MockProject
-import com.intellij.openapi.extensions.LoadingOrder
-import org.jetbrains.kotlin.backend.common.extensions.IrGenerationExtension
 import org.jetbrains.kotlin.compiler.plugin.ComponentRegistrar
 import org.jetbrains.kotlin.compiler.plugin.ExperimentalCompilerApi
-import org.jetbrains.kotlin.config.CompilerConfiguration
 
 @OptIn(ExperimentalCompilerApi::class)
 abstract class Kotlin2ComponentRegistrar : ComponentRegistrar {
     override val supportsK2: Boolean
         get() = true
-
-    private var project: MockProject? = null
-
-    override fun registerProjectComponents(
-        project: MockProject,
-        configuration: CompilerConfiguration
-    ) {
-        this.project = project
-        doRegisterExtensions(configuration)
-    }
-
-    abstract fun doRegisterExtensions(configuration: CompilerConfiguration)
-
-    fun registerExtractorExtension(extension: IrGenerationExtension) {
-        val p = project ?: throw IllegalStateException("registerExtractorExtension called before registerProjectComponents")
-        // Register with LoadingOrder.LAST to ensure the extractor runs after other
-        // IR generation plugins (like kotlinx.serialization) have generated their code.
-        val extensionPoint = p.extensionArea.getExtensionPoint(IrGenerationExtension.extensionPointName)
-        extensionPoint.registerExtension(extension, LoadingOrder.LAST, p)
-    }
 }

java/kotlin-extractor/src/main/kotlin/utils/versions/v_2_4_0/IrCompat.kt

@@ -1,121 +0,0 @@
-@file:Suppress("DEPRECATION")
-
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.declarations.IrFunction
-import org.jetbrains.kotlin.ir.declarations.IrValueParameter
-import org.jetbrains.kotlin.ir.expressions.IrAnnotation
-import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
-import org.jetbrains.kotlin.ir.expressions.IrExpression
-import org.jetbrains.kotlin.ir.expressions.IrMemberAccessExpression
-import org.jetbrains.kotlin.ir.expressions.impl.IrAnnotationImpl
-import org.jetbrains.kotlin.ir.expressions.impl.fromSymbolOwner
-import org.jetbrains.kotlin.ir.symbols.IrConstructorSymbol
-import org.jetbrains.kotlin.ir.types.IrType
-import org.jetbrains.kotlin.ir.types.addAnnotations
-
-/**
- * Compatibility accessors for pre-2.4.0 API patterns.
- * In 2.4.0, valueParameters/extensionReceiverParameter/extensionReceiver/
- * getValueArgument/putValueArgument/valueArgumentsCount/typeArgumentsCount/getTypeArgument
- * have been removed. This file provides the 2.4.0 implementations.
- */
-
-// IrFunction: valueParameters -> parameters filtered to Regular kind
-val IrFunction.codeQlValueParameters: List<IrValueParameter>
-    get() = parameters.filter { it.kind == org.jetbrains.kotlin.ir.declarations.IrParameterKind.Regular }
-
-// IrFunction: extensionReceiverParameter
-val IrFunction.codeQlExtensionReceiverParameter: IrValueParameter?
-    get() = parameters.firstOrNull { it.kind == org.jetbrains.kotlin.ir.declarations.IrParameterKind.ExtensionReceiver }
-
-// Helper: get the offset of value arguments in the arguments list
-// In 2.4.0, arguments[] includes dispatch/extension receivers before regular params
-private fun IrMemberAccessExpression<*>.valueArgumentOffset(): Int {
-    val owner = symbol.owner as? IrFunction ?: return 0
-    return owner.parameters.count { it.kind != org.jetbrains.kotlin.ir.declarations.IrParameterKind.Regular }
-}
-
-// IrMemberAccessExpression: valueArgumentsCount
-val IrMemberAccessExpression<*>.codeQlValueArgumentsCount: Int
-    get() = arguments.size - valueArgumentOffset()
-
-// IrMemberAccessExpression: getValueArgument
-fun IrMemberAccessExpression<*>.codeQlGetValueArgument(index: Int): IrExpression? = arguments[index + valueArgumentOffset()]
-
-// IrMemberAccessExpression: putValueArgument
-fun IrMemberAccessExpression<*>.codeQlPutValueArgument(index: Int, value: IrExpression?) {
-    arguments[index + valueArgumentOffset()] = value
-}
-
-// IrMemberAccessExpression: extensionReceiver
-// For IrCall/IrFunctionReference, look at symbol.owner (IrFunction) directly.
-// For IrPropertyReference, symbol.owner is IrProperty; use the getter's parameters instead.
-val IrMemberAccessExpression<*>.codeQlExtensionReceiver: IrExpression?
-    get() {
-        val erp = extensionReceiverParameterIndex() ?: return null
-        return arguments[erp]
-    }
-
-private fun IrMemberAccessExpression<*>.extensionReceiverParameterIndex(): Int? {
-    // Direct function owner (IrCall, IrFunctionReference, etc.)
-    (symbol.owner as? IrFunction)?.codeQlExtensionReceiverParameter?.let {
-        return it.indexInParameters
-    }
-    // Property reference: look at getter or setter function
-    (this as? org.jetbrains.kotlin.ir.expressions.IrPropertyReference)?.let { propRef ->
-        propRef.getter?.owner?.codeQlExtensionReceiverParameter?.let {
-            return it.indexInParameters
-        }
-        propRef.setter?.owner?.codeQlExtensionReceiverParameter?.let {
-            return it.indexInParameters
-        }
-    }
-    return null
-}
-
-// IrMemberAccessExpression: typeArgumentsCount
-val IrMemberAccessExpression<*>.codeQlTypeArgumentsCount: Int
-    get() = typeArguments.size
-
-// IrMemberAccessExpression: getTypeArgument
-fun IrMemberAccessExpression<*>.codeQlGetTypeArgument(index: Int): IrType? = typeArguments[index]
-
-// addAnnotations compat: in 2.4.0, addAnnotations expects List<IrAnnotation>
-// IrConstructorCall implements IrAnnotation in 2.4.0, so filterIsInstance is identity
-fun IrType.codeQlAddAnnotations(annotations: List<IrConstructorCall>): IrType =
-    addAnnotations(annotations.filterIsInstance<IrAnnotation>())
-
-// IrMutableAnnotationContainer.annotations setter: in 2.4.0, expects List<IrAnnotation>
-fun codeQlSetAnnotations(container: org.jetbrains.kotlin.ir.declarations.IrMutableAnnotationContainer, annotations: List<IrConstructorCall>) {
-    container.annotations = annotations.filterIsInstance<IrAnnotation>()
-}
-
-// IrFunction: set dispatch receiver parameter
-// In 2.4.0, dispatchReceiverParameter is val; modify the parameters list directly.
-fun IrFunction.codeQlSetDispatchReceiverParameter(param: IrValueParameter?) {
-    val existing = parameters.indexOfFirst { it.kind == org.jetbrains.kotlin.ir.declarations.IrParameterKind.DispatchReceiver }
-    val mutableParams = parameters.toMutableList()
-    if (existing >= 0) {
-        if (param != null) {
-            mutableParams[existing] = param
-        } else {
-            mutableParams.removeAt(existing)
-        }
-    } else if (param != null) {
-        param.kind = org.jetbrains.kotlin.ir.declarations.IrParameterKind.DispatchReceiver
-        mutableParams.add(0, param)
-    }
-    parameters = mutableParams
-}
-
-// In 2.4.0, annotation lists require IrAnnotation instances.
-// Use IrAnnotationImpl.fromSymbolOwner instead of IrConstructorCallImpl.fromSymbolOwner.
-fun codeQlAnnotationFromSymbolOwner(
-    startOffset: Int, endOffset: Int, type: IrType, symbol: IrConstructorSymbol, typeArgumentsCount: Int
-): IrConstructorCall =
-    IrAnnotationImpl.fromSymbolOwner(startOffset, endOffset, type, symbol, typeArgumentsCount)
-
-fun codeQlAnnotationFromSymbolOwner(type: IrType, symbol: IrConstructorSymbol): IrConstructorCall =
-    IrAnnotationImpl.fromSymbolOwner(type, symbol)
-

java/kotlin-extractor/src/main/kotlin/utils/versions/v_2_4_0/Kotlin2ComponentRegistrar.kt

@@ -1,45 +0,0 @@
-package com.github.codeql
-
-import com.intellij.mock.MockProject
-import org.jetbrains.kotlin.backend.common.extensions.IrGenerationExtension
-import org.jetbrains.kotlin.compiler.plugin.CompilerPluginRegistrar
-import org.jetbrains.kotlin.compiler.plugin.ExperimentalCompilerApi
-import org.jetbrains.kotlin.config.CompilerConfiguration
-
-@OptIn(ExperimentalCompilerApi::class)
-@Suppress("DEPRECATION", "DEPRECATION_ERROR")
-abstract class Kotlin2ComponentRegistrar :
-    CompilerPluginRegistrar(),
-    org.jetbrains.kotlin.compiler.plugin.ComponentRegistrar {
-    override val supportsK2: Boolean
-        get() = true
-
-    override val pluginId: String
-        get() = "kotlin-extractor"
-
-    // ComponentRegistrar implementation (legacy path, still called by Kotlin compiler)
-    override fun registerProjectComponents(
-        project: MockProject,
-        configuration: CompilerConfiguration
-    ) {
-        // Registration is done via ExtensionStorage in Kotlin 2.4+.
-        // This legacy entry point remains for compatibility with service discovery.
-    }
-
-    private var extensionStorage: CompilerPluginRegistrar.ExtensionStorage? = null
-
-    override fun ExtensionStorage.registerExtensions(configuration: CompilerConfiguration) {
-        this@Kotlin2ComponentRegistrar.extensionStorage = this
-        doRegisterExtensions(configuration)
-    }
-
-    abstract fun doRegisterExtensions(configuration: CompilerConfiguration)
-
-    protected fun registerExtractorExtension(extension: IrGenerationExtension) {
-        val storage = extensionStorage
-            ?: throw IllegalStateException("registerExtractorExtension called before registerExtensions")
-        with(storage) {
-            IrGenerationExtension.registerExtension(extension)
-        }
-    }
-}

java/kotlin-extractor/src/main/kotlin/utils/versions/v_2_4_0/parameterIndexExcludingReceivers.kt

@@ -1,13 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.declarations.IrFunction
-import org.jetbrains.kotlin.ir.declarations.IrParameterKind
-import org.jetbrains.kotlin.ir.declarations.IrValueParameter
-
-fun parameterIndexExcludingReceivers(vp: IrValueParameter): Int {
-    val offset =
-        (vp.parent as? IrFunction)?.let { f ->
-            f.parameters.count { it.kind == IrParameterKind.DispatchReceiver || it.kind == IrParameterKind.ExtensionReceiver || it.kind == IrParameterKind.Context }
-        } ?: 0
-    return vp.indexInParameters - offset
-}

java/kotlin-extractor/src/main/resources/META-INF/services/org.jetbrains.kotlin.compiler.plugin.CompilerPluginRegistrar

@@ -1 +0,0 @@
-com.github.codeql.KotlinExtractorComponentRegistrar

java/kotlin-extractor/versions.bzl

@@ -11,7 +11,6 @@ VERSIONS = [
     "2.2.20-Beta2",
     "2.3.0",
     "2.3.20",
-    "2.4.0",
 ]
 
 def _version_to_tuple(v):

java/ql/integration-tests/java/buildless-erroneous/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Because no usable build tool (Gradle, Maven, etc) was found, build scripts could not be queried for guidance about the appropriate JDK version for the code being extracted, or precise dependency information. The default JDK will be used, and external dependencies will be inferred from the Java package names used.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-gradle-classifiers/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-gradle-timeout/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "A Gradle process was aborted because it didn't write to the console for 5 seconds. Consider either lengthening the timeout if appropriate by setting CODEQL_EXTRACTOR_JAVA_BUILDLESS_CHILD_PROCESS_IDLE_TIMEOUT to a higher value or zero for no timeout, or else investigate why Gradle timed out. Java analysis will continue, but the analysis may be of reduced quality.",
   "severity": "note",

java/ql/integration-tests/java/buildless-gradle/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-inherit-trust-store/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-maven-executable-war/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/maven-fetches.expected

@@ -11,8 +11,8 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.18.6/jackson-bom-2.18.6.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.18.4/jackson-parent-2.18.4.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/69/oss-parent-69.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-3/depgraph-maven-plugin-4.0.3-CodeQL-3.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-3/depgraph-maven-plugin-4.0.3-CodeQL-3.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
@@ -31,12 +31,12 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/net/java/jvnet-parent/3/jvnet-parent-3.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/19/apache-19.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/25/apache-25.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/27/apache-27.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/47/commons-parent-47.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/35/apache-35.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/85/commons-parent-85.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-model/3.8.6/maven-model-3.8.6.jar
@@ -57,12 +57,11 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.6.1/plexus-utils-3.6.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.6.1/plexus-utils-3.6.1.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/25/plexus-25.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.pom
@@ -70,6 +69,8 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-inject/0.3.5/sisu-inject-0.3.5.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-plexus/0.3.5/sisu-plexus-0.3.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.13.1/junit-bom-5.13.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.14.1/junit-bom-5.14.1.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.9.1/junit-bom-5.9.1.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/forge/forge-parent/10/forge-parent-10.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/oss/oss-parent/7/oss-parent-7.pom

java/ql/integration-tests/java/buildless-maven-mirrorof/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-maven-mirrorof/maven-fetches.expected

@@ -8,8 +8,8 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.18.6/jackson-bom-2.18.6.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.18.4/jackson-parent-2.18.4.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/69/oss-parent-69.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-3/depgraph-maven-plugin-4.0.3-CodeQL-3.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-3/depgraph-maven-plugin-4.0.3-CodeQL-3.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
@@ -28,12 +28,12 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/net/java/jvnet-parent/3/jvnet-parent-3.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/19/apache-19.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/25/apache-25.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/27/apache-27.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/47/commons-parent-47.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/35/apache-35.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/85/commons-parent-85.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-model/3.8.6/maven-model-3.8.6.jar
@@ -54,12 +54,11 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.6.1/plexus-utils-3.6.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.6.1/plexus-utils-3.6.1.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/25/plexus-25.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.pom
@@ -67,6 +66,8 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-inject/0.3.5/sisu-inject-0.3.5.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-plexus/0.3.5/sisu-plexus-0.3.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.13.1/junit-bom-5.13.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.14.1/junit-bom-5.14.1.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.9.1/junit-bom-5.9.1.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/forge/forge-parent/10/forge-parent-10.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/oss/oss-parent/7/oss-parent-7.pom

java/ql/integration-tests/java/buildless-maven-multimodule/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-maven-timeout/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "A Maven process was aborted because it didn't write to the console for 5 seconds. Consider either lenghtening the timeout if appropriate by setting CODEQL_EXTRACTOR_JAVA_BUILDLESS_CHILD_PROCESS_IDLE_TIMEOUT to a higher value or zero for no timeout, or else investigate why Maven timed out. Java analysis will continue, but the analysis may be of reduced quality.",
   "severity": "note",
@@ -83,7 +98,7 @@
   }
 }
 {
-  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3-CodeQL-2:graph` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
+  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3-CodeQL-3:graph` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
   "severity": "note",
   "source": {
     "extractorName": "java",

java/ql/integration-tests/java/buildless-maven-tolerate-unavailable-dependency/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "At least one dependency JAR suggested by the build system could not be downloaded. This means the analysis will try to satisfy the dependency with its default choice for the required external package name, which may be the wrong version or the wrong package entirely. This may lead to partial analysis of code using this dependency. See the extraction log for full details. If the cause appears to be a temporary outage, consider retrying the analysis.",
   "severity": "note",
@@ -97,7 +112,7 @@
   }
 }
 {
-  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3-CodeQL-2:graph` yielded an artifact transfer exception. This means some dependency information will be unavailable, and so some dependencies will be guessed based on Java package names. Consider investigating why this plugin encountered errors retrieving dependencies.",
+  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3-CodeQL-3:graph` yielded an artifact transfer exception. This means some dependency information will be unavailable, and so some dependencies will be guessed based on Java package names. Consider investigating why this plugin encountered errors retrieving dependencies.",
   "severity": "note",
   "source": {
     "extractorName": "java",

java/ql/integration-tests/java/buildless-maven-tolerate-unavailable-dependency/test.py

@@ -1,4 +1,4 @@
-def test(codeql, java):
+def test(codeql, java, check_diagnostics_java):
     codeql.database.create(
         build_mode="none",
     )

java/ql/integration-tests/java/buildless-maven/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-maven/maven-fetches.expected

@@ -11,8 +11,8 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.18.6/jackson-bom-2.18.6.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.18.4/jackson-parent-2.18.4.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/69/oss-parent-69.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-3/depgraph-maven-plugin-4.0.3-CodeQL-3.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-3/depgraph-maven-plugin-4.0.3-CodeQL-3.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
@@ -31,12 +31,12 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/net/java/jvnet-parent/3/jvnet-parent-3.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/19/apache-19.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/25/apache-25.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/27/apache-27.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/47/commons-parent-47.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/35/apache-35.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/85/commons-parent-85.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-model/3.8.6/maven-model-3.8.6.jar
@@ -57,12 +57,11 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.6.1/plexus-utils-3.6.1.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.6.1/plexus-utils-3.6.1.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/25/plexus-25.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.pom
@@ -70,6 +69,8 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-inject/0.3.5/sisu-inject-0.3.5.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-plexus/0.3.5/sisu-plexus-0.3.5.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.13.1/junit-bom-5.13.1.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.14.1/junit-bom-5.14.1.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.9.1/junit-bom-5.9.1.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/forge/forge-parent/10/forge-parent-10.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/oss/oss-parent/7/oss-parent-7.pom

java/ql/integration-tests/java/buildless-proxy-gradle/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-proxy-maven/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/buildless-sibling-projects/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis dropped the following dependencies because a sibling project depends on a higher version:\n\n* `junit/junit-4.11`",
   "severity": "unknown",

java/ql/integration-tests/java/buildless/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Because no usable build tool (Gradle, Maven, etc) was found, build scripts could not be queried for guidance about the appropriate JDK version for the code being extracted, or precise dependency information. The default JDK will be used, and external dependencies will be inferred from the Java package names used.",
   "severity": "unknown",

java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected

@@ -1,3 +1,21 @@
+{
+  "attributes": {
+    "java_vendor": "__REDACTED__",
+    "java_version": "11.0.31"
+  },
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Analyzed a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.",
   "severity": "warning",

java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/test.py

@@ -4,7 +4,8 @@ import pathlib
 
 
 # The version of gradle used doesn't work on java 17
-def test(codeql, use_java_11, java, environment):
+def test(codeql, use_java_11, java, environment, check_diagnostics):
+    check_diagnostics.redact += ["attributes.java_vendor"]
     gradle_override_dir = pathlib.Path(tempfile.mkdtemp())
     if runs_on.windows:
         (gradle_override_dir / "gradle.bat").write_text("@echo off\nexit /b 2\n")

java/ql/integration-tests/java/maven-download-failure/diagnostics.expected

@@ -1,3 +1,18 @@
+{
+  "attributes": {},
+  "markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/summary",
+    "name": "Java extractor telemetry"
+  },
+  "visibility": {
+    "cliSummaryTable": false,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
 {
   "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
   "severity": "unknown",

java/ql/integration-tests/java/maven-download-failure/test.py

@@ -2,7 +2,7 @@ import os
 import os.path
 import shutil
 
-def test(codeql, java, check_diagnostics):
+def test(codeql, java, check_diagnostics_java):
 
     # Avoid shutil resolving mvn to the wrapper script in the test dir:
     os.environ["NoDefaultCurrentDirectoryInExePath"] = "0"

java/ql/integration-tests/kotlin/all-platforms/diagnostics/kotlin-version-too-new/diagnostics.expected

@@ -1,5 +1,5 @@
 {
-  "markdownMessage": "The Kotlin version installed (`999.999.999`) is too recent for this version of CodeQL. Install a version lower than 2.4.10.",
+  "markdownMessage": "The Kotlin version installed (`999.999.999`) is too recent for this version of CodeQL. Install a version lower than 2.3.30.",
   "severity": "error",
   "source": {
     "extractorName": "java",

java/ql/integration-tests/kotlin/all-platforms/enhanced-nullability/test.py

@@ -1,9 +1,6 @@
 import pathlib
 
-import pytest
 
-
-@pytest.mark.kotlin1
 def test(codeql, java_full):
     java_srcs = " ".join([str(s) for s in pathlib.Path().glob("*.java")])
     codeql.database.create(

java/ql/integration-tests/kotlin/all-platforms/external-property-overloads/test.py

@@ -1,9 +1,6 @@
 import commands
 
-import pytest
 
-
-@pytest.mark.kotlin1
 def test(codeql, java_full):
     commands.run("kotlinc -language-version 1.9 test.kt -d lib")
     codeql.database.create(command="kotlinc -language-version 1.9 user.kt -cp lib")

java/ql/integration-tests/kotlin/all-platforms/extractor_information_kotlin1/test.py

@@ -1,6 +1,2 @@
-import pytest
-
-
-@pytest.mark.kotlin1
 def test(codeql, java_full):
     codeql.database.create(command="kotlinc -J-Xmx2G -language-version 1.9 SomeClass.kt")

java/ql/integration-tests/kotlin/all-platforms/file_classes/test.py

@@ -1,9 +1,6 @@
 import commands
 
-import pytest
 
-
-@pytest.mark.kotlin1
 def test(codeql, java_full):
     commands.run("kotlinc -language-version 1.9 A.kt")
     codeql.database.create(command="kotlinc -cp . -language-version 1.9 B.kt C.kt")

java/ql/integration-tests/kotlin/all-platforms/java-interface-redeclares-tostring/test.py

@@ -1,9 +1,6 @@
 import commands
 
-import pytest
 
-
-@pytest.mark.kotlin1
 def test(codeql, java_full):
     commands.run(["javac", "Test.java", "-d", "bin"])
     codeql.database.create(command="kotlinc -language-version 1.9 user.kt -cp bin")

java/ql/integration-tests/kotlin/all-platforms/kotlin_java_lowering_wildcards/test.py

@@ -1,9 +1,6 @@
 import commands
 
-import pytest
 
-
-@pytest.mark.kotlin1
 def test(codeql, java_full):
     # Compile the JavaDefns2 copy outside tracing, to make sure the Kotlin view of it matches the Java view seen by the traced javac compilation of JavaDefns.java below.
     commands.run(["javac", "JavaDefns2.java"])

java/ql/integration-tests/update-ferstl-depgraph-dependencies.sh

@@ -35,7 +35,7 @@ JACKSON_VERSION="${1:-2.18.6}"
 GUAVA_VERSION="${2:-33.4.0-jre}"
 
 PLUGIN_UPSTREAM_VERSION="4.0.3"
-PLUGIN_CODEQL_VERSION="${PLUGIN_UPSTREAM_VERSION}-CodeQL-2"
+PLUGIN_CODEQL_VERSION="${PLUGIN_UPSTREAM_VERSION}-CodeQL-3"
 UPSTREAM_TAG="depgraph-maven-plugin-${PLUGIN_UPSTREAM_VERSION}"
 UPSTREAM_REPO="https://github.com/ferstl/depgraph-maven-plugin.git"
 
@@ -76,9 +76,19 @@ pom_path, old_version, new_version, new_guava, new_jackson = sys.argv[1:]
 with open(pom_path) as f:
     content = f.read()
 
-# 1. Version suffix: 4.0.3 -> 4.0.3-CodeQL-2  (first occurrence only — the <version> element)
+# 1. Version suffix: 4.0.3 -> 4.0.3-CodeQL-3  (first occurrence only — the <version> element)
 content = content.replace(f'<version>{old_version}</version>', f'<version>{new_version}</version>', 1)
 
+# 1b. Pin patched plexus-utils / commons-lang3 (transitive via maven-core) to
+#     clear CVEs in the vendored bundle. Inserted into <dependencyManagement>.
+content = content.replace(
+    '        <scope>import</scope>\n      </dependency>\n    </dependencies>\n  </dependencyManagement>',
+    '        <scope>import</scope>\n      </dependency>\n'
+    '      <dependency>\n        <groupId>org.codehaus.plexus</groupId>\n        <artifactId>plexus-utils</artifactId>\n        <version>3.6.1</version>\n      </dependency>\n'
+    '      <dependency>\n        <groupId>org.apache.commons</groupId>\n        <artifactId>commons-lang3</artifactId>\n        <version>3.18.0</version>\n      </dependency>\n'
+    '    </dependencies>\n  </dependencyManagement>',
+    1)
+
 # 2. Guava
 content = content.replace('<version>31.1-jre</version>', f'<version>{new_guava}</version>')
 

java/ql/lib/change-notes/2026-06-04-kotlin-2.4.0.md

@@ -1,4 +0,0 @@
----
-category: feature
----
-* Kotlin 2.4.0 can now be analysed.

javascript/downgrades/ce4a5f401c03a70b0595e71bdc20612d82fa4e67/upgrade.properties

@@ -0,0 +1,3 @@
+description: Extract YAML comments
+compatibility: full
+yaml_comments.rel: delete

javascript/extractor/tests/yaml/output/trap/emoji_buffer_boundary.yml.trap

@@ -7,21 +7,26 @@ containerparent(#10001,#10000)
 locations_default(#10002,#10000,0,0,0,0)
 hasLocation(#10000,#10002)
 #20000=*
-#20001=*
-yaml_scalars(#20001,0,"key")
-yaml(#20001,0,#20000,1,"tag:yaml.org,2002:str","key")
-#20002=@"loc,{#10000},2,1,2,3"
-locations_default(#20002,#10000,2,1,2,3)
-yaml_locations(#20001,#20002)
+yaml_comments(#20000," xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","# xxxxx ... xxxxxxx")
+#20001=@"loc,{#10000},1,1,1,1017"
+locations_default(#20001,#10000,1,1,1,1017)
+yaml_locations(#20000,#20001)
+#20002=*
 #20003=*
-yaml_scalars(#20003,0,"🚀")
-yaml(#20003,0,#20000,-1,"tag:yaml.org,2002:str","\u1f680\ude80")
-#20004=@"loc,{#10000},2,6,2,6"
-locations_default(#20004,#10000,2,6,2,6)
+yaml_scalars(#20003,0,"key")
+yaml(#20003,0,#20002,1,"tag:yaml.org,2002:str","key")
+#20004=@"loc,{#10000},2,1,2,3"
+locations_default(#20004,#10000,2,1,2,3)
 yaml_locations(#20003,#20004)
-yaml(#20000,1,#10000,0,"tag:yaml.org,2002:map","key: \u1f680\ude80")
-#20005=@"loc,{#10000},2,1,2,8"
-locations_default(#20005,#10000,2,1,2,8)
-yaml_locations(#20000,#20005)
+#20005=*
+yaml_scalars(#20005,0,"🚀")
+yaml(#20005,0,#20002,-1,"tag:yaml.org,2002:str","\u1f680\ude80")
+#20006=@"loc,{#10000},2,6,2,6"
+locations_default(#20006,#10000,2,6,2,6)
+yaml_locations(#20005,#20006)
+yaml(#20002,1,#10000,0,"tag:yaml.org,2002:map","key: \u1f680\ude80")
+#20007=@"loc,{#10000},2,1,2,8"
+locations_default(#20007,#10000,2,1,2,8)
+yaml_locations(#20002,#20007)
 numlines(#10000,2,0,0)
 filetype(#10000,"yaml")

javascript/extractor/tests/yaml/output/trap/orig.yml.trap

@@ -87,130 +87,145 @@ yaml(#20028,0,#20017,-3,"tag:yaml.org,2002:str","xxxxxx")
 #20029=@"loc,{#10000},10,13,10,18"
 locations_default(#20029,#10000,10,13,10,18)
 yaml_locations(#20028,#20029)
+#20030=*
+yaml_comments(#20030,"    - xx: xxx","#    - xx: xxx")
+#20031=@"loc,{#10000},11,1,11,14"
+locations_default(#20031,#10000,11,1,11,14)
+yaml_locations(#20030,#20031)
+#20032=*
+yaml_comments(#20032,"      xxx_xxxxx: xxxxxx.x","#       ... xxxxx.x")
+#20033=@"loc,{#10000},12,1,12,26"
+locations_default(#20033,#10000,12,1,12,26)
+yaml_locations(#20032,#20033)
 yaml(#20017,1,#20016,0,"tag:yaml.org,2002:map","xx: xxxxx")
-#20030=@"loc,{#10000},8,7,12,27"
-locations_default(#20030,#10000,8,7,12,27)
-yaml_locations(#20017,#20030)
+#20034=@"loc,{#10000},8,7,12,27"
+locations_default(#20034,#10000,8,7,12,27)
+yaml_locations(#20017,#20034)
 yaml(#20016,2,#20013,-1,"tag:yaml.org,2002:seq","- xx: xxxxx")
-#20031=@"loc,{#10000},8,5,12,27"
-locations_default(#20031,#10000,8,5,12,27)
-yaml_locations(#20016,#20031)
+#20035=@"loc,{#10000},8,5,12,27"
+locations_default(#20035,#10000,8,5,12,27)
+yaml_locations(#20016,#20035)
 yaml(#20013,1,#20000,-3,"tag:yaml.org,2002:map","xxxxxxx:")
-#20032=@"loc,{#10000},7,3,12,27"
-locations_default(#20032,#10000,7,3,12,27)
-yaml_locations(#20013,#20032)
-#20033=*
-yaml_scalars(#20033,0,"xxxxx")
-yaml(#20033,0,#20000,4,"tag:yaml.org,2002:str","xxxxx")
-#20034=@"loc,{#10000},14,1,14,5"
-locations_default(#20034,#10000,14,1,14,5)
-yaml_locations(#20033,#20034)
-#20035=*
-#20036=*
-yaml_scalars(#20036,0,"xxxxxxxxxxx")
-yaml(#20036,0,#20035,1,"tag:yaml.org,2002:str","xxxxxxxxxxx")
-#20037=@"loc,{#10000},15,3,15,13"
-locations_default(#20037,#10000,15,3,15,13)
-yaml_locations(#20036,#20037)
-#20038=*
+#20036=@"loc,{#10000},7,3,12,27"
+locations_default(#20036,#10000,7,3,12,27)
+yaml_locations(#20013,#20036)
+#20037=*
+yaml_scalars(#20037,0,"xxxxx")
+yaml(#20037,0,#20000,4,"tag:yaml.org,2002:str","xxxxx")
+#20038=@"loc,{#10000},14,1,14,5"
+locations_default(#20038,#10000,14,1,14,5)
+yaml_locations(#20037,#20038)
 #20039=*
-yaml_scalars(#20039,0,"xxxx_xxxxxxx")
-yaml(#20039,0,#20038,0,"tag:yaml.org,2002:str","xxxx_xxxxxxx")
-#20040=@"loc,{#10000},16,7,16,18"
-locations_default(#20040,#10000,16,7,16,18)
-yaml_locations(#20039,#20040)
-yaml(#20038,2,#20035,-1,"tag:yaml.org,2002:seq","- xxxx_xxxxxxx")
-#20041=@"loc,{#10000},16,5,16,19"
-locations_default(#20041,#10000,16,5,16,19)
-yaml_locations(#20038,#20041)
-yaml(#20035,1,#20000,-4,"tag:yaml.org,2002:map","xxxxxxxxxxx:")
-#20042=@"loc,{#10000},15,3,16,19"
-locations_default(#20042,#10000,15,3,16,19)
-yaml_locations(#20035,#20042)
+#20040=*
+yaml_scalars(#20040,0,"xxxxxxxxxxx")
+yaml(#20040,0,#20039,1,"tag:yaml.org,2002:str","xxxxxxxxxxx")
+#20041=@"loc,{#10000},15,3,15,13"
+locations_default(#20041,#10000,15,3,15,13)
+yaml_locations(#20040,#20041)
+#20042=*
 #20043=*
-yaml_scalars(#20043,0,"xxxxxx")
-yaml(#20043,0,#20000,5,"tag:yaml.org,2002:str","xxxxxx")
-#20044=@"loc,{#10000},18,1,18,6"
-locations_default(#20044,#10000,18,1,18,6)
+yaml_scalars(#20043,0,"xxxx_xxxxxxx")
+yaml(#20043,0,#20042,0,"tag:yaml.org,2002:str","xxxx_xxxxxxx")
+#20044=@"loc,{#10000},16,7,16,18"
+locations_default(#20044,#10000,16,7,16,18)
 yaml_locations(#20043,#20044)
-#20045=*
-#20046=*
-yaml_scalars(#20046,0,"xxxx_xxxxxxx")
-yaml(#20046,0,#20045,1,"tag:yaml.org,2002:str","xxxx_xxxxxxx")
-#20047=@"loc,{#10000},19,3,19,14"
-locations_default(#20047,#10000,19,3,19,14)
-yaml_locations(#20046,#20047)
-#20048=*
-yaml_scalars(#20048,0,"xxxx")
-yaml(#20048,0,#20045,-1,"tag:yaml.org,2002:str","xxxx")
-#20049=@"loc,{#10000},19,17,19,20"
-locations_default(#20049,#10000,19,17,19,20)
-yaml_locations(#20048,#20049)
+yaml(#20042,2,#20039,-1,"tag:yaml.org,2002:seq","- xxxx_xxxxxxx")
+#20045=@"loc,{#10000},16,5,16,19"
+locations_default(#20045,#10000,16,5,16,19)
+yaml_locations(#20042,#20045)
+yaml(#20039,1,#20000,-4,"tag:yaml.org,2002:map","xxxxxxxxxxx:")
+#20046=@"loc,{#10000},15,3,16,19"
+locations_default(#20046,#10000,15,3,16,19)
+yaml_locations(#20039,#20046)
+#20047=*
+yaml_scalars(#20047,0,"xxxxxx")
+yaml(#20047,0,#20000,5,"tag:yaml.org,2002:str","xxxxxx")
+#20048=@"loc,{#10000},18,1,18,6"
+locations_default(#20048,#10000,18,1,18,6)
+yaml_locations(#20047,#20048)
+#20049=*
 #20050=*
-yaml_scalars(#20050,0,"xxxxxxxx")
-yaml(#20050,0,#20045,2,"tag:yaml.org,2002:str","xxxxxxxx")
-#20051=@"loc,{#10000},20,3,20,10"
-locations_default(#20051,#10000,20,3,20,10)
+yaml_scalars(#20050,0,"xxxx_xxxxxxx")
+yaml(#20050,0,#20049,1,"tag:yaml.org,2002:str","xxxx_xxxxxxx")
+#20051=@"loc,{#10000},19,3,19,14"
+locations_default(#20051,#10000,19,3,19,14)
 yaml_locations(#20050,#20051)
 #20052=*
-yaml_scalars(#20052,0,"xxxxxx")
-yaml(#20052,0,#20045,-2,"tag:yaml.org,2002:str","xxxxxx")
-#20053=@"loc,{#10000},20,13,20,18"
-locations_default(#20053,#10000,20,13,20,18)
+yaml_scalars(#20052,0,"xxxx")
+yaml(#20052,0,#20049,-1,"tag:yaml.org,2002:str","xxxx")
+#20053=@"loc,{#10000},19,17,19,20"
+locations_default(#20053,#10000,19,17,19,20)
 yaml_locations(#20052,#20053)
 #20054=*
-yaml_scalars(#20054,0,"xxxxxx")
-yaml(#20054,0,#20045,3,"tag:yaml.org,2002:str","xxxxxx")
-#20055=@"loc,{#10000},21,3,21,8"
-locations_default(#20055,#10000,21,3,21,8)
+yaml_scalars(#20054,0,"xxxxxxxx")
+yaml(#20054,0,#20049,2,"tag:yaml.org,2002:str","xxxxxxxx")
+#20055=@"loc,{#10000},20,3,20,10"
+locations_default(#20055,#10000,20,3,20,10)
 yaml_locations(#20054,#20055)
 #20056=*
-yaml_scalars(#20056,0,"xxx xxx xxxx")
-yaml(#20056,0,#20045,-3,"tag:yaml.org,2002:str","xxx xxx xxxx")
-#20057=@"loc,{#10000},21,11,21,22"
-locations_default(#20057,#10000,21,11,21,22)
+yaml_scalars(#20056,0,"xxxxxx")
+yaml(#20056,0,#20049,-2,"tag:yaml.org,2002:str","xxxxxx")
+#20057=@"loc,{#10000},20,13,20,18"
+locations_default(#20057,#10000,20,13,20,18)
 yaml_locations(#20056,#20057)
-yaml(#20045,1,#20000,-5,"tag:yaml.org,2002:map","xxxx_xxxxxxx: xxxx")
-#20058=@"loc,{#10000},19,3,21,23"
-locations_default(#20058,#10000,19,3,21,23)
-yaml_locations(#20045,#20058)
-#20059=*
-yaml_scalars(#20059,0,"xxx")
-yaml(#20059,0,#20000,6,"tag:yaml.org,2002:str","xxx")
-#20060=@"loc,{#10000},23,1,23,3"
-locations_default(#20060,#10000,23,1,23,3)
-yaml_locations(#20059,#20060)
-#20061=*
-#20062=*
-yaml_scalars(#20062,0,"xxxxxx")
-yaml(#20062,0,#20061,1,"tag:yaml.org,2002:str","xxxxxx")
-#20063=@"loc,{#10000},24,3,24,8"
-locations_default(#20063,#10000,24,3,24,8)
-yaml_locations(#20062,#20063)
-#20064=*
+#20058=*
+yaml_scalars(#20058,0,"xxxxxx")
+yaml(#20058,0,#20049,3,"tag:yaml.org,2002:str","xxxxxx")
+#20059=@"loc,{#10000},21,3,21,8"
+locations_default(#20059,#10000,21,3,21,8)
+yaml_locations(#20058,#20059)
+#20060=*
+yaml_scalars(#20060,0,"xxx xxx xxxx")
+yaml(#20060,0,#20049,-3,"tag:yaml.org,2002:str","xxx xxx xxxx")
+#20061=@"loc,{#10000},21,11,21,22"
+locations_default(#20061,#10000,21,11,21,22)
+yaml_locations(#20060,#20061)
+yaml(#20049,1,#20000,-5,"tag:yaml.org,2002:map","xxxx_xxxxxxx: xxxx")
+#20062=@"loc,{#10000},19,3,21,23"
+locations_default(#20062,#10000,19,3,21,23)
+yaml_locations(#20049,#20062)
+#20063=*
+yaml_scalars(#20063,0,"xxx")
+yaml(#20063,0,#20000,6,"tag:yaml.org,2002:str","xxx")
+#20064=@"loc,{#10000},23,1,23,3"
+locations_default(#20064,#10000,23,1,23,3)
+yaml_locations(#20063,#20064)
 #20065=*
-yaml_scalars(#20065,0,"xxxxxx")
-yaml(#20065,0,#20064,1,"tag:yaml.org,2002:str","xxxxxx")
-#20066=@"loc,{#10000},26,5,26,10"
-locations_default(#20066,#10000,26,5,26,10)
-yaml_locations(#20065,#20066)
-#20067=*
-yaml_scalars(#20067,0,"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxx/xxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxx=")
-yaml(#20067,0,#20064,-1,"tag:yaml.org,2002:str","xxxxxxx ... xxxxxx=")
-#20068=@"loc,{#10000},26,13,26,696"
-locations_default(#20068,#10000,26,13,26,696)
-yaml_locations(#20067,#20068)
-yaml(#20064,1,#20061,-1,"tag:yaml.org,2002:map","xxxxxx: ... xxxxxx=")
-#20069=@"loc,{#10000},26,5,26,697"
-locations_default(#20069,#10000,26,5,26,697)
-yaml_locations(#20064,#20069)
-yaml(#20061,1,#20000,-6,"tag:yaml.org,2002:map","xxxxxx:")
-#20070=@"loc,{#10000},24,3,26,697"
-locations_default(#20070,#10000,24,3,26,697)
-yaml_locations(#20061,#20070)
+#20066=*
+yaml_scalars(#20066,0,"xxxxxx")
+yaml(#20066,0,#20065,1,"tag:yaml.org,2002:str","xxxxxx")
+#20067=@"loc,{#10000},24,3,24,8"
+locations_default(#20067,#10000,24,3,24,8)
+yaml_locations(#20066,#20067)
+#20068=*
+#20069=*
+yaml_comments(#20069," xx_xxxxx","# xx_xxxxx")
+#20070=@"loc,{#10000},25,5,25,14"
+locations_default(#20070,#10000,25,5,25,14)
+yaml_locations(#20069,#20070)
+#20071=*
+yaml_scalars(#20071,0,"xxxxxx")
+yaml(#20071,0,#20068,1,"tag:yaml.org,2002:str","xxxxxx")
+#20072=@"loc,{#10000},26,5,26,10"
+locations_default(#20072,#10000,26,5,26,10)
+yaml_locations(#20071,#20072)
+#20073=*
+yaml_scalars(#20073,0,"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxx/xxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxxxxxxxxx+xxxxxxxxxxxxxxx=")
+yaml(#20073,0,#20068,-1,"tag:yaml.org,2002:str","xxxxxxx ... xxxxxx=")
+#20074=@"loc,{#10000},26,13,26,696"
+locations_default(#20074,#10000,26,13,26,696)
+yaml_locations(#20073,#20074)
+yaml(#20068,1,#20065,-1,"tag:yaml.org,2002:map","xxxxxx: ... xxxxxx=")
+#20075=@"loc,{#10000},26,5,26,697"
+locations_default(#20075,#10000,26,5,26,697)
+yaml_locations(#20068,#20075)
+yaml(#20065,1,#20000,-6,"tag:yaml.org,2002:map","xxxxxx:")
+#20076=@"loc,{#10000},24,3,26,697"
+locations_default(#20076,#10000,24,3,26,697)
+yaml_locations(#20065,#20076)
 yaml(#20000,1,#10000,0,"tag:yaml.org,2002:map","xxxxxxxx: xxxx_xx")
-#20071=@"loc,{#10000},1,1,26,697"
-locations_default(#20071,#10000,1,1,26,697)
-yaml_locations(#20000,#20071)
+#20077=@"loc,{#10000},1,1,26,697"
+locations_default(#20077,#10000,1,1,26,697)
+yaml_locations(#20000,#20077)
 numlines(#10000,26,0,0)
 filetype(#10000,"yaml")

javascript/ql/lib/semmle/javascript/YAML.qll

@@ -44,6 +44,12 @@ private module YamlSig implements LibYaml::InputSig {
   class ParseErrorBase extends LocatableBase, @yaml_error {
     string getMessage() { yaml_errors(this, result) }
   }
+
+  class CommentBase extends LocatableBase, @yaml_comment {
+    string getText() { yaml_comments(this, result, _) }
+
+    override string toString() { yaml_comments(this, _, result) }
+  }
 }
 
 import LibYaml::Make<YamlSig>

javascript/ql/lib/semmlecode.javascript.dbscheme

@@ -1090,13 +1090,17 @@ yaml_scalars (unique int scalar: @yaml_scalar_node ref,
               int style: int ref,
               string value: string ref);
 
+yaml_comments (unique int id: @yaml_comment,
+               string text: string ref,
+               string tostring: string ref);
+
 yaml_errors (unique int id: @yaml_error,
              string message: string ref);
 
 yaml_locations(unique int locatable: @yaml_locatable ref,
              int location: @location_default ref);
 
-@yaml_locatable = @yaml_node | @yaml_error;
+@yaml_locatable = @yaml_node | @yaml_error | @yaml_comment;
 
 /*- XML Files -*/
 

javascript/ql/lib/semmlecode.javascript.dbscheme.stats

@@ -1406,6 +1406,10 @@
 <v>1</v>
 </e>
 <e>
+<k>@yaml_comment</k>
+<v>1000</v>
+</e>
+<e>
 <k>@jsx_element</k>
 <v>1090</v>
 </e>
@@ -24077,6 +24081,122 @@
 </dependencies>
 </relation>
 <relation>
+<name>yaml_comments</name>
+<cardinality>1000</cardinality>
+<columnsizes>
+<e>
+<k>id</k>
+<v>1000</v>
+</e>
+<e>
+<k>text</k>
+<v>1000</v>
+</e>
+<e>
+<k>tostring</k>
+<v>1000</v>
+</e>
+</columnsizes>
+<dependencies>
+<dep>
+<src>id</src>
+<trg>text</trg>
+<val>
+<hist>
+<budget>12</budget>
+<bs>
+<b>
+<a>1</a>
+<b>2</b>
+<v>1000</v>
+</b>
+</bs>
+</hist>
+</val>
+</dep>
+<dep>
+<src>id</src>
+<trg>tostring</trg>
+<val>
+<hist>
+<budget>12</budget>
+<bs>
+<b>
+<a>1</a>
+<b>2</b>
+<v>1000</v>
+</b>
+</bs>
+</hist>
+</val>
+</dep>
+<dep>
+<src>text</src>
+<trg>id</trg>
+<val>
+<hist>
+<budget>12</budget>
+<bs>
+<b>
+<a>1</a>
+<b>2</b>
+<v>1000</v>
+</b>
+</bs>
+</hist>
+</val>
+</dep>
+<dep>
+<src>text</src>
+<trg>tostring</trg>
+<val>
+<hist>
+<budget>12</budget>
+<bs>
+<b>
+<a>1</a>
+<b>2</b>
+<v>1000</v>
+</b>
+</bs>
+</hist>
+</val>
+</dep>
+<dep>
+<src>tostring</src>
+<trg>id</trg>
+<val>
+<hist>
+<budget>12</budget>
+<bs>
+<b>
+<a>1</a>
+<b>2</b>
+<v>1000</v>
+</b>
+</bs>
+</hist>
+</val>
+</dep>
+<dep>
+<src>tostring</src>
+<trg>text</trg>
+<val>
+<hist>
+<budget>12</budget>
+<bs>
+<b>
+<a>1</a>
+<b>2</b>
+<v>1000</v>
+</b>
+</bs>
+</hist>
+</val>
+</dep>
+</dependencies>
+</relation>
+<relation>
 <name>xmlEncoding</name>
 <cardinality>39724</cardinality>
 <columnsizes>

javascript/ql/lib/upgrades/26a123164be893893e2aa0374d820785decf55af/upgrade.properties

@@ -0,0 +1,2 @@
+description: Extract YAML comments
+compatibility: backwards

javascript/ql/test/library-tests/Comments/YamlComments.expected

@@ -0,0 +1,20 @@
+| comments.yml:1:1:1:22 | # leadi ... comment |  leading file comment |
+| comments.yml:2:5:2:29 | # docum ... comment |  document marker comment |
+| comments.yml:3:7:3:29 | #commen ... oot key | comment after root key |
+| comments.yml:4:3:4:42 | # inden ... roperty |  indented comment before first property |
+| comments.yml:5:15:5:43 | # comme ...  scalar |  comment after quoted scalar |
+| comments.yml:6:10:6:46 | #commen ... l value | comment after an explicit null value |
+| comments.yml:7:9:7:32 | # comme ... ist key |  comment after list key |
+| comments.yml:8:5:8:34 | # comme ... ce item |  comment before sequence item |
+| comments.yml:9:13:9:50 | #commen ... mapping | comment after inline sequence mapping |
+| comments.yml:10:20:10:47 | # comme ...  scalar |  comment after plain scalar |
+| comments.yml:11:7:11:31 | # comme ... re dash |  comment after bare dash |
+| comments.yml:12:13:12:51 | # comme ... equence |  comment after mapping key in sequence |
+| comments.yml:13:21:13:42 | #commen ... boolean | comment after boolean |
+| comments.yml:14:27:14:55 | # comme ... equence |  comment after flow sequence |
+| comments.yml:15:33:15:60 | # comme ... mapping |  comment after flow mapping |
+| comments.yml:16:55:16:79 | # comme ... ow list |  comment after flow list |
+| comments.yml:17:12:17:47 | #commen ...  header | comment after literal scalar header |
+| comments.yml:20:13:20:47 | #commen ...  header | comment after folded scalar header |
+| comments.yml:23:52:23:85 | # comme ... g value |  comment after hash-looking value |
+| comments.yml:24:1:24:39 | # comme ... ent end |  comment between body and document end |

javascript/ql/test/library-tests/Comments/YamlComments.ql

@@ -0,0 +1,4 @@
+import javascript
+
+from YamlComment c
+select c, c.getText()

javascript/ql/test/library-tests/Comments/comments.yml

@@ -0,0 +1,26 @@
+# leading file comment
+--- # document marker comment
+root: #comment after root key
+  # indented comment before first property
+  name: "odd" # comment after quoted scalar
+  empty: #comment after an explicit null value
+  list: # comment after list key
+    # comment before sequence item
+    - id: 1 #comment after inline sequence mapping
+      label: plain # comment after plain scalar
+    - # comment after bare dash
+      id: 2 # comment after mapping key in sequence
+      enabled: true #comment after boolean
+      tags: [alpha, beta] # comment after flow sequence
+  flow_map: {left: 1, right: 2} # comment after flow mapping
+  flow_list: [first, second, "third # not a comment"] # comment after flow list
+  block: | #comment after literal scalar header
+    this line belongs to the scalar
+    # this hash is text, not a YAML comment
+  folded: > #comment after folded scalar header
+    folded text with # also just text
+    and another scalar line
+  trailing_hash: "there is # no comment # in here" # comment after hash-looking value
+# comment between body and document end
+... # document end comment
+# final comment after document end