Merge pull request #21946 from github/henrymercer/actions-tweak-query-name

Correct query metadata for `actions/untrusted-checkout/medium`

MODULE.bazel

@@ -237,6 +237,9 @@ use_repo(
     kotlin_extractor_deps,
     "codeql_kotlin_defaults",
     "codeql_kotlin_embeddable",
+    "kotlin-compiler-1.8.0",
+    "kotlin-compiler-1.9.0-Beta",
+    "kotlin-compiler-1.9.20-Beta",
     "kotlin-compiler-2.0.0-RC1",
     "kotlin-compiler-2.0.20-Beta2",
     "kotlin-compiler-2.1.0-Beta1",
@@ -245,7 +248,9 @@ use_repo(
     "kotlin-compiler-2.2.20-Beta2",
     "kotlin-compiler-2.3.0",
     "kotlin-compiler-2.3.20",
-    "kotlin-compiler-2.4.0",
+    "kotlin-compiler-embeddable-1.8.0",
+    "kotlin-compiler-embeddable-1.9.0-Beta",
+    "kotlin-compiler-embeddable-1.9.20-Beta",
     "kotlin-compiler-embeddable-2.0.0-RC1",
     "kotlin-compiler-embeddable-2.0.20-Beta2",
     "kotlin-compiler-embeddable-2.1.0-Beta1",
@@ -254,7 +259,9 @@ use_repo(
     "kotlin-compiler-embeddable-2.2.20-Beta2",
     "kotlin-compiler-embeddable-2.3.0",
     "kotlin-compiler-embeddable-2.3.20",
-    "kotlin-compiler-embeddable-2.4.0",
+    "kotlin-stdlib-1.8.0",
+    "kotlin-stdlib-1.9.0-Beta",
+    "kotlin-stdlib-1.9.20-Beta",
     "kotlin-stdlib-2.0.0-RC1",
     "kotlin-stdlib-2.0.20-Beta2",
     "kotlin-stdlib-2.1.0-Beta1",
@@ -263,7 +270,6 @@ use_repo(
     "kotlin-stdlib-2.2.20-Beta2",
     "kotlin-stdlib-2.3.0",
     "kotlin-stdlib-2.3.20",
-    "kotlin-stdlib-2.4.0",
 )
 
 go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")

actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.ql

@@ -1,8 +1,8 @@
 /**
- * @name Checkout of untrusted code in a trusted context
- * @description Privileged workflows have read/write access to the base repository and access to secrets.
- *              By explicitly checking out and running the build script from a fork the untrusted code is running in an environment
- *              that is able to push to the base repository and to access secrets.
+ * @name Checkout of untrusted code in a non-privileged context
+ * @description Checking out and running the build script from a fork executes untrusted code. Even in a
+ *              non-privileged workflow, this can be abused, for example to compromise self-hosted runners
+ *              or to poison caches and artifacts that are later consumed by privileged workflows.
  * @kind problem
  * @problem.severity warning
  * @precision medium
@@ -20,4 +20,4 @@ from PRHeadCheckoutStep checkout
 where
   // the checkout occurs in a non-privileged context
   inNonPrivilegedContext(checkout)
-select checkout, "Potential unsafe checkout of untrusted pull request on privileged workflow."
+select checkout, "Potential unsafe checkout of untrusted pull request on non-privileged workflow."

actions/ql/src/change-notes/2026-06-04-untrusted-checkout-medium-metadata.md

@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* The name, description, and alert message of `actions/untrusted-checkout/medium` have been corrected to describe a non-privileged context.

actions/ql/test/query-tests/Security/CWE-829/UntrustedCheckoutMedium.expected

@@ -1,10 +1,10 @@
-| .github/workflows/artifactpoisoning81.yml:11:9:14:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/dependabot2.yml:33:9:38:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/mend.yml:22:9:29:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/poc3.yml:18:7:25:4 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/poc.yml:30:9:36:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/priv_pull_request_checkout.yml:14:9:20:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/test3.yml:28:9:33:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/test4.yml:18:7:25:4 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/test8.yml:20:9:26:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
-| .github/workflows/test9.yml:11:9:16:6 | Uses Step | Potential unsafe checkout of untrusted pull request on privileged workflow. |
+| .github/workflows/artifactpoisoning81.yml:11:9:14:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/dependabot2.yml:33:9:38:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/mend.yml:22:9:29:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/poc3.yml:18:7:25:4 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/poc.yml:30:9:36:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/priv_pull_request_checkout.yml:14:9:20:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/test3.yml:28:9:33:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/test4.yml:18:7:25:4 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/test8.yml:20:9:26:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |
+| .github/workflows/test9.yml:11:9:16:6 | Uses Step | Potential unsafe checkout of untrusted pull request on non-privileged workflow. |

cpp/ql/lib/DefaultOptions.qll

@@ -30,6 +30,8 @@ class Options extends string {
   predicate overrideReturnsNull(Call call) {
     // Used in CVS:
     call.(FunctionCall).getTarget().hasGlobalName("Xstrdup")
+    or
+    CustomOptions::overrideReturnsNull(call) // old Options.qll
   }
 
   /**
@@ -43,6 +45,8 @@ class Options extends string {
     // Used in CVS:
     call.(FunctionCall).getTarget().hasGlobalName("Xstrdup") and
     nullValue(call.getArgument(0))
+    or
+    CustomOptions::returnsNull(call) // old Options.qll
   }
 
   /**
@@ -61,6 +65,8 @@ class Options extends string {
     f.hasGlobalOrStdName([
         "exit", "_exit", "_Exit", "abort", "__assert_fail", "longjmp", "__builtin_unreachable"
       ])
+    or
+    CustomOptions::exits(f) // old Options.qll
   }
 
   /**
@@ -73,7 +79,8 @@ class Options extends string {
    * runtime, the program's behavior is undefined)
    */
   predicate exprExits(Expr e) {
-    e.(AssumeExpr).getChild(0).(CompileTimeConstantInt).getIntValue() = 0
+    e.(AssumeExpr).getChild(0).(CompileTimeConstantInt).getIntValue() = 0 or
+    CustomOptions::exprExits(e) // old Options.qll
   }
 
   /**
@@ -81,7 +88,10 @@ class Options extends string {
    *
    * By default holds only for `fgets`.
    */
-  predicate alwaysCheckReturnValue(Function f) { f.hasGlobalOrStdName("fgets") }
+  predicate alwaysCheckReturnValue(Function f) {
+    f.hasGlobalOrStdName("fgets") or
+    CustomOptions::alwaysCheckReturnValue(f) // old Options.qll
+  }
 
   /**
    * Holds if it is reasonable to ignore the return value of function
@@ -97,6 +107,8 @@ class Options extends string {
     // common way of sleeping using select:
     fc.getTarget().hasGlobalName("select") and
     fc.getArgument(0).getValue() = "0"
+    or
+    CustomOptions::okToIgnoreReturnValue(fc) // old Options.qll
   }
 }
 

cpp/ql/lib/Options.qll

@@ -98,3 +98,57 @@ class CustomMutexType extends MutexType {
    */
   override predicate unlockAccess(FunctionCall fc, Expr arg) { none() }
 }
+
+/**
+ * DEPRECATED: customize `CustomOptions.overrideReturnsNull` instead.
+ *
+ * This predicate is required to support backwards compatibility for
+ * older `Options.qll` files.  It should not be removed or modified by
+ * end users.
+ */
+predicate overrideReturnsNull(Call call) { none() }
+
+/**
+ * DEPRECATED: customize `CustomOptions.returnsNull` instead.
+ *
+ * This predicate is required to support backwards compatibility for
+ * older `Options.qll` files.  It should not be removed or modified by
+ * end users.
+ */
+predicate returnsNull(Call call) { none() }
+
+/**
+ * DEPRECATED: customize `CustomOptions.exits` instead.
+ *
+ * This predicate is required to support backwards compatibility for
+ * older `Options.qll` files.  It should not be removed or modified by
+ * end users.
+ */
+predicate exits(Function f) { none() }
+
+/**
+ * DEPRECATED: customize `CustomOptions.exprExits` instead.
+ *
+ * This predicate is required to support backwards compatibility for
+ * older `Options.qll` files.  It should not be removed or modified by
+ * end users.
+ */
+predicate exprExits(Expr e) { none() }
+
+/**
+ * DEPRECATED: customize `CustomOptions.alwaysCheckReturnValue` instead.
+ *
+ * This predicate is required to support backwards compatibility for
+ * older `Options.qll` files.  It should not be removed or modified by
+ * end users.
+ */
+predicate alwaysCheckReturnValue(Function f) { none() }
+
+/**
+ * DEPRECATED: customize `CustomOptions.okToIgnoreReturnValue` instead.
+ *
+ * This predicate is required to support backwards compatibility for
+ * older `Options.qll` files.  It should not be removed or modified by
+ * end users.
+ */
+predicate okToIgnoreReturnValue(FunctionCall fc) { none() }

cpp/ql/lib/change-notes/2026-05-27-deprecated-removal.md

@@ -1,15 +0,0 @@
----
-category: breaking
----
-* Removed the deprecated `overrideReturnsNull` predicate from `Options.qll`. Use `CustomOptions.overrideReturnsNull` instead.
-* Removed the deprecated `returnsNull` predicate from `Options.qll`. Use `CustomOptions.returnsNull` instead.
-* Removed the deprecated `exits` predicate from `Options.qll`. Use `CustomOptions.exits` instead.
-* Removed the deprecated `exprExits` predicate from `Options.qll`. Use `CustomOptions.exprExits` instead.
-* Removed the deprecated `alwaysCheckReturnValue` predicate from `Options.qll`. Use `CustomOptions.alwaysCheckReturnValue` instead.
-* Removed the deprecated `okToIgnoreReturnValue` predicate from `Options.qll`. Use `CustomOptions.okToIgnoreReturnValue` instead.
-* Removed the deprecated `semmle.code.cpp.Member`. Import `semmle.code.cpp.Element` and/or `semmle.code.cpp.Type` directly.
-* Removed the deprecated `UnknownDefaultLocation` class. Use `UnknownLocation` instead.
-* Removed the deprecated `UnknownExprLocation` class. Use `UnknownLocation` instead.
-* Removed the deprecated `UnknownStmtLocation` class. Use `UnknownLocation` instead.
-* Removed the deprecated `TemplateParameter` class. Use `TypeTemplateParameter` instead.
-* Support for class resolution across link targets has been removed for databases which were created with CodeQL versions before 1.23.0.

cpp/ql/lib/cpp.qll

@@ -32,6 +32,7 @@ import semmle.code.cpp.Class
 import semmle.code.cpp.Struct
 import semmle.code.cpp.Union
 import semmle.code.cpp.Enum
+import semmle.code.cpp.Member
 import semmle.code.cpp.Field
 import semmle.code.cpp.Function
 import semmle.code.cpp.MemberFunction

cpp/ql/lib/semmle/code/cpp/Location.qll

@@ -148,3 +148,28 @@ class UnknownLocation extends Location {
     this.getFile().getAbsolutePath() = "" and locations_default(this, _, 0, 0, 0, 0)
   }
 }
+
+/**
+ * A dummy location which is used when something doesn't have a location in
+ * the source code but needs to have a `Location` associated with it.
+ *
+ * DEPRECATED: use `UnknownLocation`
+ */
+deprecated class UnknownDefaultLocation extends UnknownLocation { }
+
+/**
+ * A dummy location which is used when an expression doesn't have a
+ * location in the source code but needs to have a `Location` associated
+ * with it.
+ *
+ * DEPRECATED: use `UnknownLocation`
+ */
+deprecated class UnknownExprLocation extends UnknownLocation { }
+
+/**
+ * A dummy location which is used when a statement doesn't have a location
+ * in the source code but needs to have a `Location` associated with it.
+ *
+ * DEPRECATED: use `UnknownLocation`
+ */
+deprecated class UnknownStmtLocation extends UnknownLocation { }

cpp/ql/lib/semmle/code/cpp/Member.qll

@@ -0,0 +1,6 @@
+/**
+ * DEPRECATED: import `semmle.code.cpp.Element` and/or `semmle.code.cpp.Type` directly as required.
+ */
+
+import semmle.code.cpp.Element
+import semmle.code.cpp.Type

cpp/ql/lib/semmle/code/cpp/TemplateParameter.qll

@@ -35,6 +35,13 @@ class NonTypeTemplateParameter extends Literal, TemplateParameterImpl {
   override string getAPrimaryQlClass() { result = "NonTypeTemplateParameter" }
 }
 
+/**
+ * A C++ `typename` (or `class`) template parameter.
+ *
+ * DEPRECATED: Use `TypeTemplateParameter` instead.
+ */
+deprecated class TemplateParameter = TypeTemplateParameter;
+
 /**
  * A C++ `typename` (or `class`) template parameter.
  *

cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll

@@ -276,45 +276,6 @@ private predicate isClassConstructedFrom(Class c, Class templateClass) {
   not c.isConstructedFrom(_) and c = templateClass
 }
 
-/** Gets the fully templated version of `c`. */
-private Class getFullyTemplatedClassOld(Class c) {
-  not c.isFromUninstantiatedTemplate(_) and
-  isClassConstructedFrom(c, result)
-}
-
-private TemplateClass getOriginalClassTemplate(TemplateClass tc) {
-  result = tc.getOriginalTemplate()
-  or
-  not exists(tc.getOriginalTemplate()) and
-  result = tc
-}
-
-/** Gets the fully templated version of `c`. */
-private Class getFullyTemplatedClassNew(Class c) {
-  not c.isFromUninstantiatedTemplate(_) and
-  exists(Class mid |
-    c.isConstructedFrom(mid)
-    or
-    not c.isConstructedFrom(_) and c = mid
-  |
-    result = getOriginalClassTemplate(mid)
-    or
-    not mid instanceof TemplateClass and mid = result
-  )
-}
-
-/** Gets the fully templated version of `c`. */
-private Class getFullyTemplatedClass(Class c) {
-  // The `Class::getOriginalTemplate` predicate was introduced in CodeQL
-  // version 2.25.6 and the upgrade script leaves the
-  // `class_template_generated_from` extensionals empty if the database
-  // was generated with an older extractor. So we use the old implementation
-  // if the `class_template_generated_from` extensional is empty.
-  if class_template_generated_from(_, _)
-  then result = getFullyTemplatedClassNew(c)
-  else result = getFullyTemplatedClassOld(c)
-}
-
 /**
  * Holds if `f` is an instantiation of a function template `templateFunc`, or
  * holds with `f = templateFunc` if `f` is not an instantiation of any function
@@ -331,7 +292,7 @@ private predicate isFunctionConstructedFrom(Function f, Function templateFunc) {
 }
 
 /** Gets the fully templated version of `f`. */
-private Function getFullyTemplatedFunctionOld(Function f) {
+Function getFullyTemplatedFunction(Function f) {
   not f.isFromUninstantiatedTemplate(_) and
   (
     exists(Class c, Class templateClass, int i |
@@ -345,46 +306,13 @@ private Function getFullyTemplatedFunctionOld(Function f) {
   )
 }
 
-private TemplateFunction getOriginalFunctionTemplate(TemplateFunction tf) {
-  result = tf.getOriginalTemplate()
-  or
-  not exists(tf.getOriginalTemplate()) and
-  result = tf
-}
-
-/** Gets the fully templated version of `f`. */
-private Function getFullyTemplatedFunctionNew(Function f) {
-  not f.isFromUninstantiatedTemplate(_) and
-  exists(Function mid |
-    f.isConstructedFrom(mid)
-    or
-    not f.isConstructedFrom(_) and f = mid
-  |
-    result = getOriginalFunctionTemplate(mid)
-    or
-    not mid instanceof TemplateFunction and mid = result
-  )
-}
-
-/** Gets the fully templated version of `f`. */
-Function getFullyTemplatedFunction(Function f) {
-  // The `Function::getOriginalTemplate` predicate was introduced in CodeQL
-  // version 2.25.6 and the upgrade script leaves the
-  // `function_template_generated_from` extensionals empty if the database
-  // was generated with an older extractor. So we use the old implementation
-  // if the `function_template_generated_from` extensional is empty.
-  if function_template_generated_from(_, _)
-  then result = getFullyTemplatedFunctionNew(f)
-  else result = getFullyTemplatedFunctionOld(f)
-}
-
 /** Prefixes `const` to `s` if `t` is const, or returns `s` otherwise. */
 bindingset[s, t]
 private string withConst(string s, Type t) {
   if t.isConst() then result = "const " + s else result = s
 }
 
-/** Prefixes `volatile` to `s` if `t` is volatile, or returns `s` otherwise. */
+/** Prefixes `volatile` to `s` if `t` is const, or returns `s` otherwise. */
 bindingset[s, t]
 private string withVolatile(string s, Type t) {
   if t.isVolatile() then result = "volatile " + s else result = s
@@ -562,7 +490,7 @@ pragma[nomagic]
 private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining) {
   // If there is a declaring type then we start by expanding the function templates
   exists(Class template |
-    template = getFullyTemplatedClass(f.getDeclaringType()) and
+    isClassConstructedFrom(f.getDeclaringType(), template) and
     remaining = getNumberOfSupportedClassTemplateArguments(template) and
     result = getTypeNameWithoutFunctionTemplates(f, n, 0)
   )
@@ -574,7 +502,7 @@ private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining
   or
   exists(string mid, TypeTemplateParameter tp, Class template |
     mid = getTypeNameWithoutClassTemplates(f, n, remaining + 1) and
-    template = getFullyTemplatedClass(f.getDeclaringType()) and
+    isClassConstructedFrom(f.getDeclaringType(), template) and
     tp = getSupportedClassTemplateArgument(template, remaining)
   |
     result = mid.replaceAll(tp.getName(), "class:" + remaining.toString())

cpp/ql/lib/semmle/code/cpp/internal/ResolveClass.qll

@@ -1,5 +1,59 @@
 import semmle.code.cpp.Type
 
+/** For upgraded databases without mangled name info. */
+pragma[noinline]
+private string getTopLevelClassName(@usertype c) {
+  not mangled_name(_, _, _) and
+  isClass(c) and
+  usertypes(c, result, _) and
+  not namespacembrs(_, c) and // not in a namespace
+  not member(_, _, c) and // not in some structure
+  not class_instantiation(c, _) // not a template instantiation
+}
+
+/**
+ * For upgraded databases without mangled name info.
+ * Holds if `d` is a unique complete class named `name`.
+ */
+pragma[noinline]
+private predicate existsCompleteWithName(string name, @usertype d) {
+  not mangled_name(_, _, _) and
+  is_complete(d) and
+  name = getTopLevelClassName(d) and
+  onlyOneCompleteClassExistsWithName(name)
+}
+
+/** For upgraded databases without mangled name info. */
+pragma[noinline]
+private predicate onlyOneCompleteClassExistsWithName(string name) {
+  not mangled_name(_, _, _) and
+  strictcount(@usertype c | is_complete(c) and getTopLevelClassName(c) = name) = 1
+}
+
+/**
+ * For upgraded databases without mangled name info.
+ * Holds if `c` is an incomplete class named `name`.
+ */
+pragma[noinline]
+private predicate existsIncompleteWithName(string name, @usertype c) {
+  not mangled_name(_, _, _) and
+  not is_complete(c) and
+  name = getTopLevelClassName(c)
+}
+
+/**
+ * For upgraded databases without mangled name info.
+ * Holds if `c` is an incomplete class, and there exists a unique complete class `d`
+ * with the same name.
+ */
+private predicate oldHasCompleteTwin(@usertype c, @usertype d) {
+  not mangled_name(_, _, _) and
+  exists(string name |
+    existsIncompleteWithName(name, c) and
+    existsCompleteWithName(name, d)
+  )
+}
+
 pragma[noinline]
 private @mangledname getClassMangledName(@usertype c) {
   isClass(c) and
@@ -49,7 +103,10 @@ private module Cached {
   @usertype resolveClass(@usertype c) {
     hasCompleteTwin(c, result)
     or
+    oldHasCompleteTwin(c, result)
+    or
     not hasCompleteTwin(c, _) and
+    not oldHasCompleteTwin(c, _) and
     result = c
   }
 

cpp/ql/test/library-tests/dataflow/external-models/flow.expected

@@ -51,16 +51,13 @@ models
 | 50 | Summary: ; ; false; ymlStepGenerated; ; ; Argument[0]; ReturnValue; taint; df-generated |
 | 51 | Summary: ; ; false; ymlStepManual; ; ; Argument[0]; ReturnValue; taint; manual |
 | 52 | Summary: ; ; false; ymlStepManual_with_body; ; ; Argument[0]; ReturnValue; taint; manual |
-| 53 | Summary: ; TemplateClass1; true; templateFunction2<U,V>; (U,V); ; Argument[1]; ReturnValue; value; manual |
-| 54 | Summary: ; TemplateClass1<T>; false; templateFunction<U>; (T,U); ; Argument[0]; ReturnValue; value; manual |
-| 55 | Summary: ; TemplateClass2<T,U>; true; function; (U,T); ; Argument[1]; ReturnValue; value; manual |
-| 56 | Summary: Azure::Core::IO; BodyStream; true; Read; ; ; Argument[-1]; Argument[*0]; taint; manual |
-| 57 | Summary: Azure::Core::IO; BodyStream; true; ReadToCount; ; ; Argument[-1]; Argument[*0]; taint; manual |
-| 58 | Summary: Azure::Core::IO; BodyStream; true; ReadToEnd; ; ; Argument[-1]; ReturnValue.Element; taint; manual |
-| 59 | Summary: Azure; Nullable; true; Value; ; ; Argument[-1]; ReturnValue[*]; taint; manual |
-| 60 | Summary: boost::asio; ; false; buffer; ; ; Argument[*0]; ReturnValue; taint; manual |
+| 53 | Summary: Azure::Core::IO; BodyStream; true; Read; ; ; Argument[-1]; Argument[*0]; taint; manual |
+| 54 | Summary: Azure::Core::IO; BodyStream; true; ReadToCount; ; ; Argument[-1]; Argument[*0]; taint; manual |
+| 55 | Summary: Azure::Core::IO; BodyStream; true; ReadToEnd; ; ; Argument[-1]; ReturnValue.Element; taint; manual |
+| 56 | Summary: Azure; Nullable; true; Value; ; ; Argument[-1]; ReturnValue[*]; taint; manual |
+| 57 | Summary: boost::asio; ; false; buffer; ; ; Argument[*0]; ReturnValue; taint; manual |
 edges
-| asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | provenance | MaD:60 |
+| asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | provenance | MaD:57 |
 | asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:91:7:91:17 | recv_buffer | provenance | Src:MaD:32  |
 | asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:93:29:93:39 | *recv_buffer | provenance | Src:MaD:32 Sink:MaD:2 |
 | asio_streams.cpp:97:37:97:44 | call to source | asio_streams.cpp:98:7:98:14 | send_str | provenance | TaintFunction |
@@ -69,24 +66,24 @@ edges
 | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:101:7:101:17 | send_buffer | provenance |  |
 | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:2 |
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance |  |
-| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:60 |
-| azure.cpp:62:10:62:14 | [summary param] this in Value | azure.cpp:62:10:62:14 | [summary] to write: ReturnValue[*] in Value | provenance | MaD:59 |
-| azure.cpp:113:16:113:19 | [summary param] this in Read | azure.cpp:113:16:113:19 | [summary param] *0 in Read [Return] | provenance | MaD:56 |
-| azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | azure.cpp:114:16:114:26 | [summary param] *0 in ReadToCount [Return] | provenance | MaD:57 |
-| azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | provenance | MaD:58 |
+| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:57 |
+| azure.cpp:62:10:62:14 | [summary param] this in Value | azure.cpp:62:10:62:14 | [summary] to write: ReturnValue[*] in Value | provenance | MaD:56 |
+| azure.cpp:113:16:113:19 | [summary param] this in Read | azure.cpp:113:16:113:19 | [summary param] *0 in Read [Return] | provenance | MaD:53 |
+| azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | azure.cpp:114:16:114:26 | [summary param] *0 in ReadToCount [Return] | provenance | MaD:54 |
+| azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | provenance | MaD:55 |
 | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue in ReadToEnd [element] | provenance |  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:253:48:253:60 | *call to GetBodyStream | provenance | Src:MaD:29  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:257:5:257:8 | *resp | provenance |  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:262:5:262:8 | *resp | provenance |  |
 | azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:266:38:266:41 | *resp | provenance |  |
 | azure.cpp:257:5:257:8 | *resp | azure.cpp:113:16:113:19 | [summary param] this in Read | provenance |  |
-| azure.cpp:257:5:257:8 | *resp | azure.cpp:257:16:257:21 | Read output argument | provenance | MaD:56 |
+| azure.cpp:257:5:257:8 | *resp | azure.cpp:257:16:257:21 | Read output argument | provenance | MaD:53 |
 | azure.cpp:257:16:257:21 | Read output argument | azure.cpp:258:10:258:16 | * ... | provenance |  |
 | azure.cpp:262:5:262:8 | *resp | azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | provenance |  |
-| azure.cpp:262:5:262:8 | *resp | azure.cpp:262:23:262:28 | ReadToCount output argument | provenance | MaD:57 |
+| azure.cpp:262:5:262:8 | *resp | azure.cpp:262:23:262:28 | ReadToCount output argument | provenance | MaD:54 |
 | azure.cpp:262:23:262:28 | ReadToCount output argument | azure.cpp:263:10:263:16 | * ... | provenance |  |
 | azure.cpp:266:38:266:41 | *resp | azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | provenance |  |
-| azure.cpp:266:38:266:41 | *resp | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance | MaD:58 |
+| azure.cpp:266:38:266:41 | *resp | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance | MaD:55 |
 | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance |  |
 | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | azure.cpp:267:10:267:12 | vec [element] | provenance |  |
 | azure.cpp:267:10:267:12 | vec [element] | azure.cpp:267:10:267:12 | vec | provenance |  |
@@ -103,11 +100,11 @@ edges
 | azure.cpp:281:68:281:84 | *call to ExtractBodyStream | azure.cpp:281:68:281:84 | *call to ExtractBodyStream | provenance | Src:MaD:26  |
 | azure.cpp:281:68:281:84 | *call to ExtractBodyStream | azure.cpp:282:21:282:23 | *call to get | provenance |  |
 | azure.cpp:282:21:282:23 | *call to get | azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | provenance |  |
-| azure.cpp:282:21:282:23 | *call to get | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance | MaD:58 |
+| azure.cpp:282:21:282:23 | *call to get | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance | MaD:55 |
 | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | azure.cpp:282:10:282:38 | call to ReadToEnd | provenance |  |
 | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance |  |
 | azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:62:10:62:14 | [summary param] this in Value | provenance |  |
-| azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:289:63:289:65 | call to Value | provenance | MaD:59 |
+| azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:289:63:289:65 | call to Value | provenance | MaD:56 |
 | azure.cpp:289:32:289:40 | call to GetHeader | azure.cpp:289:24:289:56 | call to GetHeader | provenance |  |
 | azure.cpp:289:32:289:40 | call to GetHeader | azure.cpp:289:32:289:40 | call to GetHeader | provenance | Src:MaD:30  |
 | azure.cpp:289:63:289:65 | call to Value | azure.cpp:289:63:289:65 | call to Value | provenance |  |
@@ -183,39 +180,6 @@ edges
 | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | test.cpp:119:10:119:11 | y2 | provenance | Sink:MaD:1 |
 | test.cpp:118:44:118:44 | *x | test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | provenance |  |
 | test.cpp:118:44:118:44 | *x | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | provenance | MaD:48 |
-| test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | test.cpp:125:5:125:20 | [summary] to write: ReturnValue in templateFunction | provenance | MaD:54 |
-| test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | test.cpp:128:5:128:21 | [summary] to write: ReturnValue in templateFunction2 | provenance | MaD:53 |
-| test.cpp:133:10:133:18 | call to ymlSource | test.cpp:133:10:133:18 | call to ymlSource | provenance | Src:MaD:25  |
-| test.cpp:133:10:133:18 | call to ymlSource | test.cpp:134:45:134:45 | x | provenance |  |
-| test.cpp:134:13:134:43 | call to templateFunction | test.cpp:134:13:134:43 | call to templateFunction | provenance |  |
-| test.cpp:134:13:134:43 | call to templateFunction | test.cpp:135:10:135:10 | y | provenance | Sink:MaD:1 |
-| test.cpp:134:45:134:45 | x | test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | provenance |  |
-| test.cpp:134:45:134:45 | x | test.cpp:134:13:134:43 | call to templateFunction | provenance | MaD:54 |
-| test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | provenance | MaD:55 |
-| test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | provenance | MaD:55 |
-| test.cpp:146:10:146:18 | call to ymlSource | test.cpp:146:10:146:18 | call to ymlSource | provenance | Src:MaD:25  |
-| test.cpp:146:10:146:18 | call to ymlSource | test.cpp:148:26:148:26 | x | provenance |  |
-| test.cpp:148:10:148:27 | call to function | test.cpp:148:10:148:27 | call to function | provenance |  |
-| test.cpp:148:10:148:27 | call to function | test.cpp:149:10:149:10 | z | provenance | Sink:MaD:1 |
-| test.cpp:148:26:148:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | provenance |  |
-| test.cpp:148:26:148:26 | x | test.cpp:148:10:148:27 | call to function | provenance | MaD:55 |
-| test.cpp:155:10:155:18 | call to ymlSource | test.cpp:155:10:155:18 | call to ymlSource | provenance | Src:MaD:25  |
-| test.cpp:155:10:155:18 | call to ymlSource | test.cpp:157:26:157:26 | x | provenance |  |
-| test.cpp:157:13:157:20 | call to function | test.cpp:157:13:157:20 | call to function | provenance |  |
-| test.cpp:157:13:157:20 | call to function | test.cpp:158:10:158:10 | z | provenance | Sink:MaD:1 |
-| test.cpp:157:26:157:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | provenance |  |
-| test.cpp:157:26:157:26 | x | test.cpp:157:13:157:20 | call to function | provenance | MaD:55 |
-| test.cpp:164:34:164:34 | x | test.cpp:165:69:165:69 | x | provenance |  |
-| test.cpp:165:12:165:64 | call to templateFunction2 | test.cpp:164:7:164:7 | *templateFunction3 | provenance |  |
-| test.cpp:165:12:165:64 | call to templateFunction2 | test.cpp:165:12:165:64 | call to templateFunction2 | provenance |  |
-| test.cpp:165:69:165:69 | x | test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | provenance |  |
-| test.cpp:165:69:165:69 | x | test.cpp:165:12:165:64 | call to templateFunction2 | provenance | MaD:53 |
-| test.cpp:170:10:170:18 | call to ymlSource | test.cpp:170:10:170:18 | call to ymlSource | provenance | Src:MaD:25  |
-| test.cpp:170:10:170:18 | call to ymlSource | test.cpp:172:51:172:51 | x | provenance |  |
-| test.cpp:172:13:172:44 | call to templateFunction3 | test.cpp:172:13:172:44 | call to templateFunction3 | provenance |  |
-| test.cpp:172:13:172:44 | call to templateFunction3 | test.cpp:173:10:173:10 | y | provenance | Sink:MaD:1 |
-| test.cpp:172:51:172:51 | x | test.cpp:164:34:164:34 | x | provenance |  |
-| test.cpp:172:51:172:51 | x | test.cpp:172:13:172:44 | call to templateFunction3 | provenance | MaD:53 |
 | windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | provenance | MaD:33 |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:22:15:22:29 | *call to GetCommandLineA | provenance | Src:MaD:3  |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:24:8:24:11 | * ... | provenance |  |
@@ -519,43 +483,6 @@ nodes
 | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | semmle.label | call to callWithNonTypeTemplate |
 | test.cpp:118:44:118:44 | *x | semmle.label | *x |
 | test.cpp:119:10:119:11 | y2 | semmle.label | y2 |
-| test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | semmle.label | [summary param] 0 in templateFunction |
-| test.cpp:125:5:125:20 | [summary] to write: ReturnValue in templateFunction | semmle.label | [summary] to write: ReturnValue in templateFunction |
-| test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | semmle.label | [summary param] 1 in templateFunction2 |
-| test.cpp:128:5:128:21 | [summary] to write: ReturnValue in templateFunction2 | semmle.label | [summary] to write: ReturnValue in templateFunction2 |
-| test.cpp:133:10:133:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:133:10:133:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:134:13:134:43 | call to templateFunction | semmle.label | call to templateFunction |
-| test.cpp:134:13:134:43 | call to templateFunction | semmle.label | call to templateFunction |
-| test.cpp:134:45:134:45 | x | semmle.label | x |
-| test.cpp:135:10:135:10 | y | semmle.label | y |
-| test.cpp:140:4:140:11 | [summary param] 1 in function | semmle.label | [summary param] 1 in function |
-| test.cpp:140:4:140:11 | [summary param] 1 in function | semmle.label | [summary param] 1 in function |
-| test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | semmle.label | [summary] to write: ReturnValue in function |
-| test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | semmle.label | [summary] to write: ReturnValue in function |
-| test.cpp:146:10:146:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:146:10:146:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:148:10:148:27 | call to function | semmle.label | call to function |
-| test.cpp:148:10:148:27 | call to function | semmle.label | call to function |
-| test.cpp:148:26:148:26 | x | semmle.label | x |
-| test.cpp:149:10:149:10 | z | semmle.label | z |
-| test.cpp:155:10:155:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:155:10:155:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:157:13:157:20 | call to function | semmle.label | call to function |
-| test.cpp:157:13:157:20 | call to function | semmle.label | call to function |
-| test.cpp:157:26:157:26 | x | semmle.label | x |
-| test.cpp:158:10:158:10 | z | semmle.label | z |
-| test.cpp:164:7:164:7 | *templateFunction3 | semmle.label | *templateFunction3 |
-| test.cpp:164:34:164:34 | x | semmle.label | x |
-| test.cpp:165:12:165:64 | call to templateFunction2 | semmle.label | call to templateFunction2 |
-| test.cpp:165:12:165:64 | call to templateFunction2 | semmle.label | call to templateFunction2 |
-| test.cpp:165:69:165:69 | x | semmle.label | x |
-| test.cpp:170:10:170:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:170:10:170:18 | call to ymlSource | semmle.label | call to ymlSource |
-| test.cpp:172:13:172:44 | call to templateFunction3 | semmle.label | call to templateFunction3 |
-| test.cpp:172:13:172:44 | call to templateFunction3 | semmle.label | call to templateFunction3 |
-| test.cpp:172:51:172:51 | x | semmle.label | x |
-| test.cpp:173:10:173:10 | y | semmle.label | y |
 | windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | semmle.label | [summary param] *0 in CommandLineToArgvA |
 | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | semmle.label | [summary] to write: ReturnValue[**] in CommandLineToArgvA |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | semmle.label | *call to GetCommandLineA |
@@ -761,11 +688,6 @@ subpaths
 | test.cpp:25:35:25:35 | x | test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | test.cpp:6:5:6:27 | [summary] to write: ReturnValue in ymlStepManual_with_body | test.cpp:25:11:25:33 | call to ymlStepManual_with_body |
 | test.cpp:32:41:32:41 | x | test.cpp:7:47:7:52 | value2 | test.cpp:7:5:7:30 | *ymlStepGenerated_with_body | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body |
 | test.cpp:118:44:118:44 | *x | test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | test.cpp:111:3:111:25 | [summary] to write: ReturnValue in callWithNonTypeTemplate | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate |
-| test.cpp:134:45:134:45 | x | test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | test.cpp:125:5:125:20 | [summary] to write: ReturnValue in templateFunction | test.cpp:134:13:134:43 | call to templateFunction |
-| test.cpp:148:26:148:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | test.cpp:148:10:148:27 | call to function |
-| test.cpp:157:26:157:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | test.cpp:157:13:157:20 | call to function |
-| test.cpp:165:69:165:69 | x | test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | test.cpp:128:5:128:21 | [summary] to write: ReturnValue in templateFunction2 | test.cpp:165:12:165:64 | call to templateFunction2 |
-| test.cpp:172:51:172:51 | x | test.cpp:164:34:164:34 | x | test.cpp:164:7:164:7 | *templateFunction3 | test.cpp:172:13:172:44 | call to templateFunction3 |
 | windows.cpp:27:36:27:38 | *cmd | windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | windows.cpp:27:17:27:34 | **call to CommandLineToArgvA |
 | windows.cpp:537:40:537:41 | *& ... | windows.cpp:473:17:473:37 | [summary param] *1 in RtlCopyVolatileMemory | windows.cpp:473:17:473:37 | [summary param] *0 in RtlCopyVolatileMemory [Return] | windows.cpp:537:27:537:37 | RtlCopyVolatileMemory output argument |
 | windows.cpp:542:38:542:39 | *& ... | windows.cpp:479:17:479:35 | [summary param] *1 in RtlCopyDeviceMemory | windows.cpp:479:17:479:35 | [summary param] *0 in RtlCopyDeviceMemory [Return] | windows.cpp:542:25:542:35 | RtlCopyDeviceMemory output argument |

cpp/ql/test/library-tests/dataflow/external-models/flow.ext.yml

@@ -18,7 +18,4 @@ extensions:
       - ["", "", False, "ymlStepManual_with_body", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["", "", False, "ymlStepGenerated_with_body", "", "", "Argument[0]", "ReturnValue", "taint", "df-generated"]
       - ["", "", False, "callWithArgument", "", "", "Argument[1]", "Argument[0].Parameter[0]", "value", "manual"]
-      - ["", "", False, "callWithNonTypeTemplate<T>", "(const T &)", "", "Argument[*0]", "ReturnValue", "value", "manual"]
-      - ["", "TemplateClass1<T>", False, "templateFunction<U>", "(T,U)", "", "Argument[0]", "ReturnValue", "value", "manual"]
-      - ["", "TemplateClass1", True, "templateFunction2<U,V>", "(U,V)", "", "Argument[1]", "ReturnValue", "value", "manual"]
-      - ["", "TemplateClass2<T,U>", True, "function", "(U,T)", "", "Argument[1]", "ReturnValue", "value", "manual"]
+      - ["", "", False, "callWithNonTypeTemplate<T>", "(const T &)", "", "Argument[*0]", "ReturnValue", "value", "manual"]

cpp/ql/test/library-tests/dataflow/external-models/sinks.expected

@@ -15,7 +15,3 @@
 | test.cpp:89:11:89:11 | y | test-sink |
 | test.cpp:116:10:116:11 | y1 | test-sink |
 | test.cpp:119:10:119:11 | y2 | test-sink |
-| test.cpp:135:10:135:10 | y | test-sink |
-| test.cpp:149:10:149:10 | z | test-sink |
-| test.cpp:158:10:158:10 | z | test-sink |
-| test.cpp:173:10:173:10 | y | test-sink |

cpp/ql/test/library-tests/dataflow/external-models/sources.expected

@@ -9,10 +9,6 @@
 | test.cpp:56:8:56:16 | call to ymlSource | local |
 | test.cpp:94:10:94:18 | call to ymlSource | local |
 | test.cpp:114:10:114:18 | call to ymlSource | local |
-| test.cpp:133:10:133:18 | call to ymlSource | local |
-| test.cpp:146:10:146:18 | call to ymlSource | local |
-| test.cpp:155:10:155:18 | call to ymlSource | local |
-| test.cpp:170:10:170:18 | call to ymlSource | local |
 | windows.cpp:22:15:22:29 | *call to GetCommandLineA | local |
 | windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | local |
 | windows.cpp:39:36:39:38 | GetEnvironmentVariableA output argument | local |

cpp/ql/test/library-tests/dataflow/external-models/test.cpp

@@ -118,57 +118,3 @@ void test_callWithNonTypeTemplate() {
 	int y2 = callWithNonTypeTemplate<int, 10>(x);
 	ymlSink(y2); // $ ir
 }
-
-template<class T>
-struct TemplateClass1 {
-  template<class U>
-  U templateFunction(T, U);
-
-	template<class U, class V>
-  V templateFunction2(U, V);
-};
-
-void test_template_function_in_template_class() {
-	TemplateClass1<int> b;
-	int x = ymlSource();
-	auto y = b.templateFunction<unsigned long>(x, 0UL);
-	ymlSink(y); // $ ir
-}
-
-template<class S, class T>
-struct TemplateClass2 {
-	T function(T, S);
-};
-
-template<class V> using PartialInstantiationOfTemplateClass2 = TemplateClass2<int, V>;
-
-void test_partial_class_instantiation() {
-	int x = ymlSource();
-	PartialInstantiationOfTemplateClass2<unsigned long> y;
-	int z = y.function(0UL, x);
-	ymlSink(z); // $ ir
-}
-
-template<class V> struct DeriveFromFromPartialTemplateInstantiation : TemplateClass2<int, V> { };
-
-void test_inheritance() {
-	int x = ymlSource();
-	DeriveFromFromPartialTemplateInstantiation<long> y;
-	auto z = y.function(0L, x);
-	ymlSink(z); // $ ir
-}
-
-template<class T>
-struct Class1 : TemplateClass1<T> {
-  template<class U>
-  int templateFunction3(U u, int x) {
-    return TemplateClass1<T>::template templateFunction2<U, int>(u, x);
-  }
-};
-
-void test_class1() {
-	int x = ymlSource();
-	Class1<int> c;
-	auto y = c.templateFunction3<unsigned long>(0UL, x);
-	ymlSink(y); // $ ir
-}

cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected

@@ -27383,55 +27383,54 @@ getParameterTypeName
 | stl.h:91:24:91:33 | operator++ | 0 | int |
 | stl.h:95:44:95:44 | back_inserter | 0 | func:0 & |
 | stl.h:95:44:95:44 | back_inserter | 0 | func:0 & |
-| stl.h:147:12:147:23 | basic_string | 0 | const class:2 & |
-| stl.h:148:3:148:14 | basic_string | 0 | const class:0 * |
-| stl.h:148:3:148:14 | basic_string | 1 | const class:2 & |
-| stl.h:149:33:149:44 | basic_string | 0 | func:0 |
-| stl.h:149:33:149:44 | basic_string | 1 | func:0 |
-| stl.h:149:33:149:44 | basic_string | 2 | const class:2 & |
-| stl.h:165:8:165:16 | push_back | 0 | class:0 |
+| stl.h:148:3:148:14 | basic_string | 0 | const class:2 & |
+| stl.h:149:33:149:44 | basic_string | 0 | const class:0 * |
+| stl.h:149:33:149:44 | basic_string | 1 | const class:2 & |
+| stl.h:151:16:151:20 | c_str | 0 | func:0 |
+| stl.h:151:16:151:20 | c_str | 1 | func:0 |
+| stl.h:151:16:151:20 | c_str | 2 | const class:2 & |
 | stl.h:173:13:173:22 | operator[] | 0 | size_type |
 | stl.h:175:13:175:14 | at | 0 | size_type |
-| stl.h:176:35:176:44 | operator+= | 0 | const func:0 & |
-| stl.h:176:35:176:44 | operator+= | 0 | const func:0 & |
-| stl.h:177:17:177:26 | operator+= | 0 | const class:0 * |
-| stl.h:178:17:178:22 | append | 0 | const basic_string & |
-| stl.h:179:17:179:22 | append | 0 | const class:0 * |
-| stl.h:180:17:180:22 | append | 0 | size_type |
-| stl.h:180:17:180:22 | append | 1 | class:0 |
-| stl.h:181:47:181:52 | append | 0 | func:0 |
-| stl.h:181:47:181:52 | append | 1 | func:0 |
-| stl.h:182:17:182:22 | assign | 0 | const basic_string & |
-| stl.h:183:17:183:22 | assign | 0 | size_type |
-| stl.h:183:17:183:22 | assign | 1 | class:0 |
-| stl.h:184:47:184:52 | assign | 0 | func:0 |
-| stl.h:184:47:184:52 | assign | 1 | func:0 |
-| stl.h:185:17:185:22 | insert | 0 | size_type |
-| stl.h:185:17:185:22 | insert | 1 | const basic_string & |
+| stl.h:176:35:176:44 | operator+= | 0 | size_type |
+| stl.h:176:35:176:44 | operator+= | 0 | size_type |
+| stl.h:177:17:177:26 | operator+= | 0 | const func:0 & |
+| stl.h:178:17:178:22 | append | 0 | const class:0 * |
+| stl.h:179:17:179:22 | append | 0 | const basic_string & |
+| stl.h:180:17:180:22 | append | 0 | const class:0 * |
+| stl.h:181:47:181:52 | append | 0 | size_type |
+| stl.h:181:47:181:52 | append | 1 | class:0 |
+| stl.h:182:17:182:22 | assign | 0 | func:0 |
+| stl.h:182:17:182:22 | assign | 1 | func:0 |
+| stl.h:183:17:183:22 | assign | 0 | const basic_string & |
+| stl.h:184:47:184:52 | assign | 0 | size_type |
+| stl.h:184:47:184:52 | assign | 1 | class:0 |
+| stl.h:185:17:185:22 | insert | 0 | func:0 |
+| stl.h:185:17:185:22 | insert | 1 | func:0 |
 | stl.h:186:17:186:22 | insert | 0 | size_type |
-| stl.h:186:17:186:22 | insert | 1 | size_type |
-| stl.h:186:17:186:22 | insert | 2 | class:0 |
+| stl.h:186:17:186:22 | insert | 1 | const basic_string & |
 | stl.h:187:17:187:22 | insert | 0 | size_type |
-| stl.h:187:17:187:22 | insert | 1 | const class:0 * |
-| stl.h:188:12:188:17 | insert | 0 | const_iterator |
-| stl.h:188:12:188:17 | insert | 1 | size_type |
-| stl.h:188:12:188:17 | insert | 2 | class:0 |
+| stl.h:187:17:187:22 | insert | 1 | size_type |
+| stl.h:187:17:187:22 | insert | 2 | class:0 |
+| stl.h:188:12:188:17 | insert | 0 | size_type |
+| stl.h:188:12:188:17 | insert | 1 | const class:0 * |
 | stl.h:189:42:189:47 | insert | 0 | const_iterator |
-| stl.h:189:42:189:47 | insert | 1 | func:0 |
-| stl.h:189:42:189:47 | insert | 2 | func:0 |
-| stl.h:190:17:190:23 | replace | 0 | size_type |
-| stl.h:190:17:190:23 | replace | 1 | size_type |
-| stl.h:190:17:190:23 | replace | 2 | const basic_string & |
+| stl.h:189:42:189:47 | insert | 1 | size_type |
+| stl.h:189:42:189:47 | insert | 2 | class:0 |
+| stl.h:190:17:190:23 | replace | 0 | const_iterator |
+| stl.h:190:17:190:23 | replace | 1 | func:0 |
+| stl.h:190:17:190:23 | replace | 2 | func:0 |
 | stl.h:191:17:191:23 | replace | 0 | size_type |
 | stl.h:191:17:191:23 | replace | 1 | size_type |
-| stl.h:191:17:191:23 | replace | 2 | size_type |
-| stl.h:191:17:191:23 | replace | 3 | class:0 |
-| stl.h:192:13:192:16 | copy | 0 | class:0 * |
+| stl.h:191:17:191:23 | replace | 2 | const basic_string & |
+| stl.h:192:13:192:16 | copy | 0 | size_type |
 | stl.h:192:13:192:16 | copy | 1 | size_type |
 | stl.h:192:13:192:16 | copy | 2 | size_type |
-| stl.h:194:16:194:21 | substr | 0 | size_type |
-| stl.h:194:16:194:21 | substr | 1 | size_type |
-| stl.h:195:8:195:11 | swap | 0 | basic_string & |
+| stl.h:192:13:192:16 | copy | 3 | class:0 |
+| stl.h:193:8:193:12 | clear | 0 | class:0 * |
+| stl.h:193:8:193:12 | clear | 1 | size_type |
+| stl.h:193:8:193:12 | clear | 2 | size_type |
+| stl.h:195:8:195:11 | swap | 0 | size_type |
+| stl.h:195:8:195:11 | swap | 1 | size_type |
 | stl.h:198:94:198:102 | operator+ | 0 | const basic_string & |
 | stl.h:198:94:198:102 | operator+ | 1 | const basic_string & |
 | stl.h:199:94:199:102 | operator+ | 0 | const basic_string & |

cpp/ql/test/library-tests/friends/loop/friends.expected

@@ -1,14 +1,14 @@
+| file://:0:0:0:0 | E<C>'s friend | loop.cpp:5:26:5:26 | E<D> |
 | file://:0:0:0:0 | E<C>'s friend | loop.cpp:5:26:5:26 | E<T> |
-| file://:0:0:0:0 | E<C>'s friend | loop.cpp:5:26:5:29 | E<D> |
+| file://:0:0:0:0 | E<C>'s friend | loop.cpp:10:26:10:26 | F<D> |
 | file://:0:0:0:0 | E<C>'s friend | loop.cpp:10:26:10:26 | F<T> |
-| file://:0:0:0:0 | E<C>'s friend | loop.cpp:10:26:10:29 | F<D> |
+| file://:0:0:0:0 | E<D>'s friend | loop.cpp:5:26:5:26 | E<C> |
 | file://:0:0:0:0 | E<D>'s friend | loop.cpp:5:26:5:26 | E<T> |
-| file://:0:0:0:0 | E<D>'s friend | loop.cpp:5:26:5:29 | E<C> |
+| file://:0:0:0:0 | E<D>'s friend | loop.cpp:10:26:10:26 | F<D> |
 | file://:0:0:0:0 | E<D>'s friend | loop.cpp:10:26:10:26 | F<T> |
-| file://:0:0:0:0 | E<D>'s friend | loop.cpp:10:26:10:29 | F<D> |
+| file://:0:0:0:0 | F<D>'s friend | loop.cpp:5:26:5:26 | E<C> |
+| file://:0:0:0:0 | F<D>'s friend | loop.cpp:5:26:5:26 | E<D> |
 | file://:0:0:0:0 | F<D>'s friend | loop.cpp:5:26:5:26 | E<T> |
-| file://:0:0:0:0 | F<D>'s friend | loop.cpp:5:26:5:29 | E<C> |
-| file://:0:0:0:0 | F<D>'s friend | loop.cpp:5:26:5:29 | E<D> |
 | loop.cpp:6:5:6:5 | E<T>'s friend | loop.cpp:5:26:5:26 | E<T> |
 | loop.cpp:7:5:7:5 | E<T>'s friend | loop.cpp:7:36:7:36 | F<U> |
 | loop.cpp:11:5:11:5 | F<T>'s friend | loop.cpp:11:36:11:36 | E<U> |

csharp/extractor/Semmle.Extraction.CSharp/CodeAnalysisExtensions/SymbolExtensions.cs

@@ -664,7 +664,7 @@ namespace Semmle.Extraction.CSharp
                 // Find the (possibly unbound) original extension method that maps to this implementation (if any).
                 var unboundDeclaration = extensions.SelectMany(e => e.GetMembers())
                     .OfType<IMethodSymbol>()
-                    .FirstOrDefault(m => SymbolEqualityComparer.Default.Equals(m.AssociatedExtensionImplementation?.ConstructedFrom, method.ConstructedFrom));
+                    .FirstOrDefault(m => SymbolEqualityComparer.Default.Equals(m.AssociatedExtensionImplementation, method.ConstructedFrom));
 
                 var isFullyConstructed = method.IsBoundGenericMethod();
                 if (isFullyConstructed && unboundDeclaration?.ContainingType is INamedTypeSymbol extensionType)

csharp/extractor/Semmle.Extraction.CSharp/Entities/Accessor.cs

@@ -69,7 +69,6 @@ namespace Semmle.Extraction.CSharp.Entities
             }
 
             Overrides(trapFile);
-            ExtractRefReturn(trapFile, Symbol, this);
 
             if (Symbol.FromSource() && !HasBody)
             {

csharp/paket.dependencies

@@ -4,7 +4,7 @@ source https://api.nuget.org/v3/index.json
 # behave like nuget in choosing transitive dependency versions
 strategy: max
 
-nuget Basic.CompilerLog.Util 0.9.39
+nuget Basic.CompilerLog.Util 0.9.25
 nuget Mono.Posix.NETStandard
 nuget Newtonsoft.Json
 nuget NuGet.Versioning
@@ -12,7 +12,7 @@ nuget xunit
 nuget xunit.runner.visualstudio
 nuget xunit.runner.utility
 nuget Microsoft.NET.Test.Sdk
-nuget Microsoft.CodeAnalysis.CSharp 5.3.0
-nuget Microsoft.CodeAnalysis 5.3.0
-nuget Microsoft.Build 18.6.3
+nuget Microsoft.CodeAnalysis.CSharp 5.0.0
+nuget Microsoft.CodeAnalysis 5.0.0
+nuget Microsoft.Build 18.0.2
 nuget Microsoft.VisualStudio.SolutionPersistence

csharp/paket.lock

@@ -3,42 +3,45 @@ STRATEGY: MAX
 RESTRICTION: == net10.0
 NUGET
   remote: https://api.nuget.org/v3/index.json
-    Basic.CompilerLog.Util (0.9.39)
+    Basic.CompilerLog.Util (0.9.25)
       MessagePack (>= 3.1.4)
-      Microsoft.Bcl.Memory (>= 10.0.7)
+      Microsoft.Bcl.Memory (>= 9.0.10)
       Microsoft.CodeAnalysis (>= 4.8)
       Microsoft.CodeAnalysis.CSharp (>= 4.8)
       Microsoft.CodeAnalysis.VisualBasic (>= 4.8)
-      Microsoft.Extensions.ObjectPool (>= 10.0.7)
-      MSBuild.StructuredLogger (>= 2.3.178)
+      Microsoft.Extensions.ObjectPool (>= 9.0.10)
+      MSBuild.StructuredLogger (>= 2.3.71)
+      NaturalSort.Extension (>= 4.4)
+      NuGet.Versioning (>= 6.14)
     Humanizer.Core (3.0.10)
-    MessagePack (3.1.6)
-      MessagePack.Annotations (>= 3.1.6)
-      MessagePackAnalyzer (>= 3.1.6)
+    MessagePack (3.1.4)
+      MessagePack.Annotations (>= 3.1.4)
+      MessagePackAnalyzer (>= 3.1.4)
       Microsoft.NET.StringTools (>= 17.11.4)
-    MessagePack.Annotations (3.1.6)
-    MessagePackAnalyzer (3.1.6)
+    MessagePack.Annotations (3.1.4)
+    MessagePackAnalyzer (3.1.4)
     Microsoft.Bcl.AsyncInterfaces (10.0.8)
     Microsoft.Bcl.Memory (10.0.8)
-    Microsoft.Build (18.6.3)
-      Microsoft.Build.Framework (>= 18.6.3)
-      System.Configuration.ConfigurationManager (>= 10.0.3)
-      System.Diagnostics.EventLog (>= 10.0.3)
-      System.Reflection.MetadataLoadContext (>= 10.0.3)
-      System.Security.Cryptography.ProtectedData (>= 10.0.3)
-    Microsoft.Build.Framework (18.6.3)
-      Microsoft.NET.StringTools (>= 18.6.3)
-    Microsoft.Build.Utilities.Core (18.6.3)
-      Microsoft.Build.Framework (>= 18.6.3)
-      System.Configuration.ConfigurationManager (>= 10.0.3)
-      System.Diagnostics.EventLog (>= 10.0.3)
-      System.Security.Cryptography.ProtectedData (>= 10.0.3)
-    Microsoft.CodeAnalysis (5.3)
+    Microsoft.Build (18.0.2)
+      Microsoft.Build.Framework (>= 18.0.2)
+      Microsoft.NET.StringTools (>= 18.0.2)
+      System.Configuration.ConfigurationManager (>= 9.0)
+      System.Diagnostics.EventLog (>= 9.0)
+      System.Reflection.MetadataLoadContext (>= 9.0)
+      System.Security.Cryptography.ProtectedData (>= 9.0.6)
+    Microsoft.Build.Framework (18.4)
+    Microsoft.Build.Utilities.Core (18.4)
+      Microsoft.Build.Framework (>= 18.4)
+      Microsoft.NET.StringTools (>= 18.4)
+      System.Configuration.ConfigurationManager (>= 10.0.1)
+      System.Diagnostics.EventLog (>= 10.0.1)
+      System.Security.Cryptography.ProtectedData (>= 10.0.1)
+    Microsoft.CodeAnalysis (5.0)
       Humanizer.Core (>= 2.14.1)
       Microsoft.Bcl.AsyncInterfaces (>= 9.0)
-      Microsoft.CodeAnalysis.Analyzers (>= 5.3.0-2.25625.1)
-      Microsoft.CodeAnalysis.CSharp.Workspaces (5.3)
-      Microsoft.CodeAnalysis.VisualBasic.Workspaces (5.3)
+      Microsoft.CodeAnalysis.Analyzers (>= 3.11)
+      Microsoft.CodeAnalysis.CSharp.Workspaces (5.0)
+      Microsoft.CodeAnalysis.VisualBasic.Workspaces (5.0)
       System.Buffers (>= 4.6)
       System.Collections.Immutable (>= 9.0)
       System.Composition (>= 9.0)
@@ -51,36 +54,36 @@ NUGET
       System.Threading.Channels (>= 8.0)
       System.Threading.Tasks.Extensions (>= 4.6)
     Microsoft.CodeAnalysis.Analyzers (5.3)
-    Microsoft.CodeAnalysis.Common (5.3)
-      Microsoft.CodeAnalysis.Analyzers (>= 5.3.0-2.25625.1)
-    Microsoft.CodeAnalysis.CSharp (5.3)
-      Microsoft.CodeAnalysis.Analyzers (>= 5.3.0-2.25625.1)
-      Microsoft.CodeAnalysis.Common (5.3)
-    Microsoft.CodeAnalysis.CSharp.Workspaces (5.3)
+    Microsoft.CodeAnalysis.Common (5.0)
+      Microsoft.CodeAnalysis.Analyzers (>= 3.11)
+    Microsoft.CodeAnalysis.CSharp (5.0)
+      Microsoft.CodeAnalysis.Analyzers (>= 3.11)
+      Microsoft.CodeAnalysis.Common (5.0)
+    Microsoft.CodeAnalysis.CSharp.Workspaces (5.0)
       Humanizer.Core (>= 2.14.1)
-      Microsoft.CodeAnalysis.Analyzers (>= 5.3.0-2.25625.1)
-      Microsoft.CodeAnalysis.Common (5.3)
-      Microsoft.CodeAnalysis.CSharp (5.3)
-      Microsoft.CodeAnalysis.Workspaces.Common (5.3)
+      Microsoft.CodeAnalysis.Analyzers (>= 3.11)
+      Microsoft.CodeAnalysis.Common (5.0)
+      Microsoft.CodeAnalysis.CSharp (5.0)
+      Microsoft.CodeAnalysis.Workspaces.Common (5.0)
       System.Composition (>= 9.0)
-    Microsoft.CodeAnalysis.VisualBasic (5.3)
-      Microsoft.CodeAnalysis.Analyzers (>= 5.3.0-2.25625.1)
-      Microsoft.CodeAnalysis.Common (5.3)
-    Microsoft.CodeAnalysis.VisualBasic.Workspaces (5.3)
+    Microsoft.CodeAnalysis.VisualBasic (5.0)
+      Microsoft.CodeAnalysis.Analyzers (>= 3.11)
+      Microsoft.CodeAnalysis.Common (5.0)
+    Microsoft.CodeAnalysis.VisualBasic.Workspaces (5.0)
       Humanizer.Core (>= 2.14.1)
-      Microsoft.CodeAnalysis.Analyzers (>= 5.3.0-2.25625.1)
-      Microsoft.CodeAnalysis.Common (5.3)
-      Microsoft.CodeAnalysis.VisualBasic (5.3)
-      Microsoft.CodeAnalysis.Workspaces.Common (5.3)
+      Microsoft.CodeAnalysis.Analyzers (>= 3.11)
+      Microsoft.CodeAnalysis.Common (5.0)
+      Microsoft.CodeAnalysis.VisualBasic (5.0)
+      Microsoft.CodeAnalysis.Workspaces.Common (5.0)
       System.Composition (>= 9.0)
-    Microsoft.CodeAnalysis.Workspaces.Common (5.3)
+    Microsoft.CodeAnalysis.Workspaces.Common (5.0)
       Humanizer.Core (>= 2.14.1)
-      Microsoft.CodeAnalysis.Analyzers (>= 5.3.0-2.25625.1)
-      Microsoft.CodeAnalysis.Common (5.3)
+      Microsoft.CodeAnalysis.Analyzers (>= 3.11)
+      Microsoft.CodeAnalysis.Common (5.0)
       System.Composition (>= 9.0)
     Microsoft.CodeCoverage (18.5.1)
     Microsoft.Extensions.ObjectPool (10.0.8)
-    Microsoft.NET.StringTools (18.6.3)
+    Microsoft.NET.StringTools (18.4)
     Microsoft.NET.Test.Sdk (18.5.1)
       Microsoft.CodeCoverage (>= 18.5.1)
       Microsoft.TestPlatform.TestHost (>= 18.5.1)
@@ -94,6 +97,7 @@ NUGET
     MSBuild.StructuredLogger (2.3.204)
       Microsoft.Build.Framework (>= 17.5)
       Microsoft.Build.Utilities.Core (>= 17.5)
+    NaturalSort.Extension (4.4.1)
     Newtonsoft.Json (13.0.4)
     NuGet.Versioning (7.6)
     System.Buffers (4.6.1)

csharp/ql/integration-tests/posix/standalone_dependencies_executing_runtime/Assemblies.expected

@@ -22,6 +22,7 @@
 | [...]/csharp/tools/[...]/Microsoft.Win32.Primitives.dll |
 | [...]/csharp/tools/[...]/Microsoft.Win32.Registry.dll |
 | [...]/csharp/tools/[...]/Mono.Posix.NETStandard.dll |
+| [...]/csharp/tools/[...]/NaturalSort.Extension.dll |
 | [...]/csharp/tools/[...]/Newtonsoft.Json.dll |
 | [...]/csharp/tools/[...]/NuGet.Versioning.dll |
 | [...]/csharp/tools/[...]/StructuredLogger.dll |

csharp/ql/lib/change-notes/2026-05-19-properties-indexers-refreturn.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Improved call target resolution for ref-return properties and indexers.

csharp/ql/lib/semmle/code/csharp/exprs/Call.qll

@@ -766,16 +766,7 @@ class PropertyCall extends AccessorCall, PropertyAccessExpr {
   }
 
   override Accessor getWriteTarget() {
-    this instanceof AssignableWrite and
-    exists(Property p | p = this.getProperty() |
-      result = p.getSetter()
-      or
-      result =
-        any(Getter g |
-          g = p.getGetter() and
-          g.getAnnotatedReturnType().isRef()
-        )
-    )
+    this instanceof AssignableWrite and result = this.getProperty().getSetter()
   }
 
   override Expr getArgument(int i) {
@@ -810,16 +801,7 @@ class IndexerCall extends AccessorCall, IndexerAccessExpr {
   }
 
   override Accessor getWriteTarget() {
-    this instanceof AssignableWrite and
-    exists(Indexer i | i = this.getIndexer() |
-      result = i.getSetter()
-      or
-      result =
-        any(Getter g |
-          g = i.getGetter() and
-          g.getAnnotatedReturnType().isRef()
-        )
-    )
+    this instanceof AssignableWrite and result = this.getIndexer().getSetter()
   }
 
   override Expr getArgument(int i) {

csharp/ql/test/library-tests/csharp8/NullableRefTypes.expected

@@ -227,7 +227,7 @@ returnTypes
 | NullableRefTypes.cs:107:26:107:36 | ReturnsRef5 | readonly MyClass! |
 | NullableRefTypes.cs:108:26:108:36 | ReturnsRef6 | readonly MyClass! |
 | NullableRefTypes.cs:110:10:110:20 | Parameters1 | Void! |
-| NullableRefTypes.cs:113:32:113:44 | get_RefProperty | ref MyClass! |
+| NullableRefTypes.cs:113:32:113:44 | get_RefProperty | MyClass! |
 | NullableRefTypes.cs:116:7:116:23 | <object initializer> | Void |
 | NullableRefTypes.cs:116:7:116:23 | ToStringWithTypes | Void! |
 | NullableRefTypes.cs:136:7:136:24 | <object initializer> | Void |

csharp/ql/test/library-tests/encoding/SBCS.cs

@@ -1,4 +1,4 @@
-class SBCS
+class SBCS
 {
-    string sbcs = "<22>";
+    string sbcs = "<22>";
 }

csharp/ql/test/library-tests/indexers/Indexers13.expected

@@ -1,4 +0,0 @@
-| indexers.cs:24:21:24:24 | Item | indexers.cs:62:22:62:29 | access to indexer | indexers.cs:26:13:26:15 | get_Item |
-| indexers.cs:24:21:24:24 | Item | indexers.cs:65:25:65:32 | access to indexer | indexers.cs:34:13:34:15 | set_Item |
-| indexers.cs:143:24:143:27 | Item | indexers.cs:156:13:156:16 | access to indexer | indexers.cs:145:13:145:15 | get_Item |
-| indexers.cs:143:24:143:27 | Item | indexers.cs:157:21:157:24 | access to indexer | indexers.cs:145:13:145:15 | get_Item |

csharp/ql/test/library-tests/indexers/Indexers13.ql

@@ -1,8 +0,0 @@
-import csharp
-
-from IndexerCall ic, Indexer i, Accessor target
-where
-  ic.getIndexer() = i and
-  ic.getTarget() = target and
-  i.fromSource()
-select i, ic, target

csharp/ql/test/library-tests/indexers/PrintAst.expected

@@ -360,57 +360,3 @@ indexers.cs:
 #  130|         4: [BlockStmt] {...}
 #  130|           0: [ReturnStmt] return ...;
 #  130|             0: [IntLiteral] 0
-#  134|   5: [RefStruct] S
-#  136|     6: [Field] x
-#  136|       -1: [TypeMention] int
-#  138|     7: [InstanceConstructor] S
-#-----|       2: (Parameters)
-#  138|         0: [Parameter] v
-#  138|           -1: [TypeMention] int
-#  139|       4: [BlockStmt] {...}
-#  140|         0: [ExprStmt] ...;
-#  140|           0: [AssignExpr] ... = ...
-#  140|             0: [FieldAccess] access to field x
-#  140|             1: [RefExpr] ref ...
-#  140|               0: [ParameterAccess] access to parameter v
-#  143|     8: [Indexer] Item
-#  143|       -1: [TypeMention] int
-#-----|       1: (Parameters)
-#  143|         0: [Parameter] i
-#  143|           -1: [TypeMention] int
-#  145|       3: [Getter] get_Item
-#-----|         2: (Parameters)
-#  143|           0: [Parameter] i
-#  145|         4: [BlockStmt] {...}
-#  145|           0: [ReturnStmt] return ...;
-#  145|             0: [RefExpr] ref ...
-#  145|               0: [FieldAccess] access to field x
-#  149|   6: [Class] TestRefReturns
-#  151|     6: [Method] M
-#  151|       -1: [TypeMention] Void
-#  152|       4: [BlockStmt] {...}
-#  153|         0: [LocalVariableDeclStmt] ... ...;
-#  153|           0: [LocalVariableDeclAndInitExpr] Int32 a = ...
-#  153|             -1: [TypeMention] int
-#  153|             0: [LocalVariableAccess] access to local variable a
-#  153|             1: [IntLiteral] 0
-#  155|         1: [LocalVariableDeclStmt] ... ...;
-#  155|           0: [LocalVariableDeclAndInitExpr] S s = ...
-#  155|             -1: [TypeMention] S
-#  155|             0: [LocalVariableAccess] access to local variable s
-#  155|             1: [ObjectCreation] object creation of type S
-#  155|               -1: [TypeMention] S
-#  155|               0: [LocalVariableAccess] access to local variable a
-#  156|         2: [ExprStmt] ...;
-#  156|           0: [AssignExpr] ... = ...
-#  156|             0: [IndexerCall] access to indexer
-#  156|               -1: [LocalVariableAccess] access to local variable s
-#  156|               0: [IntLiteral] 0
-#  156|             1: [IntLiteral] 1
-#  157|         3: [LocalVariableDeclStmt] ... ...;
-#  157|           0: [LocalVariableDeclAndInitExpr] Int32 x = ...
-#  157|             -1: [TypeMention] int
-#  157|             0: [LocalVariableAccess] access to local variable x
-#  157|             1: [IndexerCall] access to indexer
-#  157|               -1: [LocalVariableAccess] access to local variable s
-#  157|               0: [IntLiteral] 0

csharp/ql/test/library-tests/indexers/indexers.cs

@@ -130,31 +130,4 @@ namespace Indexers
             get { return 0; }
         }
     }
-
-    public ref struct S
-    {
-        private ref int x;
-
-        public S(ref int v)
-        {
-            x = ref v;
-        }
-
-        public ref int this[int i]
-        {
-            get { return ref x; }
-        }
-    }
-
-    public class TestRefReturns
-    {
-        public void M()
-        {
-            int a = 0;
-
-            S s = new S(ref a);
-            s[0] = 1;
-            var x = s[0];
-        }
-    }
 }

csharp/ql/test/library-tests/properties/PrintAst.expected

@@ -246,50 +246,3 @@ properties.cs:
 #  133|               0: [FieldAccess] access to field Prop.field
 #  133|               1: [ParameterAccess] access to parameter value
 #  130|     7: [Field] Prop.field
-#  137|   11: [RefStruct] S
-#  139|     6: [Field] x
-#  139|       -1: [TypeMention] int
-#  141|     7: [InstanceConstructor] S
-#-----|       2: (Parameters)
-#  141|         0: [Parameter] v
-#  141|           -1: [TypeMention] int
-#  142|       4: [BlockStmt] {...}
-#  143|         0: [ExprStmt] ...;
-#  143|           0: [AssignExpr] ... = ...
-#  143|             0: [FieldAccess] access to field x
-#  143|             1: [RefExpr] ref ...
-#  143|               0: [ParameterAccess] access to parameter v
-#  146|     8: [Property] Prop
-#  146|       -1: [TypeMention] int
-#  148|       3: [Getter] get_Prop
-#  148|         4: [BlockStmt] {...}
-#  148|           0: [ReturnStmt] return ...;
-#  148|             0: [RefExpr] ref ...
-#  148|               0: [FieldAccess] access to field x
-#  152|   12: [Class] TestRefReturns
-#  154|     6: [Method] M
-#  154|       -1: [TypeMention] Void
-#  155|       4: [BlockStmt] {...}
-#  156|         0: [LocalVariableDeclStmt] ... ...;
-#  156|           0: [LocalVariableDeclAndInitExpr] Int32 a = ...
-#  156|             -1: [TypeMention] int
-#  156|             0: [LocalVariableAccess] access to local variable a
-#  156|             1: [IntLiteral] 0
-#  158|         1: [LocalVariableDeclStmt] ... ...;
-#  158|           0: [LocalVariableDeclAndInitExpr] S s = ...
-#  158|             -1: [TypeMention] S
-#  158|             0: [LocalVariableAccess] access to local variable s
-#  158|             1: [ObjectCreation] object creation of type S
-#  158|               -1: [TypeMention] S
-#  158|               0: [LocalVariableAccess] access to local variable a
-#  159|         2: [ExprStmt] ...;
-#  159|           0: [AssignExpr] ... = ...
-#  159|             0: [PropertyCall] access to property Prop
-#  159|               -1: [LocalVariableAccess] access to local variable s
-#  159|             1: [IntLiteral] 1
-#  160|         3: [LocalVariableDeclStmt] ... ...;
-#  160|           0: [LocalVariableDeclAndInitExpr] Int32 x = ...
-#  160|             -1: [TypeMention] int
-#  160|             0: [LocalVariableAccess] access to local variable x
-#  160|             1: [PropertyCall] access to property Prop
-#  160|               -1: [LocalVariableAccess] access to local variable s

csharp/ql/test/library-tests/properties/Properties17.expected

@@ -1,6 +1,5 @@
 | Prop.field |
 | caption |
 | next |
-| x |
 | y |
 | z |

csharp/ql/test/library-tests/properties/Properties19.expected

@@ -1,8 +0,0 @@
-| properties.cs:12:23:12:29 | Caption | properties.cs:29:13:29:28 | access to property Caption | properties.cs:17:13:17:15 | set_Caption |
-| properties.cs:12:23:12:29 | Caption | properties.cs:30:24:30:39 | access to property Caption | properties.cs:15:13:15:15 | get_Caption |
-| properties.cs:57:20:57:20 | X | properties.cs:61:13:61:13 | access to property X | properties.cs:57:37:57:39 | set_X |
-| properties.cs:58:20:58:20 | Y | properties.cs:62:13:62:13 | access to property Y | properties.cs:58:37:58:39 | set_Y |
-| properties.cs:70:28:70:28 | X | properties.cs:82:46:82:51 | access to property X | properties.cs:70:32:70:34 | get_X |
-| properties.cs:71:28:71:28 | Y | properties.cs:83:39:83:44 | access to property Y | properties.cs:74:13:74:15 | set_Y |
-| properties.cs:146:24:146:27 | Prop | properties.cs:159:13:159:18 | access to property Prop | properties.cs:148:13:148:15 | get_Prop |
-| properties.cs:146:24:146:27 | Prop | properties.cs:160:21:160:26 | access to property Prop | properties.cs:148:13:148:15 | get_Prop |

csharp/ql/test/library-tests/properties/Properties19.ql

@@ -1,8 +0,0 @@
-import csharp
-
-from PropertyCall pc, Property p, Accessor target
-where
-  pc.getProperty() = p and
-  pc.getTarget() = target and
-  p.fromSource()
-select p, pc, target

csharp/ql/test/library-tests/properties/properties.cs

@@ -133,31 +133,4 @@ namespace Properties
             set { field = value; }
         }
     }
-
-    public ref struct S
-    {
-        private ref int x;
-
-        public S(ref int v)
-        {
-            x = ref v;
-        }
-
-        public ref int Prop
-        {
-            get { return ref x; }
-        }
-    }
-
-    public class TestRefReturns
-    {
-        public void M()
-        {
-            int a = 0;
-
-            S s = new S(ref a);
-            s.Prop = 1;
-            var x = s.Prop;
-        }
-    }
 }

csharp/ql/test/query-tests/Telemetry/DatabaseQuality/IsNotOkayCall.expected

@@ -1,2 +1,3 @@
 | Quality.cs:26:19:26:26 | access to indexer | Call without target $@. | Quality.cs:26:19:26:26 | access to indexer | access to indexer |
 | Quality.cs:29:21:29:27 | access to indexer | Call without target $@. | Quality.cs:29:21:29:27 | access to indexer | access to indexer |
+| Quality.cs:32:9:32:21 | access to indexer | Call without target $@. | Quality.cs:32:9:32:21 | access to indexer | access to indexer |

csharp/ql/test/query-tests/Telemetry/DatabaseQuality/NoTarget.expected

@@ -9,5 +9,6 @@
 | Quality.cs:23:9:23:30 | delegate call | Call without target $@. | Quality.cs:23:9:23:30 | delegate call | delegate call |
 | Quality.cs:26:19:26:26 | access to indexer | Call without target $@. | Quality.cs:26:19:26:26 | access to indexer | access to indexer |
 | Quality.cs:29:21:29:27 | access to indexer | Call without target $@. | Quality.cs:29:21:29:27 | access to indexer | access to indexer |
+| Quality.cs:32:9:32:21 | access to indexer | Call without target $@. | Quality.cs:32:9:32:21 | access to indexer | access to indexer |
 | Quality.cs:38:16:38:26 | access to property MyProperty2 | Call without target $@. | Quality.cs:38:16:38:26 | access to property MyProperty2 | access to property MyProperty2 |
 | Quality.cs:50:20:50:26 | object creation of type T | Call without target $@. | Quality.cs:50:20:50:26 | object creation of type T | object creation of type T |

csharp/ql/test/query-tests/Telemetry/DatabaseQuality/Quality.cs

@@ -29,7 +29,7 @@ public class Test
         var slice = sp[..3];        // TODO: this is not an indexer call, but rather a `sp.Slice(0, 3)` call.
 
         Span<byte> guidBytes = stackalloc byte[16];
-        guidBytes[08] = 1;
+        guidBytes[08] = 1;          // TODO: this indexer call has no target, because the target is a `ref` returning getter.
 
         new MyList([new(), new Test()]);
     }

docs/codeql/reusables/supported-versions-compilers.rst

@@ -21,7 +21,7 @@
    Java,"Java 7 to 26 [6]_","javac (OpenJDK and Oracle JDK),
 
    Eclipse compiler for Java (ECJ) [7]_",``.java``
-   Kotlin,"Kotlin 2.0.0 to 2.4.\ *x*","kotlinc",``.kt``
+   Kotlin,"Kotlin 1.8.0 to 2.3.2\ *x*","kotlinc",``.kt``
    JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [8]_"
    Python [9]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13",Not applicable,``.py``
    Ruby [10]_,"up to 3.3",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``"

go/ql/lib/change-notes/2026-06-01-non-returning-functions.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* More logging functions are now recognized as not returning or panicking.

go/ql/lib/semmle/go/Concepts.qll

@@ -413,13 +413,17 @@ private class ExternalLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
   }
 }
 
-private class HeuristicLoggerFunction extends Method {
-  string logFunctionPrefix;
-
-  HeuristicLoggerFunction() {
-    exists(string tp, string name |
-      this.hasQualifiedName(_, tp, name) and
-      this.getReceiverBaseType().getUnderlyingType() instanceof InterfaceType
+/**
+ * A call to an interface that looks like a logger. It is common to use a
+ * locally-defined interface for logging to make it easy to changing logging
+ * library.
+ */
+private class HeuristicLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
+  HeuristicLoggerCall() {
+    exists(Method m, string tp, string logFunctionPrefix, string name |
+      m = this.getTarget() and
+      m.hasQualifiedName(_, tp, name) and
+      m.getReceiverBaseType().getUnderlyingType() instanceof InterfaceType
     |
       tp.regexpMatch(".*[lL]ogger") and
       logFunctionPrefix =
@@ -431,19 +435,6 @@ private class HeuristicLoggerFunction extends Method {
     )
   }
 
-  override predicate mayReturnNormally() { logFunctionPrefix != "Fatal" }
-
-  override predicate mustPanic() { logFunctionPrefix = "Panic" }
-}
-
-/**
- * A call to an interface that looks like a logger. It is common to use a
- * locally-defined interface for logging to make it easy to change logging
- * library.
- */
-private class HeuristicLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
-  HeuristicLoggerCall() { this.getTarget() instanceof HeuristicLoggerFunction }
-
   override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
 }
 

go/ql/lib/semmle/go/frameworks/Glog.qll

@@ -12,37 +12,17 @@ import go
  * forks.
  */
 module Glog {
-  /** Gets a package name for `glog` or `klog` (which is a fork). */
-  string packagePath() {
-    result =
-      package([
-          "github.com/golang/glog", "gopkg.in/glog", "k8s.io/klog", "github.com/barakmich/glog"
-        ], "")
-  }
-
   private class GlogFunction extends Function {
     int firstPrintedArg;
-    string format;
-    string level;
 
     GlogFunction() {
-      exists(string pkg, string context, int nContextArgs, string depth, int nDepthArgs, string fn |
-        pkg = packagePath() and
+      exists(string pkg, string fn, string level |
+        pkg = package(["github.com/golang/glog", "gopkg.in/glog", "k8s.io/klog"], "") and
         level = ["Error", "Exit", "Fatal", "Info", "Warning"] and
         (
-          context = "" and nContextArgs = 0
+          fn = level + ["", "f", "ln"] and firstPrintedArg = 0
           or
-          context = "Context" and nContextArgs = 1
-        ) and
-        (
-          depth = "" and nDepthArgs = 0
-          or
-          depth = "Depth" and nDepthArgs = 1
-        ) and
-        format = ["", "f", "ln"] and
-        (
-          fn = level + context + depth + format and
-          firstPrintedArg = nContextArgs + nDepthArgs
+          fn = level + "Depth" and firstPrintedArg = 1
         )
       |
         this.hasQualifiedName(pkg, fn)
@@ -55,15 +35,10 @@ module Glog {
      * Gets the index of the first argument that may be output, including a format string if one is present.
      */
     int getFirstPrintedArg() { result = firstPrintedArg }
-
-    /** Holds if this function takes a format string. */
-    predicate formatter() { format = "f" }
-
-    override predicate mayReturnNormally() { level != "Fatal" and level != "Exit" }
   }
 
   private class StringFormatter extends StringOps::Formatting::Range instanceof GlogFunction {
-    StringFormatter() { this.formatter() }
+    StringFormatter() { this.getName().matches("%f") }
 
     override int getFormatStringIndex() { result = super.getFirstPrintedArg() }
   }

go/ql/lib/semmle/go/frameworks/Logrus.qll

@@ -28,12 +28,6 @@ module Logrus {
         this.(Method).hasQualifiedName(packagePath(), ["Entry", "Logger"], name)
       )
     }
-
-    override predicate mayReturnNormally() {
-      not exists(string level, string suffix | level = ["Fatal", "Panic"] |
-        this.getName() = level + suffix
-      )
-    }
   }
 
   private class StringFormatters extends StringOps::Formatting::Range instanceof LogFunction {

go/ql/lib/semmle/go/frameworks/Zap.qll

@@ -47,7 +47,7 @@ module Zap {
   }
 
   /** A Zap logging function which always panics. */
-  private class FatalLogMethod extends ZapFunction {
+  private class FatalLogMethod extends Method {
     FatalLogMethod() {
       this.hasQualifiedName(packagePath(), "Logger", "Fatal")
       or
@@ -58,7 +58,7 @@ module Zap {
   }
 
   /** A Zap logging function which always panics. */
-  private class MustPanicLogMethod extends ZapFunction {
+  private class MustPanicLogMethod extends Method {
     MustPanicLogMethod() {
       this.hasQualifiedName(packagePath(), "Logger", "Panic")
       or

go/ql/lib/semmle/go/frameworks/stdlib/Log.qll

@@ -29,37 +29,18 @@ module Log {
   }
 
   private class LogFormatter extends StringOps::Formatting::Range instanceof LogFunction {
-    LogFormatter() { this.getName() = ["Fatalf", "Panicf", "Printf", "Panic", "Panicf", "Panicln"] }
+    LogFormatter() { this.getName() = ["Fatalf", "Panicf", "Printf"] }
 
     override int getFormatStringIndex() { result = 0 }
   }
 
   /** A fatal log function, which calls `os.Exit`. */
   private class FatalLogFunction extends Function {
-    FatalLogFunction() {
-      exists(string fn | fn = ["Fatal", "Fatalf", "Fatalln"] |
-        this.hasQualifiedName("log", fn)
-        or
-        this.(Method).hasQualifiedName("log", "Logger", fn)
-      )
-    }
+    FatalLogFunction() { this.hasQualifiedName("log", ["Fatal", "Fatalf", "Fatalln"]) }
 
     override predicate mayReturnNormally() { none() }
   }
 
-  /** A log function which must panic. */
-  private class PanicLogFunction extends Function {
-    PanicLogFunction() {
-      exists(string fn | fn = ["Panic", "Panicf", "Panicln"] |
-        this.hasQualifiedName("log", fn)
-        or
-        this.(Method).hasQualifiedName("log", "Logger", fn)
-      )
-    }
-
-    override predicate mustPanic() { any() }
-  }
-
   // These models are not implemented using Models-as-Data because they represent reverse flow.
   private class FunctionModels extends TaintTracking::FunctionModel {
     FunctionInput inp;
@@ -82,6 +63,30 @@ module Log {
     FunctionOutput outp;
 
     MethodModels() {
+      // signature: func (*Logger) Fatal(v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Fatal") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Fatalf(format string, v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Fatalf") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Fatalln(v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Fatalln") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Panic(v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Panic") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Panicf(format string, v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Panicf") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (*Logger) Panicln(v ...interface{})
+      this.hasQualifiedName("log", "Logger", "Panicln") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
       // signature: func (*Logger) Print(v ...interface{})
       this.hasQualifiedName("log", "Logger", "Print") and
       (inp.isParameter(_) and outp.isReceiver())

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/glog.go

@@ -1,181 +1,54 @@
-//go:generate depstubber -vendor github.com/golang/glog Level,Verbose Error,ErrorContext,ErrorContextDepth,ErrorContextDepthf,ErrorContextf,ErrorDepth,ErrorDepthf,Errorf,Errorln,Exit,ExitContext,ExitContextDepth,ExitContextDepthf,ExitContextf,ExitDepth,ExitDepthf,Exitf,Exitln,Fatal,FatalContext,FatalContextDepth,FatalContextDepthf,FatalContextf,FatalDepth,FatalDepthf,Fatalf,Fatalln,Info,InfoContext,InfoContextDepth,InfoContextDepthf,InfoContextf,InfoDepth,InfoDepthf,Infof,Infoln,V,VDepth,Warning,WarningContext,WarningContextDepth,WarningContextDepthf,WarningContextf,WarningDepth,WarningDepthf,Warningf,Warningln
-//go:generate depstubber -vendor k8s.io/klog Level,Verbose Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,V,Warning,WarningDepth,Warningf,Warningln
+//go:generate depstubber -vendor github.com/golang/glog "" Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln
+//go:generate depstubber -vendor k8s.io/klog "" Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln
 
 package main
 
 import (
-	"context"
-
 	"github.com/golang/glog"
 	"k8s.io/klog"
 )
 
-func glogTest(selector int) {
-	ctx := context.Background()
-
-	glog.Error(text)                           // $ logger=text
-	glog.ErrorContext(ctx, text)               // $ logger=text
-	glog.ErrorContextDepth(ctx, 0, text)       // $ logger=text
-	glog.ErrorContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	glog.ErrorContextf(ctx, fmt, text)         // $ logger=fmt logger=text
-	glog.ErrorDepth(0, text)                   // $ logger=text
-	glog.ErrorDepthf(0, fmt, text)             // $ logger=fmt logger=text
-	glog.Errorf(fmt, text)                     // $ logger=fmt logger=text
-	glog.Errorln(text)                         // $ logger=text
-	if selector == 1 {
-		glog.Exit(text) // $ logger=text
-	}
-	if selector == 2 {
-		glog.ExitContext(ctx, text) // $ logger=text
-	}
-	if selector == 3 {
-		glog.ExitContextDepth(ctx, 0, text) // $ logger=text
-	}
-	if selector == 4 {
-		glog.ExitContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 5 {
-		glog.ExitContextf(ctx, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 6 {
-		glog.ExitDepth(0, text) // $ logger=text
-	}
-	if selector == 7 {
-		glog.ExitDepthf(0, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 8 {
-		glog.Exitf(fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 9 {
-		glog.Exitln(text) // $ logger=text
-	}
-	if selector == 10 {
-		glog.Fatal(text) // $ logger=text
-	}
-	if selector == 11 {
-		glog.FatalContext(ctx, text) // $ logger=text
-	}
-	if selector == 12 {
-		glog.FatalContextDepth(ctx, 0, text) // $ logger=text
-	}
-	if selector == 13 {
-		glog.FatalContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 14 {
-		glog.FatalContextf(ctx, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 15 {
-		glog.FatalDepth(0, text) // $ logger=text
-	}
-	if selector == 16 {
-		glog.FatalDepthf(0, fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 17 {
-		glog.Fatalf(fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 18 {
-		glog.Fatalln(text) // $ logger=text
-	}
-	glog.Info(text)                              // $ logger=text
-	glog.InfoContext(ctx, text)                  // $ logger=text
-	glog.InfoContextDepth(ctx, 0, text)          // $ logger=text
-	glog.InfoContextDepthf(ctx, 0, fmt, text)    // $ logger=fmt logger=text
-	glog.InfoContextf(ctx, fmt, text)            // $ logger=fmt logger=text
-	glog.InfoDepth(0, text)                      // $ logger=text
-	glog.InfoDepthf(0, fmt, text)                // $ logger=fmt logger=text
-	glog.Infof(fmt, text)                        // $ logger=fmt logger=text
-	glog.Infoln(text)                            // $ logger=text
-	glog.Warning(text)                           // $ logger=text
-	glog.WarningContext(ctx, text)               // $ logger=text
-	glog.WarningContextDepth(ctx, 0, text)       // $ logger=text
-	glog.WarningContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	glog.WarningContextf(ctx, fmt, text)         // $ logger=fmt logger=text
-	glog.WarningDepth(0, text)                   // $ logger=text
-	glog.WarningDepthf(0, fmt, text)             // $ logger=fmt logger=text
-	glog.Warningf(fmt, text)                     // $ logger=fmt logger=text
-	glog.Warningln(text)                         // $ logger=text
-
-	glog.V(0).Info(text)                           // $ logger=text
-	glog.V(0).InfoContext(ctx, text)               // $ logger=text
-	glog.V(0).InfoContextDepth(ctx, 0, text)       // $ logger=text
-	glog.V(0).InfoContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
-	glog.V(0).InfoContextf(ctx, fmt, text)         // $ logger=fmt logger=text
-	glog.V(0).InfoDepth(0, text)                   // $ logger=text
-	glog.V(0).InfoDepthf(0, fmt, text)             // $ logger=fmt logger=text
-	glog.V(0).Infof(fmt, text)                     // $ logger=fmt logger=text
-	glog.V(0).Infoln(text)                         // $ logger=text
-	glog.VDepth(0, 0).Info(text)                   // $ logger=text
+func glogTest() {
+	glog.Error(text)           // $ logger=text
+	glog.ErrorDepth(0, text)   // $ logger=text
+	glog.Errorf(fmt, text)     // $ logger=fmt logger=text
+	glog.Errorln(text)         // $ logger=text
+	glog.Exit(text)            // $ logger=text
+	glog.ExitDepth(0, text)    // $ logger=text
+	glog.Exitf(fmt, text)      // $ logger=fmt logger=text
+	glog.Exitln(text)          // $ logger=text
+	glog.Fatal(text)           // $ logger=text
+	glog.FatalDepth(0, text)   // $ logger=text
+	glog.Fatalf(fmt, text)     // $ logger=fmt logger=text
+	glog.Fatalln(text)         // $ logger=text
+	glog.Info(text)            // $ logger=text
+	glog.InfoDepth(0, text)    // $ logger=text
+	glog.Infof(fmt, text)      // $ logger=fmt logger=text
+	glog.Infoln(text)          // $ logger=text
+	glog.Warning(text)         // $ logger=text
+	glog.WarningDepth(0, text) // $ logger=text
+	glog.Warningf(fmt, text)   // $ logger=fmt logger=text
+	glog.Warningln(text)       // $ logger=text
 
 	// components corresponding to the format specifier "%T" are not considered vulnerable
-	glog.ErrorContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.ErrorContextf(ctx, "%s: found type %T", text, v)         // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.ErrorDepthf(0, "%s: found type %T", text, v)             // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.Errorf("%s: found type %T", text, v)                     // $ logger="%s: found type %T" logger=text type-logger=v
-	if selector == 19 {
-		glog.ExitContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 20 {
-		glog.ExitContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 21 {
-		glog.ExitDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 22 {
-		glog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 23 {
-		glog.FatalContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 24 {
-		glog.FatalContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 25 {
-		glog.FatalDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 26 {
-		glog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	glog.InfoContextDepthf(ctx, 0, "%s: found type %T", text, v)      // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.InfoContextf(ctx, "%s: found type %T", text, v)              // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.InfoDepthf(0, "%s: found type %T", text, v)                  // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.Infof("%s: found type %T", text, v)                          // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.WarningContextDepthf(ctx, 0, "%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.WarningContextf(ctx, "%s: found type %T", text, v)           // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.WarningDepthf(0, "%s: found type %T", text, v)               // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.Warningf("%s: found type %T", text, v)                       // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.V(0).InfoContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.V(0).InfoContextf(ctx, "%s: found type %T", text, v)         // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.V(0).InfoDepthf(0, "%s: found type %T", text, v)             // $ logger="%s: found type %T" logger=text type-logger=v
-	glog.V(0).Infof("%s: found type %T", text, v)                     // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Errorf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Exitf("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Fatalf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Infof("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
 
-	klog.Error(text)         // $ logger=text
-	klog.ErrorDepth(0, text) // $ logger=text
-	klog.Errorf(fmt, text)   // $ logger=fmt logger=text
-	klog.Errorln(text)       // $ logger=text
-	if selector == 27 {
-		klog.Exit(text) // $ logger=text
-	}
-	if selector == 28 {
-		klog.ExitDepth(0, text) // $ logger=text
-	}
-	if selector == 29 {
-		klog.Exitf(fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 30 {
-		klog.Exitln(text) // $ logger=text
-	}
-	if selector == 31 {
-		klog.Fatal(text) // $ logger=text
-	}
-	if selector == 32 {
-		klog.FatalDepth(0, text) // $ logger=text
-	}
-	if selector == 33 {
-		klog.Fatalf(fmt, text) // $ logger=fmt logger=text
-	}
-	if selector == 34 {
-		klog.Fatalln(text) // $ logger=text
-	}
+	klog.Error(text)           // $ logger=text
+	klog.ErrorDepth(0, text)   // $ logger=text
+	klog.Errorf(fmt, text)     // $ logger=fmt logger=text
+	klog.Errorln(text)         // $ logger=text
+	klog.Exit(text)            // $ logger=text
+	klog.ExitDepth(0, text)    // $ logger=text
+	klog.Exitf(fmt, text)      // $ logger=fmt logger=text
+	klog.Exitln(text)          // $ logger=text
+	klog.Fatal(text)           // $ logger=text
+	klog.FatalDepth(0, text)   // $ logger=text
+	klog.Fatalf(fmt, text)     // $ logger=fmt logger=text
+	klog.Fatalln(text)         // $ logger=text
 	klog.Info(text)            // $ logger=text
 	klog.InfoDepth(0, text)    // $ logger=text
 	klog.Infof(fmt, text)      // $ logger=fmt logger=text
@@ -184,19 +57,11 @@ func glogTest(selector int) {
 	klog.WarningDepth(0, text) // $ logger=text
 	klog.Warningf(fmt, text)   // $ logger=fmt logger=text
 	klog.Warningln(text)       // $ logger=text
-	klog.V(0).Info(text)       // $ logger=text
-	klog.V(0).Infof(fmt, text) // $ logger=fmt logger=text
-	klog.V(0).Infoln(text)     // $ logger=text
 
 	// components corresponding to the format specifier "%T" are not considered vulnerable
-	klog.Errorf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	if selector == 35 {
-		klog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	if selector == 36 {
-		klog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	}
-	klog.Infof("%s: found type %T", text, v)      // $ logger="%s: found type %T" logger=text type-logger=v
-	klog.Warningf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
-	klog.V(0).Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Errorf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Exitf("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Fatalf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Infof("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
 }

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/go.mod

@@ -3,7 +3,7 @@ module codeql-go-tests/concepts/loggercall
 go 1.15
 
 require (
-	github.com/golang/glog v1.2.5
+	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 	github.com/sirupsen/logrus v1.7.0
 	k8s.io/klog v1.0.0
 )

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go

@@ -6,6 +6,5 @@ const text = "test"
 var v []byte
 
 func main() {
-	glogTest(len(v))
 	stdlib()
 }

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go

@@ -2,125 +2,47 @@
 // This is a simple stub for github.com/golang/glog, strictly for use in testing.
 
 // See the LICENSE file for information about the licensing of the original library.
-// Source: github.com/golang/glog (exports: Level,Verbose; functions: Error,ErrorContext,ErrorContextDepth,ErrorContextDepthf,ErrorContextf,ErrorDepth,ErrorDepthf,Errorf,Errorln,Exit,ExitContext,ExitContextDepth,ExitContextDepthf,ExitContextf,ExitDepth,ExitDepthf,Exitf,Exitln,Fatal,FatalContext,FatalContextDepth,FatalContextDepthf,FatalContextf,FatalDepth,FatalDepthf,Fatalf,Fatalln,Info,InfoContext,InfoContextDepth,InfoContextDepthf,InfoContextf,InfoDepth,InfoDepthf,Infof,Infoln,V,VDepth,Warning,WarningContext,WarningContextDepth,WarningContextDepthf,WarningContextf,WarningDepth,WarningDepthf,Warningf,Warningln)
+// Source: github.com/golang/glog (exports: ; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln)
 
 // Package glog is a stub of github.com/golang/glog, generated by depstubber.
 package glog
 
-import "context"
-
-type Level int32
-
-type Verbose bool
-
 func Error(_ ...interface{}) {}
 
-func ErrorContext(_ context.Context, _ ...interface{}) {}
-
-func ErrorContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func ErrorContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func ErrorContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func ErrorDepth(_ int, _ ...interface{}) {}
 
-func ErrorDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Errorf(_ string, _ ...interface{}) {}
 
 func Errorln(_ ...interface{}) {}
 
 func Exit(_ ...interface{}) {}
 
-func ExitContext(_ context.Context, _ ...interface{}) {}
-
-func ExitContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func ExitContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func ExitContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func ExitDepth(_ int, _ ...interface{}) {}
 
-func ExitDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Exitf(_ string, _ ...interface{}) {}
 
 func Exitln(_ ...interface{}) {}
 
 func Fatal(_ ...interface{}) {}
 
-func FatalContext(_ context.Context, _ ...interface{}) {}
-
-func FatalContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func FatalContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func FatalContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func FatalDepth(_ int, _ ...interface{}) {}
 
-func FatalDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Fatalf(_ string, _ ...interface{}) {}
 
 func Fatalln(_ ...interface{}) {}
 
 func Info(_ ...interface{}) {}
 
-func InfoContext(_ context.Context, _ ...interface{}) {}
-
-func InfoContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func InfoContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func InfoContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func InfoDepth(_ int, _ ...interface{}) {}
 
-func InfoDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Infof(_ string, _ ...interface{}) {}
 
 func Infoln(_ ...interface{}) {}
 
-func V(_ Level) Verbose { return false }
-
-func VDepth(_ int, _ Level) Verbose { return false }
-
 func Warning(_ ...interface{}) {}
 
-func WarningContext(_ context.Context, _ ...interface{}) {}
-
-func WarningContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func WarningContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func WarningContextf(_ context.Context, _ string, _ ...interface{}) {}
-
 func WarningDepth(_ int, _ ...interface{}) {}
 
-func WarningDepthf(_ int, _ string, _ ...interface{}) {}
-
 func Warningf(_ string, _ ...interface{}) {}
 
 func Warningln(_ ...interface{}) {}
-
-func (_ Verbose) Info(_ ...interface{}) {}
-
-func (_ Verbose) InfoContext(_ context.Context, _ ...interface{}) {}
-
-func (_ Verbose) InfoContextDepth(_ context.Context, _ int, _ ...interface{}) {}
-
-func (_ Verbose) InfoContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
-
-func (_ Verbose) InfoContextf(_ context.Context, _ string, _ ...interface{}) {}
-
-func (_ Verbose) InfoDepth(_ int, _ ...interface{}) {}
-
-func (_ Verbose) InfoDepthf(_ int, _ string, _ ...interface{}) {}
-
-func (_ Verbose) Infof(_ string, _ ...interface{}) {}
-
-func (_ Verbose) Infoln(_ ...interface{}) {}

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go

@@ -2,15 +2,11 @@
 // This is a simple stub for k8s.io/klog, strictly for use in testing.
 
 // See the LICENSE file for information about the licensing of the original library.
-// Source: k8s.io/klog (exports: Level,Verbose; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,V,Warning,WarningDepth,Warningf,Warningln)
+// Source: k8s.io/klog (exports: ; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln)
 
 // Package klog is a stub of k8s.io/klog, generated by depstubber.
 package klog
 
-type Level int32
-
-type Verbose bool
-
 func Error(_ ...interface{}) {}
 
 func ErrorDepth(_ int, _ ...interface{}) {}
@@ -43,8 +39,6 @@ func Infof(_ string, _ ...interface{}) {}
 
 func Infoln(_ ...interface{}) {}
 
-func V(_ Level) Verbose { return false }
-
 func Warning(_ ...interface{}) {}
 
 func WarningDepth(_ int, _ ...interface{}) {}
@@ -52,9 +46,3 @@ func WarningDepth(_ int, _ ...interface{}) {}
 func Warningf(_ string, _ ...interface{}) {}
 
 func Warningln(_ ...interface{}) {}
-
-func (_ Verbose) Info(_ ...interface{}) {}
-
-func (_ Verbose) Infof(_ string, _ ...interface{}) {}
-
-func (_ Verbose) Infoln(_ ...interface{}) {}

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt

@@ -1,4 +1,4 @@
-# github.com/golang/glog v1.2.5
+# github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 ## explicit
 github.com/golang/glog
 # github.com/sirupsen/logrus v1.7.0

go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/NoretFunctions.expected

@@ -1,21 +1,11 @@
-| file://:0:0:0:0 | Exit | os.Exit |
-| file://:0:0:0:0 | Fatal | log.Fatal |
-| file://:0:0:0:0 | Fatal | log.Logger.Fatal |
-| file://:0:0:0:0 | Fatalf | log.Fatalf |
-| file://:0:0:0:0 | Fatalf | log.Logger.Fatalf |
-| file://:0:0:0:0 | Fatalln | log.Fatalln |
-| file://:0:0:0:0 | Fatalln | log.Logger.Fatalln |
-| file://:0:0:0:0 | Panic | log.Logger.Panic |
-| file://:0:0:0:0 | Panic | log.Panic |
-| file://:0:0:0:0 | Panicf | log.Logger.Panicf |
-| file://:0:0:0:0 | Panicf | log.Panicf |
-| file://:0:0:0:0 | Panicln | log.Logger.Panicln |
-| file://:0:0:0:0 | Panicln | log.Panicln |
-| file://:0:0:0:0 | panic | panic |
-| noretfunctions.go:8:6:8:12 | isNoRet | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.isNoRet |
-| noretfunctions.go:20:6:20:22 | noRetUsesLogFatal | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.noRetUsesLogFatal |
-| noretfunctions.go:24:6:24:23 | noRetUsesLogFatalf | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.noRetUsesLogFatalf |
-| stmts7.go:10:6:10:15 | canRecover | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.canRecover |
-| stmts.go:10:6:10:10 | test5 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test5 |
-| stmts.go:46:6:46:10 | test6 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test6 |
-| stmts.go:112:6:112:10 | test9 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test9 |
+| file://:0:0:0:0 | Exit | package os |
+| file://:0:0:0:0 | Fatal | package log |
+| file://:0:0:0:0 | Fatalf | package log |
+| file://:0:0:0:0 | Fatalln | package log |
+| noretfunctions.go:8:6:8:12 | isNoRet | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| noretfunctions.go:20:6:20:22 | noRetUsesLogFatal | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| noretfunctions.go:24:6:24:23 | noRetUsesLogFatalf | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| stmts7.go:10:6:10:15 | canRecover | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| stmts.go:10:6:10:10 | test5 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| stmts.go:46:6:46:10 | test6 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
+| stmts.go:112:6:112:10 | test9 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |

go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/NoretFunctions.ql

@@ -2,4 +2,4 @@ import go
 
 from Function f
 where not f.mayReturnNormally()
-select f, f.getQualifiedName()
+select f, f.getPackage()

go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql

@@ -9,9 +9,9 @@ import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 import utils.test.InlineFlowTest
 
 module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { sourceNode(source, "qltest") }
+  predicate isSource(DataFlow::Node src) { sourceNode(src, "qltest") }
 
-  predicate isSink(DataFlow::Node sink) { sinkNode(sink, "qltest") }
+  predicate isSink(DataFlow::Node src) { sinkNode(src, "qltest") }
 }
 
 import ValueFlowTest<Config>

go/ql/test/library-tests/semmle/go/dataflow/VarArgs/CONSISTENCY/DataFlowConsistency.expected

@@ -1,2 +0,0 @@
-reverseRead
-| main.go:23:3:23:5 | out | Origin of readStep is missing a PostUpdateNode. |

go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go

@@ -4,7 +4,7 @@ func source() string {
 	return "untrusted data"
 }
 
-func sink(any) {
+func sink(string) {
 }
 
 type A struct {
@@ -19,10 +19,6 @@ func functionWithVarArgsParameter(s ...string) string {
 	return s[1]
 }
 
-func functionWithVarArgsOutParameter(in string, out ...*string) {
-	*out[0] = in
-}
-
 func functionWithSliceOfStructsParameter(s []A) string {
 	return s[1].f
 }
@@ -42,12 +38,6 @@ func main() {
 	sink(functionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to functionWithVarArgsParameter"
 	sink(functionWithVarArgsParameter(s0, s1))    // $ hasValueFlow="call to functionWithVarArgsParameter"
 
-	var out1 *string
-	var out2 *string
-	functionWithVarArgsOutParameter(source(), out1, out2)
-	sink(out1) // $ MISSING: hasValueFlow="out1"
-	sink(out2) // $ MISSING: hasValueFlow="out2"
-
 	sliceOfStructs := []A{{f: source()}}
 	sink(sliceOfStructs[0].f) // $ hasValueFlow="selection of f"
 

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.expected

@@ -1,2 +0,0 @@
-invalidModelRow
-testFailures

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ext.yml

@@ -1,21 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: summaryModel
-    data:
-      - ["github.com/nonexistent/test", "", False, "FunctionWithParameter", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithSliceParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOutParameter", "", "", "Argument[0]", "Argument[1].ArrayElement", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithSliceOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"]
-      - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sourceModel
-    data:
-      - ["github.com/nonexistent/test", "", False, "VariadicSource", "", "", "Argument[0]", "qltest", "manual"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["github.com/nonexistent/test", "", False, "VariadicSink", "", "", "Argument[0]", "qltest", "manual"]

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ql

@@ -1,22 +0,0 @@
-import go
-import semmle.go.dataflow.ExternalFlow
-import ModelValidation
-import utils.test.InlineFlowTest
-
-module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    sourceNode(source, "qltest")
-    or
-    exists(Function fn | fn.hasQualifiedName(_, ["source", "taint"]) |
-      source = fn.getACall().getResult()
-    )
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    sinkNode(sink, "qltest")
-    or
-    exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument())
-  }
-}
-
-import FlowTest<Config, Config>

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/go.mod

@@ -1,5 +0,0 @@
-module semmle.go.Packages
-
-go 1.25
-
-require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/main.go

@@ -1,56 +0,0 @@
-package main
-
-import (
-	"github.com/nonexistent/test"
-)
-
-func source() string {
-	return "untrusted data"
-}
-
-func sink(any) {
-}
-
-func main() {
-	s := source()
-	sink(test.FunctionWithParameter(s)) // $ hasValueFlow="call to FunctionWithParameter"
-
-	stringSlice := []string{source()}
-	sink(stringSlice[0]) // $ hasValueFlow="index expression"
-
-	s0 := ""
-	s1 := source()
-	sSlice := []string{s0, s1}
-	sink(test.FunctionWithParameter(sSlice[1]))        // $ hasValueFlow="call to FunctionWithParameter"
-	sink(test.FunctionWithSliceParameter(sSlice))      // $ hasValueFlow="call to FunctionWithSliceParameter"
-	sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsParameter"
-	sink(test.FunctionWithVarArgsParameter(s0, s1))    // $ hasValueFlow="call to FunctionWithVarArgsParameter"
-
-	var out1 *string
-	var out2 *string
-	test.FunctionWithVarArgsOutParameter(source(), out1, out2)
-	sink(out1) // $ MISSING: hasValueFlow="out1"
-	sink(out2) // $ MISSING: hasValueFlow="out2"
-
-	sliceOfStructs := []test.A{{Field: source()}}
-	sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field"
-
-	a0 := test.A{Field: ""}
-	a1 := test.A{Field: source()}
-	aSlice := []test.A{a0, a1}
-	sink(test.FunctionWithSliceOfStructsParameter(aSlice))      // $ hasValueFlow="call to FunctionWithSliceOfStructsParameter"
-	sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
-	sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1))    // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
-
-	var variadicSource string
-	test.VariadicSource(&variadicSource)
-	sink(variadicSource)  // $ MISSING: hasTaintFlow="variadicSource"
-	sink(&variadicSource) // $ MISSING: hasTaintFlow="&..."
-
-	var variadicSourcePtr *string
-	test.VariadicSource(variadicSourcePtr)
-	sink(variadicSourcePtr)  // $ MISSING: hasTaintFlow="variadicSourcePtr"
-	sink(*variadicSourcePtr) // $ MISSING: hasTaintFlow="star expression"
-
-	test.VariadicSink(source()) // $ hasTaintFlow="[]type{args}"
-}

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/github.com/nonexistent/test/stub.go

@@ -1,32 +0,0 @@
-package test
-
-type A struct {
-	Field string
-}
-
-func FunctionWithParameter(s string) string {
-	return ""
-}
-
-func FunctionWithSliceParameter(s []string) string {
-	return ""
-}
-
-func FunctionWithVarArgsParameter(s ...string) string {
-	return ""
-}
-
-func FunctionWithVarArgsOutParameter(in string, out ...*string) {
-}
-
-func FunctionWithSliceOfStructsParameter(s []A) string {
-	return ""
-}
-
-func FunctionWithVarArgsOfStructsParameter(s ...A) string {
-	return ""
-}
-
-func VariadicSource(s ...*string) {}
-
-func VariadicSink(s ...string) {}

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/modules.txt

@@ -1,3 +0,0 @@
-# github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
-## explicit
-github.com/nonexistent/test

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql

@@ -20,9 +20,6 @@ class SummaryModelTest extends DataFlow::FunctionModel {
     this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsParameter") and
     (inp.isParameter(_) and outp.isResult())
     or
-    this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsOutParameter") and
-    (inp.isParameter(0) and outp.isParameter(any(int i | i >= 1)))
-    or
     this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithSliceOfStructsParameter") and
     (inp.isParameter(0) and outp.isResult())
     or

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/go.mod

@@ -1,5 +1,5 @@
 module semmle.go.Packages
 
-go 1.25
+go 1.17
 
 require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/main.go

@@ -8,7 +8,7 @@ func source() string {
 	return "untrusted data"
 }
 
-func sink(any) {
+func sink(string) {
 }
 
 func main() {
@@ -21,17 +21,10 @@ func main() {
 	s0 := ""
 	s1 := source()
 	sSlice := []string{s0, s1}
-	sink(test.FunctionWithParameter(sSlice[1]))           // $ hasValueFlow="call to FunctionWithParameter"
-	sink(test.FunctionWithSliceParameter(sSlice))         // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter"
-	sink(test.FunctionWithVarArgsParameter(sSlice...))    // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
-	randomFunctionWithMoreThanOneParameter(1, 2, 3, 4, 5) // This is needed to make the next line pass, because we need to have seen a call to a function with at least 2 parameters for ParameterInput to exist with index 1.
-	sink(test.FunctionWithVarArgsParameter(s0, s1))       // $ hasValueFlow="call to FunctionWithVarArgsParameter"
-
-	var out1 *string
-	var out2 *string
-	test.FunctionWithVarArgsOutParameter(source(), out1, out2)
-	sink(out1) // $ hasValueFlow="out1"
-	sink(out2) // $ hasValueFlow="out2"
+	sink(test.FunctionWithParameter(sSlice[1]))        // $ hasValueFlow="call to FunctionWithParameter"
+	sink(test.FunctionWithSliceParameter(sSlice))      // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter"
+	sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
+	sink(test.FunctionWithVarArgsParameter(s0, s1))    // $ MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
 
 	sliceOfStructs := []test.A{{Field: source()}}
 	sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field"
@@ -44,6 +37,3 @@ func main() {
 	sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
 	sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1))    // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
 }
-
-func randomFunctionWithMoreThanOneParameter(i1, i2, i3, i4, i5 int) {
-}

go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/vendor/github.com/nonexistent/test/stub.go

@@ -16,9 +16,6 @@ func FunctionWithVarArgsParameter(s ...string) string {
 	return ""
 }
 
-func FunctionWithVarArgsOutParameter(in string, out ...*string) {
-}
-
 func FunctionWithSliceOfStructsParameter(s []A) string {
 	return ""
 }

go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Log.go

@@ -15,6 +15,62 @@ func TaintStepTest_LogNew_B0I0O0(sourceCQL interface{}) interface{} {
 	return intoWriter414
 }
 
+func TaintStepTest_LogLoggerFatal_B0I0O0(sourceCQL interface{}) interface{} {
+	fromInterface518 := sourceCQL.(interface{})
+	var intoLogger650 log.Logger
+	intoLogger650.Fatal(fromInterface518)
+	return intoLogger650
+}
+
+func TaintStepTest_LogLoggerFatalf_B0I0O0(sourceCQL interface{}) interface{} {
+	fromString784 := sourceCQL.(string)
+	var intoLogger957 log.Logger
+	intoLogger957.Fatalf(fromString784, nil)
+	return intoLogger957
+}
+
+func TaintStepTest_LogLoggerFatalf_B0I1O0(sourceCQL interface{}) interface{} {
+	fromInterface520 := sourceCQL.(interface{})
+	var intoLogger443 log.Logger
+	intoLogger443.Fatalf("", fromInterface520)
+	return intoLogger443
+}
+
+func TaintStepTest_LogLoggerFatalln_B0I0O0(sourceCQL interface{}) interface{} {
+	fromInterface127 := sourceCQL.(interface{})
+	var intoLogger483 log.Logger
+	intoLogger483.Fatalln(fromInterface127)
+	return intoLogger483
+}
+
+func TaintStepTest_LogLoggerPanic_B0I0O0(sourceCQL interface{}) interface{} {
+	fromInterface989 := sourceCQL.(interface{})
+	var intoLogger982 log.Logger
+	intoLogger982.Panic(fromInterface989)
+	return intoLogger982
+}
+
+func TaintStepTest_LogLoggerPanicf_B0I0O0(sourceCQL interface{}) interface{} {
+	fromString417 := sourceCQL.(string)
+	var intoLogger584 log.Logger
+	intoLogger584.Panicf(fromString417, nil)
+	return intoLogger584
+}
+
+func TaintStepTest_LogLoggerPanicf_B0I1O0(sourceCQL interface{}) interface{} {
+	fromInterface991 := sourceCQL.(interface{})
+	var intoLogger881 log.Logger
+	intoLogger881.Panicf("", fromInterface991)
+	return intoLogger881
+}
+
+func TaintStepTest_LogLoggerPanicln_B0I0O0(sourceCQL interface{}) interface{} {
+	fromInterface186 := sourceCQL.(interface{})
+	var intoLogger284 log.Logger
+	intoLogger284.Panicln(fromInterface186)
+	return intoLogger284
+}
+
 func TaintStepTest_LogLoggerPrint_B0I0O0(sourceCQL interface{}) interface{} {
 	fromInterface908 := sourceCQL.(interface{})
 	var intoLogger137 log.Logger
@@ -69,6 +125,46 @@ func RunAllTaints_Log() {
 		out := TaintStepTest_LogNew_B0I0O0(source)
 		sink(0, out)
 	}
+	{
+		source := newSource(1)
+		out := TaintStepTest_LogLoggerFatal_B0I0O0(source)
+		sink(1, out)
+	}
+	{
+		source := newSource(2)
+		out := TaintStepTest_LogLoggerFatalf_B0I0O0(source)
+		sink(2, out)
+	}
+	{
+		source := newSource(3)
+		out := TaintStepTest_LogLoggerFatalf_B0I1O0(source)
+		sink(3, out)
+	}
+	{
+		source := newSource(4)
+		out := TaintStepTest_LogLoggerFatalln_B0I0O0(source)
+		sink(4, out)
+	}
+	{
+		source := newSource(5)
+		out := TaintStepTest_LogLoggerPanic_B0I0O0(source)
+		sink(5, out)
+	}
+	{
+		source := newSource(6)
+		out := TaintStepTest_LogLoggerPanicf_B0I0O0(source)
+		sink(6, out)
+	}
+	{
+		source := newSource(7)
+		out := TaintStepTest_LogLoggerPanicf_B0I1O0(source)
+		sink(7, out)
+	}
+	{
+		source := newSource(8)
+		out := TaintStepTest_LogLoggerPanicln_B0I0O0(source)
+		sink(8, out)
+	}
 	{
 		source := newSource(9)
 		out := TaintStepTest_LogLoggerPrint_B0I0O0(source)

go/ql/test/query-tests/Security/CWE-117/CONSISTENCY/DataFlowConsistency.expected

@@ -3,9 +3,9 @@ reverseRead
 | LogInjection.go:33:14:33:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
 | LogInjection.go:34:18:34:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
 | LogInjection.go:35:14:35:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:551:14:551:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:559:14:559:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:567:14:567:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:602:14:602:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:603:14:603:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
-| LogInjection.go:828:12:828:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:447:14:447:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:455:14:455:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:463:14:463:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:498:14:498:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:499:14:499:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
+| LogInjection.go:724:12:724:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |

go/ql/test/query-tests/Security/CWE-117/LogInjection.go

@@ -49,22 +49,22 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		log.Printf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
 		log.Println("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 
-		if testFlag == "1" {
+		if testFlag == "true" {
 			log.Fatal("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "2" {
+		if testFlag == "true" {
 			log.Fatalf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "3" {
+		if testFlag == "true" {
 			log.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "4" {
+		if testFlag == "true" {
 			log.Panic("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "5" {
+		if testFlag == "true" {
 			log.Panicf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
 		}
-		if testFlag == "6" {
+		if testFlag == "true" {
 			log.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
 
@@ -72,24 +72,12 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger.Print("user is logged in:", username, password)   // $ hasTaintFlow="username" hasTaintFlow="password"
 		logger.Printf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
 		logger.Println("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		if testFlag == "7" {
-			logger.Fatal("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "8" {
-			logger.Fatalf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "9" {
-			logger.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "10" {
-			logger.Panic("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "11" {
-			logger.Panicf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
-		}
-		if testFlag == "12" {
-			logger.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
-		}
+		logger.Fatal("user is logged in:", username, password)   // $ hasTaintFlow="username" hasTaintFlow="password"
+		logger.Fatalf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
+		logger.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
+		logger.Panic("user is logged in:", username, password)   // $ hasTaintFlow="username" hasTaintFlow="password"
+		logger.Panicf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
+		logger.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 	}
 	// k8s.io/klog
 	{
@@ -103,24 +91,12 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		klog.Error(username)     // $ hasTaintFlow="username"
 		klog.Errorf(username)    // $ hasTaintFlow="username"
 		klog.Errorln(username)   // $ hasTaintFlow="username"
-		if testFlag == "77" {
-			klog.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "78" {
-			klog.Fatalf(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "79" {
-			klog.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "80" {
-			klog.Exit(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "81" {
-			klog.Exitf(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "82" {
-			klog.Exitln(username) // $ hasTaintFlow="username"
-		}
+		klog.Fatal(username)     // $ hasTaintFlow="username"
+		klog.Fatalf(username)    // $ hasTaintFlow="username"
+		klog.Fatalln(username)   // $ hasTaintFlow="username"
+		klog.Exit(username)      // $ hasTaintFlow="username"
+		klog.Exitf(username)     // $ hasTaintFlow="username"
+		klog.Exitln(username)    // $ hasTaintFlow="username"
 	}
 	// astaxie/beego
 	{
@@ -185,30 +161,14 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		glog.ErrorDepth(0, username) // $ hasTaintFlow="username"
 		glog.Errorf(username)        // $ hasTaintFlow="username"
 		glog.Errorln(username)       // $ hasTaintFlow="username"
-		if testFlag == "83" {
-			glog.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "84" {
-			glog.FatalDepth(0, username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "85" {
-			glog.Fatalf(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "86" {
-			glog.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "87" {
-			glog.Exit(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "88" {
-			glog.ExitDepth(0, username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "89" {
-			glog.Exitf(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "90" {
-			glog.Exitln(username) // $ hasTaintFlow="username"
-		}
+		glog.Fatal(username)         // $ hasTaintFlow="username"
+		glog.FatalDepth(0, username) // $ hasTaintFlow="username"
+		glog.Fatalf(username)        // $ hasTaintFlow="username"
+		glog.Fatalln(username)       // $ hasTaintFlow="username"
+		glog.Exit(username)          // $ hasTaintFlow="username"
+		glog.ExitDepth(0, username)  // $ hasTaintFlow="username"
+		glog.Exitf(username)         // $ hasTaintFlow="username"
+		glog.Exitln(username)        // $ hasTaintFlow="username"
 
 	}
 	// sirupsen/logrus
@@ -219,42 +179,26 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger := logrus.New()
 		entry := logrus.NewEntry(logger)
 
-		logrus.Debug(username)      // $ hasTaintFlow="username"
-		logrus.Debugf(username, "") // $ hasTaintFlow="username"
-		logrus.Debugf("", username) // $ hasTaintFlow="username"
-		logrus.Debugln(username)    // $ hasTaintFlow="username"
-		logrus.Error(username)      // $ hasTaintFlow="username"
-		logrus.Errorf(username, "") // $ hasTaintFlow="username"
-		logrus.Errorf("", username) // $ hasTaintFlow="username"
-		logrus.Errorln(username)    // $ hasTaintFlow="username"
-		if testFlag == "13" {
-			logrus.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "14" {
-			logrus.Fatalf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "15" {
-			logrus.Fatalf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "16" {
-			logrus.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		logrus.Info(username)      // $ hasTaintFlow="username"
-		logrus.Infof(username, "") // $ hasTaintFlow="username"
-		logrus.Infof("", username) // $ hasTaintFlow="username"
-		logrus.Infoln(username)    // $ hasTaintFlow="username"
-		if testFlag == "17" {
-			logrus.Panic(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "18" {
-			logrus.Panicf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "19" {
-			logrus.Panicf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "20" {
-			logrus.Panicln(username) // $ hasTaintFlow="username"
-		}
+		logrus.Debug(username)         // $ hasTaintFlow="username"
+		logrus.Debugf(username, "")    // $ hasTaintFlow="username"
+		logrus.Debugf("", username)    // $ hasTaintFlow="username"
+		logrus.Debugln(username)       // $ hasTaintFlow="username"
+		logrus.Error(username)         // $ hasTaintFlow="username"
+		logrus.Errorf(username, "")    // $ hasTaintFlow="username"
+		logrus.Errorf("", username)    // $ hasTaintFlow="username"
+		logrus.Errorln(username)       // $ hasTaintFlow="username"
+		logrus.Fatal(username)         // $ hasTaintFlow="username"
+		logrus.Fatalf(username, "")    // $ hasTaintFlow="username"
+		logrus.Fatalf("", username)    // $ hasTaintFlow="username"
+		logrus.Fatalln(username)       // $ hasTaintFlow="username"
+		logrus.Info(username)          // $ hasTaintFlow="username"
+		logrus.Infof(username, "")     // $ hasTaintFlow="username"
+		logrus.Infof("", username)     // $ hasTaintFlow="username"
+		logrus.Infoln(username)        // $ hasTaintFlow="username"
+		logrus.Panic(username)         // $ hasTaintFlow="username"
+		logrus.Panicf(username, "")    // $ hasTaintFlow="username"
+		logrus.Panicf("", username)    // $ hasTaintFlow="username"
+		logrus.Panicln(username)       // $ hasTaintFlow="username"
 		logrus.Print(username)         // $ hasTaintFlow="username"
 		logrus.Printf(username, "")    // $ hasTaintFlow="username"
 		logrus.Printf("", username)    // $ hasTaintFlow="username"
@@ -276,46 +220,30 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logrus.WithField("", username) // $ hasTaintFlow="username"
 		logrus.WithFields(fields)      // $ hasTaintFlow="fields"
 
-		entry.Debug(username)      // $ hasTaintFlow="username"
-		entry.Debugf(username, "") // $ hasTaintFlow="username"
-		entry.Debugf("", username) // $ hasTaintFlow="username"
-		entry.Debugln(username)    // $ hasTaintFlow="username"
-		entry.Error(username)      // $ hasTaintFlow="username"
-		entry.Errorf(username, "") // $ hasTaintFlow="username"
-		entry.Errorf("", username) // $ hasTaintFlow="username"
-		entry.Errorln(username)    // $ hasTaintFlow="username"
-		if testFlag == "21" {
-			entry.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "22" {
-			entry.Fatalf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "23" {
-			entry.Fatalf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "24" {
-			entry.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		entry.Info(username)        // $ hasTaintFlow="username"
-		entry.Infof(username, "")   // $ hasTaintFlow="username"
-		entry.Infof("", username)   // $ hasTaintFlow="username"
-		entry.Infoln(username)      // $ hasTaintFlow="username"
-		entry.Log(0, username)      // $ hasTaintFlow="username"
-		entry.Logf(0, username, "") // $ hasTaintFlow="username"
-		entry.Logf(0, "", username) // $ hasTaintFlow="username"
-		entry.Logln(0, username)    // $ hasTaintFlow="username"
-		if testFlag == "25" {
-			entry.Panic(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "26" {
-			entry.Panicf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "27" {
-			entry.Panicf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "28" {
-			entry.Panicln(username) // $ hasTaintFlow="username"
-		}
+		entry.Debug(username)         // $ hasTaintFlow="username"
+		entry.Debugf(username, "")    // $ hasTaintFlow="username"
+		entry.Debugf("", username)    // $ hasTaintFlow="username"
+		entry.Debugln(username)       // $ hasTaintFlow="username"
+		entry.Error(username)         // $ hasTaintFlow="username"
+		entry.Errorf(username, "")    // $ hasTaintFlow="username"
+		entry.Errorf("", username)    // $ hasTaintFlow="username"
+		entry.Errorln(username)       // $ hasTaintFlow="username"
+		entry.Fatal(username)         // $ hasTaintFlow="username"
+		entry.Fatalf(username, "")    // $ hasTaintFlow="username"
+		entry.Fatalf("", username)    // $ hasTaintFlow="username"
+		entry.Fatalln(username)       // $ hasTaintFlow="username"
+		entry.Info(username)          // $ hasTaintFlow="username"
+		entry.Infof(username, "")     // $ hasTaintFlow="username"
+		entry.Infof("", username)     // $ hasTaintFlow="username"
+		entry.Infoln(username)        // $ hasTaintFlow="username"
+		entry.Log(0, username)        // $ hasTaintFlow="username"
+		entry.Logf(0, username, "")   // $ hasTaintFlow="username"
+		entry.Logf(0, "", username)   // $ hasTaintFlow="username"
+		entry.Logln(0, username)      // $ hasTaintFlow="username"
+		entry.Panic(username)         // $ hasTaintFlow="username"
+		entry.Panicf(username, "")    // $ hasTaintFlow="username"
+		entry.Panicf("", username)    // $ hasTaintFlow="username"
+		entry.Panicln(username)       // $ hasTaintFlow="username"
 		entry.Print(username)         // $ hasTaintFlow="username"
 		entry.Printf(username, "")    // $ hasTaintFlow="username"
 		entry.Printf("", username)    // $ hasTaintFlow="username"
@@ -337,46 +265,30 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		entry.WithField("", username) // $ hasTaintFlow="username"
 		entry.WithFields(fields)      // $ hasTaintFlow="fields"
 
-		logger.Debug(username)      // $ hasTaintFlow="username"
-		logger.Debugf(username, "") // $ hasTaintFlow="username"
-		logger.Debugf("", username) // $ hasTaintFlow="username"
-		logger.Debugln(username)    // $ hasTaintFlow="username"
-		logger.Error(username)      // $ hasTaintFlow="username"
-		logger.Errorf(username, "") // $ hasTaintFlow="username"
-		logger.Errorf("", username) // $ hasTaintFlow="username"
-		logger.Errorln(username)    // $ hasTaintFlow="username"
-		if testFlag == "29" {
-			logger.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "30" {
-			logger.Fatalf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "31" {
-			logger.Fatalf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "32" {
-			logger.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		logger.Info(username)        // $ hasTaintFlow="username"
-		logger.Infof(username, "")   // $ hasTaintFlow="username"
-		logger.Infof("", username)   // $ hasTaintFlow="username"
-		logger.Infoln(username)      // $ hasTaintFlow="username"
-		logger.Log(0, username)      // $ hasTaintFlow="username"
-		logger.Logf(0, username, "") // $ hasTaintFlow="username"
-		logger.Logf(0, "", username) // $ hasTaintFlow="username"
-		logger.Logln(0, username)    // $ hasTaintFlow="username"
-		if testFlag == "33" {
-			logger.Panic(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "34" {
-			logger.Panicf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "35" {
-			logger.Panicf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "36" {
-			logger.Panicln(username) // $ hasTaintFlow="username"
-		}
+		logger.Debug(username)         // $ hasTaintFlow="username"
+		logger.Debugf(username, "")    // $ hasTaintFlow="username"
+		logger.Debugf("", username)    // $ hasTaintFlow="username"
+		logger.Debugln(username)       // $ hasTaintFlow="username"
+		logger.Error(username)         // $ hasTaintFlow="username"
+		logger.Errorf(username, "")    // $ hasTaintFlow="username"
+		logger.Errorf("", username)    // $ hasTaintFlow="username"
+		logger.Errorln(username)       // $ hasTaintFlow="username"
+		logger.Fatal(username)         // $ hasTaintFlow="username"
+		logger.Fatalf(username, "")    // $ hasTaintFlow="username"
+		logger.Fatalf("", username)    // $ hasTaintFlow="username"
+		logger.Fatalln(username)       // $ hasTaintFlow="username"
+		logger.Info(username)          // $ hasTaintFlow="username"
+		logger.Infof(username, "")     // $ hasTaintFlow="username"
+		logger.Infof("", username)     // $ hasTaintFlow="username"
+		logger.Infoln(username)        // $ hasTaintFlow="username"
+		logger.Log(0, username)        // $ hasTaintFlow="username"
+		logger.Logf(0, username, "")   // $ hasTaintFlow="username"
+		logger.Logf(0, "", username)   // $ hasTaintFlow="username"
+		logger.Logln(0, username)      // $ hasTaintFlow="username"
+		logger.Panic(username)         // $ hasTaintFlow="username"
+		logger.Panicf(username, "")    // $ hasTaintFlow="username"
+		logger.Panicf("", username)    // $ hasTaintFlow="username"
+		logger.Panicln(username)       // $ hasTaintFlow="username"
 		logger.Print(username)         // $ hasTaintFlow="username"
 		logger.Printf(username, "")    // $ hasTaintFlow="username"
 		logger.Printf("", username)    // $ hasTaintFlow="username"
@@ -399,42 +311,26 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger.WithFields(fields)      // $ hasTaintFlow="fields"
 
 		var fieldlogger logrus.FieldLogger = entry
-		fieldlogger.Debug(username)      // $ hasTaintFlow="username"
-		fieldlogger.Debugf(username, "") // $ hasTaintFlow="username"
-		fieldlogger.Debugf("", username) // $ hasTaintFlow="username"
-		fieldlogger.Debugln(username)    // $ hasTaintFlow="username"
-		fieldlogger.Error(username)      // $ hasTaintFlow="username"
-		fieldlogger.Errorf(username, "") // $ hasTaintFlow="username"
-		fieldlogger.Errorf("", username) // $ hasTaintFlow="username"
-		fieldlogger.Errorln(username)    // $ hasTaintFlow="username"
-		if testFlag == "37" {
-			fieldlogger.Fatal(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "38" {
-			fieldlogger.Fatalf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "39" {
-			fieldlogger.Fatalf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "40" {
-			fieldlogger.Fatalln(username) // $ hasTaintFlow="username"
-		}
-		fieldlogger.Info(username)      // $ hasTaintFlow="username"
-		fieldlogger.Infof(username, "") // $ hasTaintFlow="username"
-		fieldlogger.Infof("", username) // $ hasTaintFlow="username"
-		fieldlogger.Infoln(username)    // $ hasTaintFlow="username"
-		if testFlag == "41" {
-			fieldlogger.Panic(username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "42" {
-			fieldlogger.Panicf(username, "") // $ hasTaintFlow="username"
-		}
-		if testFlag == "43" {
-			fieldlogger.Panicf("", username) // $ hasTaintFlow="username"
-		}
-		if testFlag == "44" {
-			fieldlogger.Panicln(username) // $ hasTaintFlow="username"
-		}
+		fieldlogger.Debug(username)         // $ hasTaintFlow="username"
+		fieldlogger.Debugf(username, "")    // $ hasTaintFlow="username"
+		fieldlogger.Debugf("", username)    // $ hasTaintFlow="username"
+		fieldlogger.Debugln(username)       // $ hasTaintFlow="username"
+		fieldlogger.Error(username)         // $ hasTaintFlow="username"
+		fieldlogger.Errorf(username, "")    // $ hasTaintFlow="username"
+		fieldlogger.Errorf("", username)    // $ hasTaintFlow="username"
+		fieldlogger.Errorln(username)       // $ hasTaintFlow="username"
+		fieldlogger.Fatal(username)         // $ hasTaintFlow="username"
+		fieldlogger.Fatalf(username, "")    // $ hasTaintFlow="username"
+		fieldlogger.Fatalf("", username)    // $ hasTaintFlow="username"
+		fieldlogger.Fatalln(username)       // $ hasTaintFlow="username"
+		fieldlogger.Info(username)          // $ hasTaintFlow="username"
+		fieldlogger.Infof(username, "")     // $ hasTaintFlow="username"
+		fieldlogger.Infof("", username)     // $ hasTaintFlow="username"
+		fieldlogger.Infoln(username)        // $ hasTaintFlow="username"
+		fieldlogger.Panic(username)         // $ hasTaintFlow="username"
+		fieldlogger.Panicf(username, "")    // $ hasTaintFlow="username"
+		fieldlogger.Panicf("", username)    // $ hasTaintFlow="username"
+		fieldlogger.Panicln(username)       // $ hasTaintFlow="username"
 		fieldlogger.Print(username)         // $ hasTaintFlow="username"
 		fieldlogger.Printf(username, "")    // $ hasTaintFlow="username"
 		fieldlogger.Printf("", username)    // $ hasTaintFlow="username"
@@ -470,11 +366,11 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger.DPanic(username) // $ hasTaintFlow="username"
 		logger.Debug(username)  // $ hasTaintFlow="username"
 		logger.Error(username)  // $ hasTaintFlow="username"
-		if testFlag == "45" {
+		if testFlag == " true" {
 			logger.Fatal(username) // $ hasTaintFlow="username"
 		}
 		logger.Info(username) // $ hasTaintFlow="username"
-		if testFlag == "46" {
+		if testFlag == " true" {
 			logger.Panic(username) // $ hasTaintFlow="username"
 		}
 		logger.Warn(username)        // $ hasTaintFlow="username"
@@ -486,33 +382,33 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		sLogger.DPanic(username) // $ hasTaintFlow="username"
 		sLogger.Debug(username)  // $ hasTaintFlow="username"
 		sLogger.Error(username)  // $ hasTaintFlow="username"
-		if testFlag == "47" {
+		if testFlag == " true" {
 			sLogger.Fatal(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Info(username) // $ hasTaintFlow="username"
-		if testFlag == "48" {
+		if testFlag == " true" {
 			sLogger.Panic(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Warn(username)    // $ hasTaintFlow="username"
 		sLogger.DPanicf(username) // $ hasTaintFlow="username"
 		sLogger.Debugf(username)  // $ hasTaintFlow="username"
 		sLogger.Errorf(username)  // $ hasTaintFlow="username"
-		if testFlag == "49" {
+		if testFlag == " true" {
 			sLogger.Fatalf(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Infof(username) // $ hasTaintFlow="username"
-		if testFlag == "50" {
+		if testFlag == " true" {
 			sLogger.Panicf(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Warnf(username)   // $ hasTaintFlow="username"
 		sLogger.DPanicw(username) // $ hasTaintFlow="username"
 		sLogger.Debugw(username)  // $ hasTaintFlow="username"
 		sLogger.Errorw(username)  // $ hasTaintFlow="username"
-		if testFlag == "51" {
+		if testFlag == " true" {
 			sLogger.Fatalw(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Infow(username) // $ hasTaintFlow="username"
-		if testFlag == "52" {
+		if testFlag == " true" {
 			sLogger.Panicw(username) // $ hasTaintFlow="username"
 		}
 		sLogger.Warnw(username) // $ hasTaintFlow="username"
@@ -619,10 +515,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		verbose.Infof("user %q logged in.\n", username)
 		klog.Infof("user %q logged in.\n", username)
 		klog.Errorf("user %q logged in.\n", username)
-		if testFlag == "53" {
+		if testFlag == " true" {
 			klog.Fatalf("user %q logged in.\n", username)
 		}
-		if testFlag == "54" {
+		if testFlag == " true" {
 			klog.Exitf("user %q logged in.\n", username)
 		}
 	}
@@ -638,10 +534,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 
 		glog.Infof("user %q logged in.\n", username)
 		glog.Errorf("user %q logged in.\n", username)
-		if testFlag == "55" {
+		if testFlag == " true" {
 			glog.Fatalf("user %q logged in.\n", username)
 		}
-		if testFlag == "56" {
+		if testFlag == " true" {
 			glog.Exitf("user %q logged in.\n", username)
 		}
 	}
@@ -649,11 +545,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 	{
 		logrus.Debugf("user %q logged in.\n", username)
 		logrus.Errorf("user %q logged in.\n", username)
-		if testFlag == "57" {
+		if testFlag == " true" {
 			logrus.Fatalf("user %q logged in.\n", username)
 		}
 		logrus.Infof("user %q logged in.\n", username)
-		if testFlag == "58" {
+		if testFlag == " true" {
 			logrus.Panicf("user %q logged in.\n", username)
 		}
 		logrus.Printf("user %q logged in.\n", username)
@@ -665,12 +561,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		entry := logrus.WithFields(fields)
 		entry.Debugf("user %q logged in.\n", username)
 		entry.Errorf("user %q logged in.\n", username)
-		if testFlag == "59" {
+		if testFlag == " true" {
 			entry.Fatalf("user %q logged in.\n", username)
 		}
 		entry.Infof("user %q logged in.\n", username)
 		entry.Logf(0, "user %q logged in.\n", username)
-		if testFlag == "60" {
+		if testFlag == " true" {
 			entry.Panicf("user %q logged in.\n", username)
 		}
 		entry.Printf("user %q logged in.\n", username)
@@ -681,12 +577,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger := entry.Logger
 		logger.Debugf("user %q logged in.\n", username)
 		logger.Errorf("user %q logged in.\n", username)
-		if testFlag == "61" {
+		if testFlag == " true" {
 			logger.Fatalf("user %q logged in.\n", username)
 		}
 		logger.Infof("user %q logged in.\n", username)
 		logger.Logf(0, "user %q logged in.\n", username)
-		if testFlag == "62" {
+		if testFlag == " true" {
 			logger.Panicf("user %q logged in.\n", username)
 		}
 		logger.Printf("user %q logged in.\n", username)
@@ -707,11 +603,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		sLogger.DPanicf("user %q logged in.\n", username)
 		sLogger.Debugf("user %q logged in.\n", username)
 		sLogger.Errorf("user %q logged in.\n", username)
-		if testFlag == "63" {
+		if testFlag == " true" {
 			sLogger.Fatalf("user %q logged in.\n", username)
 		}
 		sLogger.Infof("user %q logged in.\n", username)
-		if testFlag == "64" {
+		if testFlag == " true" {
 			sLogger.Panicf("user %q logged in.\n", username)
 		}
 		sLogger.Warnf("user %q logged in.\n", username)
@@ -724,10 +620,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		verbose.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		klog.Infof("user %#q logged in.\n", username)    // $ hasTaintFlow="username"
 		klog.Errorf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
-		if testFlag == "65" {
+		if testFlag == " true" {
 			klog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
-		if testFlag == "66" {
+		if testFlag == " true" {
 			klog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 	}
@@ -743,10 +639,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 
 		glog.Infof("user %#q logged in.\n", username)  // $ hasTaintFlow="username"
 		glog.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "67" {
+		if testFlag == " true" {
 			glog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
-		if testFlag == "68" {
+		if testFlag == " true" {
 			glog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 	}
@@ -754,11 +650,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 	{
 		logrus.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		logrus.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "69" {
+		if testFlag == " true" {
 			logrus.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		logrus.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "70" {
+		if testFlag == " true" {
 			logrus.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		logrus.Printf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
@@ -770,12 +666,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		entry := logrus.WithFields(fields)
 		entry.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		entry.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "71" {
+		if testFlag == " true" {
 			entry.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		entry.Infof("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
 		entry.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "72" {
+		if testFlag == " true" {
 			entry.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		entry.Printf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
@@ -786,12 +682,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger := entry.Logger
 		logger.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		logger.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "73" {
+		if testFlag == " true" {
 			logger.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		logger.Infof("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
 		logger.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "74" {
+		if testFlag == " true" {
 			logger.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		logger.Printf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
@@ -812,11 +708,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		sLogger.DPanicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		sLogger.Debugf("user %#q logged in.\n", username)  // $ hasTaintFlow="username"
 		sLogger.Errorf("user %#q logged in.\n", username)  // $ hasTaintFlow="username"
-		if testFlag == "75" {
+		if testFlag == " true" {
 			sLogger.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		sLogger.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		if testFlag == "76" {
+		if testFlag == " true" {
 			sLogger.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		}
 		sLogger.Warnf("user %#q logged in.\n", username) // $ hasTaintFlow="username"

go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected

@@ -37,22 +37,22 @@
 | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | $@ flows to a logging call. | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by an access to password |
 | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | $@ flows to a logging call. | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by a call to getPassword |
 | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by a call to getPassword |
-| passwords.go:33:13:33:20 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:33:13:33:20 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:36:14:36:35 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:36:14:36:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:41:14:41:17 | obj1 | passwords.go:39:13:39:13 | x | passwords.go:41:14:41:17 | obj1 | $@ flows to a logging call. | passwords.go:39:13:39:13 | x | Sensitive data returned by an access to password |
-| passwords.go:46:14:46:17 | obj2 | passwords.go:21:2:21:9 | definition of password | passwords.go:46:14:46:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:53:14:53:27 | fixed_password | passwords.go:52:2:52:15 | definition of fixed_password | passwords.go:53:14:53:27 | fixed_password | $@ flows to a logging call. | passwords.go:52:2:52:15 | definition of fixed_password | Sensitive data returned by an access to fixed_password |
-| passwords.go:91:14:91:26 | utilityObject | passwords.go:89:16:89:36 | call to make | passwords.go:91:14:91:26 | utilityObject | $@ flows to a logging call. | passwords.go:89:16:89:36 | call to make | Sensitive data returned by an access to passwordSet |
-| passwords.go:94:23:94:28 | secret | passwords.go:21:2:21:9 | definition of password | passwords.go:94:23:94:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:104:15:104:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:104:15:104:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:110:16:110:41 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:110:16:110:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:115:15:115:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:115:15:115:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:119:14:119:45 | ...+... | passwords.go:118:6:118:14 | definition of password1 | passwords.go:119:14:119:45 | ...+... | $@ flows to a logging call. | passwords.go:118:6:118:14 | definition of password1 | Sensitive data returned by an access to password1 |
-| passwords.go:129:14:129:19 | config | passwords.go:21:2:21:9 | definition of password | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:129:14:129:19 | config | passwords.go:123:13:123:14 | x3 | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:123:13:123:14 | x3 | Sensitive data returned by an access to password |
-| passwords.go:129:14:129:19 | config | passwords.go:126:13:126:25 | call to getPassword | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:126:13:126:25 | call to getPassword | Sensitive data returned by a call to getPassword |
-| passwords.go:130:14:130:21 | selection of x | passwords.go:21:2:21:9 | definition of password | passwords.go:130:14:130:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
-| passwords.go:131:14:131:21 | selection of y | passwords.go:126:13:126:25 | call to getPassword | passwords.go:131:14:131:21 | selection of y | $@ flows to a logging call. | passwords.go:126:13:126:25 | call to getPassword | Sensitive data returned by a call to getPassword |
+| passwords.go:32:12:32:19 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:34:14:34:35 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:39:14:39:17 | obj1 | passwords.go:37:13:37:13 | x | passwords.go:39:14:39:17 | obj1 | $@ flows to a logging call. | passwords.go:37:13:37:13 | x | Sensitive data returned by an access to password |
+| passwords.go:44:14:44:17 | obj2 | passwords.go:21:2:21:9 | definition of password | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:51:14:51:27 | fixed_password | passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:50:2:50:15 | definition of fixed_password | Sensitive data returned by an access to fixed_password |
+| passwords.go:89:14:89:26 | utilityObject | passwords.go:87:16:87:36 | call to make | passwords.go:89:14:89:26 | utilityObject | $@ flows to a logging call. | passwords.go:87:16:87:36 | call to make | Sensitive data returned by an access to passwordSet |
+| passwords.go:92:23:92:28 | secret | passwords.go:21:2:21:9 | definition of password | passwords.go:92:23:92:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:102:15:102:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:102:15:102:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:108:16:108:41 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:108:16:108:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:113:15:113:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:113:15:113:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:117:14:117:45 | ...+... | passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:14:117:45 | ...+... | $@ flows to a logging call. | passwords.go:116:6:116:14 | definition of password1 | Sensitive data returned by an access to password1 |
+| passwords.go:127:14:127:19 | config | passwords.go:21:2:21:9 | definition of password | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:127:14:127:19 | config | passwords.go:121:13:121:14 | x3 | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:121:13:121:14 | x3 | Sensitive data returned by an access to password |
+| passwords.go:127:14:127:19 | config | passwords.go:124:13:124:25 | call to getPassword | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword |
+| passwords.go:128:14:128:21 | selection of x | passwords.go:21:2:21:9 | definition of password | passwords.go:128:14:128:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
+| passwords.go:129:14:129:21 | selection of y | passwords.go:124:13:124:25 | call to getPassword | passwords.go:129:14:129:21 | selection of y | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword |
 | protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:9:2:9:9 | definition of password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:9:2:9:9 | definition of password | Sensitive data returned by an access to password |
 edges
 | klog.go:21:3:26:3 | range statement[1] | klog.go:22:27:22:33 | headers | provenance |  |
@@ -82,15 +82,95 @@ edges
 | main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance |  |
 | main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
 | main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
 | main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance |  |
 | main.go:54:12:54:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
 | main.go:54:12:54:19 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:59:18:59:25 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:59:18:59:25 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:62:12:62:19 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
+| main.go:56:11:56:18 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:56:11:56:18 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:56:11:56:18 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:56:11:56:18 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:62:12:62:19 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
+| main.go:59:18:59:25 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:59:18:59:25 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:59:18:59:25 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:59:18:59:25 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:65:13:65:20 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:62:12:62:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:62:12:62:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:62:12:62:19 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:68:11:68:18 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:65:13:65:20 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:65:13:65:20 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:65:13:65:20 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:71:18:71:25 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:68:11:68:18 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:68:11:68:18 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:68:11:68:18 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:71:18:71:25 | password | main.go:74:12:74:19 | password | provenance |  |
+| main.go:71:18:71:25 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
+| main.go:71:18:71:25 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:71:18:71:25 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:71:18:71:25 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:71:18:71:25 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:74:12:74:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:74:12:74:19 | password | main.go:77:13:77:20 | password | provenance |  |
+| main.go:74:12:74:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:74:12:74:19 | password | main.go:80:17:80:24 | password | provenance |  |
+| main.go:77:13:77:20 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
+| main.go:77:13:77:20 | password | main.go:80:17:80:24 | password | provenance |  |
 | main.go:80:17:80:24 | password | main.go:82:12:82:19 | password | provenance |  |
 | main.go:80:17:80:24 | password | main.go:83:17:83:24 | password | provenance |  |
 | main.go:80:17:80:24 | password | main.go:86:19:86:26 | password | provenance |  |
@@ -102,46 +182,46 @@ edges
 | passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance |  |
 | passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | provenance |  |
 | passwords.go:21:2:21:9 | definition of password | passwords.go:30:8:30:15 | password | provenance |  |
-| passwords.go:21:2:21:9 | definition of password | passwords.go:33:13:33:20 | password | provenance |  |
-| passwords.go:21:2:21:9 | definition of password | passwords.go:36:28:36:35 | password | provenance |  |
+| passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | provenance |  |
+| passwords.go:21:2:21:9 | definition of password | passwords.go:34:28:34:35 | password | provenance |  |
 | passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance |  |
-| passwords.go:36:28:36:35 | password | passwords.go:36:14:36:35 | ...+... | provenance | Config |
-| passwords.go:36:28:36:35 | password | passwords.go:44:6:44:13 | password | provenance |  |
-| passwords.go:38:10:40:2 | struct literal | passwords.go:41:14:41:17 | obj1 | provenance |  |
-| passwords.go:39:13:39:13 | x | passwords.go:38:10:40:2 | struct literal | provenance | Config |
-| passwords.go:43:10:45:2 | struct literal | passwords.go:46:14:46:17 | obj2 | provenance |  |
-| passwords.go:44:6:44:13 | password | passwords.go:43:10:45:2 | struct literal | provenance | Config |
-| passwords.go:44:6:44:13 | password | passwords.go:50:11:50:18 | password | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:94:23:94:28 | secret | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:104:33:104:40 | password | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:110:34:110:41 | password | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:115:33:115:40 | password | provenance |  |
-| passwords.go:50:11:50:18 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:52:2:52:15 | definition of fixed_password | passwords.go:53:14:53:27 | fixed_password | provenance |  |
-| passwords.go:88:19:90:2 | struct literal | passwords.go:91:14:91:26 | utilityObject | provenance |  |
-| passwords.go:89:16:89:36 | call to make | passwords.go:88:19:90:2 | struct literal | provenance | Config |
-| passwords.go:104:33:104:40 | password | passwords.go:104:15:104:40 | ...+... | provenance | Config |
-| passwords.go:104:33:104:40 | password | passwords.go:110:34:110:41 | password | provenance |  |
-| passwords.go:104:33:104:40 | password | passwords.go:115:33:115:40 | password | provenance |  |
-| passwords.go:104:33:104:40 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:110:34:110:41 | password | passwords.go:110:16:110:41 | ...+... | provenance | Config |
-| passwords.go:110:34:110:41 | password | passwords.go:115:33:115:40 | password | provenance |  |
-| passwords.go:110:34:110:41 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:115:33:115:40 | password | passwords.go:115:15:115:40 | ...+... | provenance | Config |
-| passwords.go:115:33:115:40 | password | passwords.go:125:13:125:20 | password | provenance |  |
-| passwords.go:118:6:118:14 | definition of password1 | passwords.go:119:28:119:36 | password1 | provenance |  |
-| passwords.go:119:28:119:36 | password1 | passwords.go:119:28:119:45 | call to String | provenance | Config |
-| passwords.go:119:28:119:45 | call to String | passwords.go:119:14:119:45 | ...+... | provenance | Config |
-| passwords.go:122:12:127:2 | struct literal | passwords.go:129:14:129:19 | config | provenance |  |
-| passwords.go:122:12:127:2 | struct literal [x] | passwords.go:130:14:130:19 | config [x] | provenance |  |
-| passwords.go:122:12:127:2 | struct literal [y] | passwords.go:131:14:131:19 | config [y] | provenance |  |
-| passwords.go:123:13:123:14 | x3 | passwords.go:122:12:127:2 | struct literal | provenance | Config |
-| passwords.go:125:13:125:20 | password | passwords.go:122:12:127:2 | struct literal | provenance | Config |
-| passwords.go:125:13:125:20 | password | passwords.go:122:12:127:2 | struct literal [x] | provenance |  |
-| passwords.go:126:13:126:25 | call to getPassword | passwords.go:122:12:127:2 | struct literal | provenance | Config |
-| passwords.go:126:13:126:25 | call to getPassword | passwords.go:122:12:127:2 | struct literal [y] | provenance |  |
-| passwords.go:130:14:130:19 | config [x] | passwords.go:130:14:130:21 | selection of x | provenance |  |
-| passwords.go:131:14:131:19 | config [y] | passwords.go:131:14:131:21 | selection of y | provenance |  |
+| passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config |
+| passwords.go:34:28:34:35 | password | passwords.go:42:6:42:13 | password | provenance |  |
+| passwords.go:36:10:38:2 | struct literal | passwords.go:39:14:39:17 | obj1 | provenance |  |
+| passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | Config |
+| passwords.go:41:10:43:2 | struct literal | passwords.go:44:14:44:17 | obj2 | provenance |  |
+| passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | Config |
+| passwords.go:42:6:42:13 | password | passwords.go:48:11:48:18 | password | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:92:23:92:28 | secret | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:102:33:102:40 | password | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:108:34:108:41 | password | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:113:33:113:40 | password | provenance |  |
+| passwords.go:48:11:48:18 | password | passwords.go:123:13:123:20 | password | provenance |  |
+| passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | provenance |  |
+| passwords.go:86:19:88:2 | struct literal | passwords.go:89:14:89:26 | utilityObject | provenance |  |
+| passwords.go:87:16:87:36 | call to make | passwords.go:86:19:88:2 | struct literal | provenance | Config |
+| passwords.go:102:33:102:40 | password | passwords.go:102:15:102:40 | ...+... | provenance | Config |
+| passwords.go:102:33:102:40 | password | passwords.go:108:34:108:41 | password | provenance |  |
+| passwords.go:102:33:102:40 | password | passwords.go:113:33:113:40 | password | provenance |  |
+| passwords.go:102:33:102:40 | password | passwords.go:123:13:123:20 | password | provenance |  |
+| passwords.go:108:34:108:41 | password | passwords.go:108:16:108:41 | ...+... | provenance | Config |
+| passwords.go:108:34:108:41 | password | passwords.go:113:33:113:40 | password | provenance |  |
+| passwords.go:108:34:108:41 | password | passwords.go:123:13:123:20 | password | provenance |  |
+| passwords.go:113:33:113:40 | password | passwords.go:113:15:113:40 | ...+... | provenance | Config |
+| passwords.go:113:33:113:40 | password | passwords.go:123:13:123:20 | password | provenance |  |
+| passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:28:117:36 | password1 | provenance |  |
+| passwords.go:117:28:117:36 | password1 | passwords.go:117:28:117:45 | call to String | provenance | Config |
+| passwords.go:117:28:117:45 | call to String | passwords.go:117:14:117:45 | ...+... | provenance | Config |
+| passwords.go:120:12:125:2 | struct literal | passwords.go:127:14:127:19 | config | provenance |  |
+| passwords.go:120:12:125:2 | struct literal [x] | passwords.go:128:14:128:19 | config [x] | provenance |  |
+| passwords.go:120:12:125:2 | struct literal [y] | passwords.go:129:14:129:19 | config [y] | provenance |  |
+| passwords.go:121:13:121:14 | x3 | passwords.go:120:12:125:2 | struct literal | provenance | Config |
+| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal | provenance | Config |
+| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal [x] | provenance |  |
+| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal | provenance | Config |
+| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal [y] | provenance |  |
+| passwords.go:128:14:128:19 | config [x] | passwords.go:128:14:128:21 | selection of x | provenance |  |
+| passwords.go:129:14:129:19 | config [y] | passwords.go:129:14:129:21 | selection of y | provenance |  |
 | protobuf.go:9:2:9:9 | definition of password | protobuf.go:12:22:12:29 | password | provenance |  |
 | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | provenance |  |
 | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance |  |
@@ -194,12 +274,20 @@ nodes
 | main.go:54:12:54:19 | password | semmle.label | password |
 | main.go:54:12:54:19 | password | semmle.label | password |
 | main.go:56:11:56:18 | password | semmle.label | password |
+| main.go:56:11:56:18 | password | semmle.label | password |
+| main.go:59:18:59:25 | password | semmle.label | password |
 | main.go:59:18:59:25 | password | semmle.label | password |
 | main.go:62:12:62:19 | password | semmle.label | password |
+| main.go:62:12:62:19 | password | semmle.label | password |
+| main.go:65:13:65:20 | password | semmle.label | password |
 | main.go:65:13:65:20 | password | semmle.label | password |
 | main.go:68:11:68:18 | password | semmle.label | password |
+| main.go:68:11:68:18 | password | semmle.label | password |
+| main.go:71:18:71:25 | password | semmle.label | password |
 | main.go:71:18:71:25 | password | semmle.label | password |
 | main.go:74:12:74:19 | password | semmle.label | password |
+| main.go:74:12:74:19 | password | semmle.label | password |
+| main.go:77:13:77:20 | password | semmle.label | password |
 | main.go:77:13:77:20 | password | semmle.label | password |
 | main.go:79:14:79:21 | password | semmle.label | password |
 | main.go:80:17:80:24 | password | semmle.label | password |
@@ -220,43 +308,43 @@ nodes
 | passwords.go:27:14:27:26 | call to getPassword | semmle.label | call to getPassword |
 | passwords.go:28:14:28:28 | call to getPassword | semmle.label | call to getPassword |
 | passwords.go:30:8:30:15 | password | semmle.label | password |
-| passwords.go:33:13:33:20 | password | semmle.label | password |
-| passwords.go:36:14:36:35 | ...+... | semmle.label | ...+... |
-| passwords.go:36:28:36:35 | password | semmle.label | password |
-| passwords.go:38:10:40:2 | struct literal | semmle.label | struct literal |
-| passwords.go:39:13:39:13 | x | semmle.label | x |
-| passwords.go:41:14:41:17 | obj1 | semmle.label | obj1 |
-| passwords.go:43:10:45:2 | struct literal | semmle.label | struct literal |
-| passwords.go:44:6:44:13 | password | semmle.label | password |
-| passwords.go:46:14:46:17 | obj2 | semmle.label | obj2 |
-| passwords.go:50:11:50:18 | password | semmle.label | password |
-| passwords.go:52:2:52:15 | definition of fixed_password | semmle.label | definition of fixed_password |
-| passwords.go:53:14:53:27 | fixed_password | semmle.label | fixed_password |
-| passwords.go:88:19:90:2 | struct literal | semmle.label | struct literal |
-| passwords.go:89:16:89:36 | call to make | semmle.label | call to make |
-| passwords.go:91:14:91:26 | utilityObject | semmle.label | utilityObject |
-| passwords.go:94:23:94:28 | secret | semmle.label | secret |
-| passwords.go:104:15:104:40 | ...+... | semmle.label | ...+... |
-| passwords.go:104:33:104:40 | password | semmle.label | password |
-| passwords.go:110:16:110:41 | ...+... | semmle.label | ...+... |
-| passwords.go:110:34:110:41 | password | semmle.label | password |
-| passwords.go:115:15:115:40 | ...+... | semmle.label | ...+... |
-| passwords.go:115:33:115:40 | password | semmle.label | password |
-| passwords.go:118:6:118:14 | definition of password1 | semmle.label | definition of password1 |
-| passwords.go:119:14:119:45 | ...+... | semmle.label | ...+... |
-| passwords.go:119:28:119:36 | password1 | semmle.label | password1 |
-| passwords.go:119:28:119:45 | call to String | semmle.label | call to String |
-| passwords.go:122:12:127:2 | struct literal | semmle.label | struct literal |
-| passwords.go:122:12:127:2 | struct literal [x] | semmle.label | struct literal [x] |
-| passwords.go:122:12:127:2 | struct literal [y] | semmle.label | struct literal [y] |
-| passwords.go:123:13:123:14 | x3 | semmle.label | x3 |
-| passwords.go:125:13:125:20 | password | semmle.label | password |
-| passwords.go:126:13:126:25 | call to getPassword | semmle.label | call to getPassword |
-| passwords.go:129:14:129:19 | config | semmle.label | config |
-| passwords.go:130:14:130:19 | config [x] | semmle.label | config [x] |
-| passwords.go:130:14:130:21 | selection of x | semmle.label | selection of x |
-| passwords.go:131:14:131:19 | config [y] | semmle.label | config [y] |
-| passwords.go:131:14:131:21 | selection of y | semmle.label | selection of y |
+| passwords.go:32:12:32:19 | password | semmle.label | password |
+| passwords.go:34:14:34:35 | ...+... | semmle.label | ...+... |
+| passwords.go:34:28:34:35 | password | semmle.label | password |
+| passwords.go:36:10:38:2 | struct literal | semmle.label | struct literal |
+| passwords.go:37:13:37:13 | x | semmle.label | x |
+| passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 |
+| passwords.go:41:10:43:2 | struct literal | semmle.label | struct literal |
+| passwords.go:42:6:42:13 | password | semmle.label | password |
+| passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 |
+| passwords.go:48:11:48:18 | password | semmle.label | password |
+| passwords.go:50:2:50:15 | definition of fixed_password | semmle.label | definition of fixed_password |
+| passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password |
+| passwords.go:86:19:88:2 | struct literal | semmle.label | struct literal |
+| passwords.go:87:16:87:36 | call to make | semmle.label | call to make |
+| passwords.go:89:14:89:26 | utilityObject | semmle.label | utilityObject |
+| passwords.go:92:23:92:28 | secret | semmle.label | secret |
+| passwords.go:102:15:102:40 | ...+... | semmle.label | ...+... |
+| passwords.go:102:33:102:40 | password | semmle.label | password |
+| passwords.go:108:16:108:41 | ...+... | semmle.label | ...+... |
+| passwords.go:108:34:108:41 | password | semmle.label | password |
+| passwords.go:113:15:113:40 | ...+... | semmle.label | ...+... |
+| passwords.go:113:33:113:40 | password | semmle.label | password |
+| passwords.go:116:6:116:14 | definition of password1 | semmle.label | definition of password1 |
+| passwords.go:117:14:117:45 | ...+... | semmle.label | ...+... |
+| passwords.go:117:28:117:36 | password1 | semmle.label | password1 |
+| passwords.go:117:28:117:45 | call to String | semmle.label | call to String |
+| passwords.go:120:12:125:2 | struct literal | semmle.label | struct literal |
+| passwords.go:120:12:125:2 | struct literal [x] | semmle.label | struct literal [x] |
+| passwords.go:120:12:125:2 | struct literal [y] | semmle.label | struct literal [y] |
+| passwords.go:121:13:121:14 | x3 | semmle.label | x3 |
+| passwords.go:123:13:123:20 | password | semmle.label | password |
+| passwords.go:124:13:124:25 | call to getPassword | semmle.label | call to getPassword |
+| passwords.go:127:14:127:19 | config | semmle.label | config |
+| passwords.go:128:14:128:19 | config [x] | semmle.label | config [x] |
+| passwords.go:128:14:128:21 | selection of x | semmle.label | selection of x |
+| passwords.go:129:14:129:19 | config [y] | semmle.label | config [y] |
+| passwords.go:129:14:129:21 | selection of y | semmle.label | selection of y |
 | protobuf.go:9:2:9:9 | definition of password | semmle.label | definition of password |
 | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | semmle.label | implicit dereference [postupdate] [Description] |
 | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | semmle.label | query [postupdate] [pointer, Description] |

go/ql/test/query-tests/Security/CWE-312/passwords.go

@@ -16,7 +16,7 @@ func redact(kind, value string) string {
 	return value
 }
 
-func test(selector int) {
+func test() {
 	name := "user"
 	password := "P@ssw0rd" // $ Source
 	x := "horsebatterystapleincorrect"
@@ -29,9 +29,7 @@ func test(selector int) {
 
 	myLog(password)
 
-	if selector == 1 {
-		log.Panic(password) // $ Alert
-	}
+	log.Panic(password) // $ Alert
 
 	log.Println(name + ", " + password) // $ Alert
 

java/kotlin-extractor/BUILD.bazel

@@ -64,14 +64,8 @@ _resources = [
         r[len("src/main/resources/"):],
     )
     for r in glob(["src/main/resources/**"])
-    if r != "src/main/resources/META-INF/services/org.jetbrains.kotlin.compiler.plugin.CompilerPluginRegistrar"
 ]
 
-_compiler_plugin_registrar_service = (
-    "src/main/resources/META-INF/services/org.jetbrains.kotlin.compiler.plugin.CompilerPluginRegistrar",
-    "META-INF/services/org.jetbrains.kotlin.compiler.plugin.CompilerPluginRegistrar",
-)
-
 kt_javac_options(
     name = "javac-options",
     release = "8",
@@ -97,32 +91,19 @@ kt_javac_options(
         # * `resource_strip_prefix` is unique per jar, so we must also put other resources under the same version prefix
         genrule(
             name = "resources-%s" % v,
-            srcs = [src for src, _ in _resources] + (
-                [_compiler_plugin_registrar_service[0]] if not version_less(v, "2.4.0") else []
-            ),
+            srcs = [src for src, _ in _resources],
             outs = [
                 "%s/com/github/codeql/extractor.name" % v,
             ] + [
                 "%s/%s" % (v, target)
                 for _, target in _resources
-            ] + (
-                ["%s/%s" % (
-                    v,
-                    _compiler_plugin_registrar_service[1],
-                )] if not version_less(v, "2.4.0") else []
-            ),
+            ],
             cmd = "\n".join([
                 "echo %s-%s > $(RULEDIR)/%s/com/github/codeql/extractor.name" % (_extractor_name_prefix, v, v),
             ] + [
                 "cp $(execpath %s) $(RULEDIR)/%s/%s" % (source, v, target)
                 for source, target in _resources
-            ] + (
-                ["cp $(execpath %s) $(RULEDIR)/%s/%s" % (
-                    _compiler_plugin_registrar_service[0],
-                    v,
-                    _compiler_plugin_registrar_service[1],
-                )] if not version_less(v, "2.4.0") else []
-            )),
+            ]),
         ),
         kt_jvm_library(
             name = "%s-%s" % (_extractor_name_prefix, v),

java/kotlin-extractor/dev/wrapper.py

@@ -27,7 +27,7 @@ import shutil
 import io
 import os
 
-DEFAULT_VERSION = "2.4.0"
+DEFAULT_VERSION = "2.3.20"
 
 
 def options():

java/kotlin-extractor/src/main/kotlin/KotlinExtractorComponentRegistrar.kt

@@ -3,21 +3,32 @@
 
 package com.github.codeql
 
+import com.intellij.mock.MockProject
+import com.intellij.openapi.extensions.LoadingOrder
+import org.jetbrains.kotlin.backend.common.extensions.IrGenerationExtension
 import org.jetbrains.kotlin.config.CompilerConfiguration
 
 class KotlinExtractorComponentRegistrar : Kotlin2ComponentRegistrar() {
-    override fun doRegisterExtensions(configuration: CompilerConfiguration) {
+    override fun registerProjectComponents(
+        project: MockProject,
+        configuration: CompilerConfiguration
+    ) {
         val invocationTrapFile = configuration[KEY_INVOCATION_TRAP_FILE]
         if (invocationTrapFile == null) {
             throw Exception("Required argument for TRAP invocation file not given")
         }
-        registerExtractorExtension(
+        // Register with LoadingOrder.LAST to ensure the extractor runs after other
+        // IR generation plugins (like kotlinx.serialization) have generated their code.
+        val extensionPoint = project.extensionArea.getExtensionPoint(IrGenerationExtension.extensionPointName)
+        extensionPoint.registerExtension(
             KotlinExtractorExtension(
                 invocationTrapFile,
                 configuration[KEY_CHECK_TRAP_IDENTICAL] ?: false,
                 configuration[KEY_COMPILATION_STARTTIME],
                 configuration[KEY_EXIT_AFTER_EXTRACTION] ?: false
-            )
+            ),
+            LoadingOrder.LAST,
+            project
         )
     }
 }

java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt

@@ -173,9 +173,9 @@ open class KotlinFileExtractor(
         when (d) {
             is IrFunction ->
                 when (d.name.asString()) {
-                    "toString" -> d.codeQlValueParameters.isEmpty()
-                    "hashCode" -> d.codeQlValueParameters.isEmpty()
-                    "equals" -> d.codeQlValueParameters.singleOrNull()?.type?.isNullableAny() ?: false
+                    "toString" -> d.valueParameters.isEmpty()
+                    "hashCode" -> d.valueParameters.isEmpty()
+                    "equals" -> d.valueParameters.singleOrNull()?.type?.isNullableAny() ?: false
                     else -> false
                 } && isJavaBinaryDeclaration(d)
             else -> false
@@ -721,7 +721,7 @@ open class KotlinFileExtractor(
             (it.type as? IrSimpleType)?.classFqName?.asString() != "kotlin.Deprecated"
         } +
             // Note we lose any arguments to @java.lang.Deprecated that were written in source.
-            codeQlAnnotationFromSymbolOwner(
+            IrConstructorCallImpl.fromSymbolOwner(
                 UNDEFINED_OFFSET,
                 UNDEFINED_OFFSET,
                 jldConstructor.returnType,
@@ -781,13 +781,13 @@ open class KotlinFileExtractor(
         val locId = tw.getLocation(constructorCall)
         tw.writeHasLocation(id, locId)
 
-        for (i in 0 until constructorCall.codeQlValueArgumentsCount) {
-            val param = constructorCall.symbol.owner.codeQlValueParameters[i]
+        for (i in 0 until constructorCall.valueArgumentsCount) {
+            val param = constructorCall.symbol.owner.valueParameters[i]
             val prop =
                 constructorCall.symbol.owner.parentAsClass.declarations
                     .filterIsInstance<IrProperty>()
                     .first { it.name == param.name }
-            val v = constructorCall.codeQlGetValueArgument(i) ?: param.defaultValue?.expression
+            val v = constructorCall.getValueArgument(i) ?: param.defaultValue?.expression
             val getter = prop.getter
             if (getter == null) {
                 logger.warnElement("Expected annotation property to define a getter", prop)
@@ -1115,9 +1115,9 @@ open class KotlinFileExtractor(
                         returnId,
                         0,
                         returnId,
-                        f.codeQlValueParameters.size,
+                        f.valueParameters.size,
                         { argParent, idxOffset ->
-                            f.codeQlValueParameters.forEachIndexed { idx, param ->
+                            f.valueParameters.forEachIndexed { idx, param ->
                                 val syntheticParamId = useValueParameter(param, proxyFunctionId)
                                 extractVariableAccess(
                                     syntheticParamId,
@@ -1695,9 +1695,9 @@ open class KotlinFileExtractor(
                             returnId,
                             0,
                             returnId,
-                            f.codeQlValueParameters.size,
+                            f.valueParameters.size,
                             { argParentId, idxOffset ->
-                                f.codeQlValueParameters.mapIndexed { idx, param ->
+                                f.valueParameters.mapIndexed { idx, param ->
                                     val syntheticParamId = useValueParameter(param, functionId)
                                     extractVariableAccess(
                                         syntheticParamId,
@@ -1792,7 +1792,7 @@ open class KotlinFileExtractor(
         extractBody: Boolean,
         extractMethodAndParameterTypeAccesses: Boolean
     ) {
-        if (f.codeQlValueParameters.none { it.defaultValue != null }) return
+        if (f.valueParameters.none { it.defaultValue != null }) return
 
         val id = getDefaultsMethodLabel(f)
         if (id == null) {
@@ -1800,7 +1800,7 @@ open class KotlinFileExtractor(
             return
         }
         val locId = getLocation(f, null)
-        val extReceiver = f.codeQlExtensionReceiverParameter
+        val extReceiver = f.extensionReceiverParameter
         val dispatchReceiver = if (f.shouldExtractAsStatic) null else f.dispatchReceiverParameter
         val parameterTypes = getDefaultsMethodArgTypes(f)
         val allParamTypeResults =
@@ -1869,7 +1869,7 @@ open class KotlinFileExtractor(
         tw.writeCompiler_generated(id, CompilerGeneratedKinds.DEFAULT_ARGUMENTS_METHOD.kind)
 
         if (extractBody) {
-            val nonSyntheticParams = listOfNotNull(dispatchReceiver) + f.codeQlValueParameters
+            val nonSyntheticParams = listOfNotNull(dispatchReceiver) + f.valueParameters
             // This stack entry represents as if we're extracting the 'real' function `f`, giving
             // the indices of its non-synthetic parameters
             // such that when we extract the default expressions below, any reference to f's nth
@@ -1895,12 +1895,12 @@ open class KotlinFileExtractor(
                     val realParamsVarId = getValueParameterLabel(id, parameterTypes.size - 2)
                     val intType = pluginContext.irBuiltIns.intType
                     val paramIdxOffset =
-                        listOf(dispatchReceiver, f.codeQlExtensionReceiverParameter).count { it != null }
+                        listOf(dispatchReceiver, f.extensionReceiverParameter).count { it != null }
                     extractBlockBody(id, locId).also { blockId ->
                         var nextStmt = 0
                         // For each parameter with a default, sub in the default value if the caller
                         // hasn't supplied a value:
-                        f.codeQlValueParameters.forEachIndexed { paramIdx, param ->
+                        f.valueParameters.forEachIndexed { paramIdx, param ->
                             val defaultVal = param.defaultValue
                             if (defaultVal != null) {
                                 extractIfStmt(locId, blockId, nextStmt++, id).also { ifId ->
@@ -1975,7 +1975,7 @@ open class KotlinFileExtractor(
                                     id
                                 )
                                 tw.writeHasLocation(thisCallId, locId)
-                                f.codeQlValueParameters.forEachIndexed { idx, param ->
+                                f.valueParameters.forEachIndexed { idx, param ->
                                     extractVariableAccess(
                                         tw.getLabelFor<DbParam>(getValueParameterLabel(id, idx)),
                                         param.type,
@@ -2003,9 +2003,9 @@ open class KotlinFileExtractor(
                                     )
                                     .also { thisCallId ->
                                         val realFnIdxOffset =
-                                            if (f.codeQlExtensionReceiverParameter != null) 1 else 0
+                                            if (f.extensionReceiverParameter != null) 1 else 0
                                         val paramMappings =
-                                            f.codeQlValueParameters.mapIndexed { idx, param ->
+                                            f.valueParameters.mapIndexed { idx, param ->
                                                 Triple(
                                                     param.type,
                                                     idx + paramIdxOffset,
@@ -2156,7 +2156,7 @@ open class KotlinFileExtractor(
                         val dispatchReceiver =
                             f.dispatchReceiverParameter?.let { IrGetValueImpl(-1, -1, it.symbol) }
                         val extensionReceiver =
-                            f.codeQlExtensionReceiverParameter?.let { IrGetValueImpl(-1, -1, it.symbol) }
+                            f.extensionReceiverParameter?.let { IrGetValueImpl(-1, -1, it.symbol) }
 
                         extractExpressionBody(overloadId, realFunctionLocId).also { returnId ->
                             extractsDefaultsCall(
@@ -2180,28 +2180,28 @@ open class KotlinFileExtractor(
         if (!f.hasAnnotation(jvmOverloadsFqName)) {
             if (
                 f is IrConstructor &&
-                    f.codeQlValueParameters.isNotEmpty() &&
-                    f.codeQlValueParameters.all { it.defaultValue != null } &&
+                    f.valueParameters.isNotEmpty() &&
+                    f.valueParameters.all { it.defaultValue != null } &&
                     f.parentClassOrNull?.let {
                         // Don't create a default constructor for an annotation class, or a class
                         // that explicitly declares a no-arg constructor.
                         !it.isAnnotationClass &&
                             it.declarations.none { d ->
-                                d is IrConstructor && d.codeQlValueParameters.isEmpty()
+                                d is IrConstructor && d.valueParameters.isEmpty()
                             }
                     } == true
             ) {
                 // Per https://kotlinlang.org/docs/classes.html#creating-instances-of-classes, a
                 // single default overload gets created specifically
                 // when we have all default parameters, regardless of `@JvmOverloads`.
-                extractGeneratedOverload(f.codeQlValueParameters.map { _ -> null })
+                extractGeneratedOverload(f.valueParameters.map { _ -> null })
             }
             return
         }
 
-        val paramList: MutableList<IrValueParameter?> = f.codeQlValueParameters.toMutableList()
-        for (n in (f.codeQlValueParameters.size - 1) downTo 0) {
-            if (f.codeQlValueParameters[n].defaultValue != null) {
+        val paramList: MutableList<IrValueParameter?> = f.valueParameters.toMutableList()
+        for (n in (f.valueParameters.size - 1) downTo 0) {
+            if (f.valueParameters[n].defaultValue != null) {
                 paramList[n] = null // Remove this parameter, to be replaced by a default value
                 extractGeneratedOverload(paramList)
             }
@@ -2327,7 +2327,7 @@ open class KotlinFileExtractor(
             getClassByFqName(pluginContext, it)?.let { annotationClass ->
                 annotationClass.owner.declarations.firstIsInstanceOrNull<IrConstructor>()?.let {
                     annotationConstructor ->
-                    codeQlAnnotationFromSymbolOwner(
+                    IrConstructorCallImpl.fromSymbolOwner(
                         UNDEFINED_OFFSET,
                         UNDEFINED_OFFSET,
                         annotationConstructor.returnType,
@@ -2388,13 +2388,13 @@ open class KotlinFileExtractor(
                             id
                         }
 
-                val extReceiver = f.codeQlExtensionReceiverParameter
+                val extReceiver = f.extensionReceiverParameter
                 // The following parameter order is correct, because member $default methods (where
                 // the order would be [dispatchParam], [extensionParam], normalParams) are not
                 // extracted here
                 val fParameters =
                     listOfNotNull(extReceiver) +
-                        (overriddenAttributes?.valueParameters ?: f.codeQlValueParameters)
+                        (overriddenAttributes?.valueParameters ?: f.valueParameters)
                 val paramTypes =
                     fParameters.mapIndexed { i, vp ->
                         extractValueParameter(
@@ -3069,14 +3069,14 @@ open class KotlinFileExtractor(
             logger.errorElement("Unexpected dispatch receiver found", c)
         }
 
-        if (c.codeQlValueArgumentsCount < 1) {
+        if (c.valueArgumentsCount < 1) {
             logger.errorElement("No arguments found", c)
             return
         }
 
         extractArgument(id, c, callable, enclosingStmt, 0, "Operand null")
 
-        if (c.codeQlValueArgumentsCount > 1) {
+        if (c.valueArgumentsCount > 1) {
             logger.errorElement("Extra arguments found", c)
         }
     }
@@ -3095,21 +3095,21 @@ open class KotlinFileExtractor(
             logger.errorElement("Unexpected dispatch receiver found", c)
         }
 
-        if (c.codeQlValueArgumentsCount < 1) {
+        if (c.valueArgumentsCount < 1) {
             logger.errorElement("No arguments found", c)
             return
         }
 
         extractArgument(id, c, callable, enclosingStmt, 0, "LHS null")
 
-        if (c.codeQlValueArgumentsCount < 2) {
+        if (c.valueArgumentsCount < 2) {
             logger.errorElement("No RHS found", c)
             return
         }
 
         extractArgument(id, c, callable, enclosingStmt, 1, "RHS null")
 
-        if (c.codeQlValueArgumentsCount > 2) {
+        if (c.valueArgumentsCount > 2) {
             logger.errorElement("Extra arguments found", c)
         }
     }
@@ -3122,7 +3122,7 @@ open class KotlinFileExtractor(
         idx: Int,
         msg: String
     ) {
-        val op = c.codeQlGetValueArgument(idx)
+        val op = c.getValueArgument(idx)
         if (op == null) {
             logger.errorElement(msg, c)
         } else {
@@ -3267,8 +3267,8 @@ open class KotlinFileExtractor(
         // and which should be replaced by defaults. The final Object parameter is apparently always
         // null.
         (listOfNotNull(if (f.shouldExtractAsStatic) null else f.dispatchReceiverParameter?.type) +
-                listOfNotNull(f.codeQlExtensionReceiverParameter?.type) +
-                f.codeQlValueParameters.map { it.type } +
+                listOfNotNull(f.extensionReceiverParameter?.type) +
+                f.valueParameters.map { it.type } +
                 listOf(pluginContext.irBuiltIns.intType, getDefaultsMethodLastArgType(f)))
             .map { erase(it) }
 
@@ -3345,7 +3345,7 @@ open class KotlinFileExtractor(
         val overriddenCallTarget =
             (callTarget as? IrSimpleFunction)?.allOverridden(includeSelf = true)?.firstOrNull {
                 it.overriddenSymbols.isEmpty() &&
-                    it.codeQlValueParameters.any { p -> p.defaultValue != null }
+                    it.valueParameters.any { p -> p.defaultValue != null }
             } ?: callTarget
         if (isExternalDeclaration(overriddenCallTarget)) {
             // Likewise, ensure the overridden target gets extracted.
@@ -3419,7 +3419,7 @@ open class KotlinFileExtractor(
         }
 
         val valueArgsWithDummies =
-            valueArguments.zip(callTarget.codeQlValueParameters).map { (expr, param) ->
+            valueArguments.zip(callTarget.valueParameters).map { (expr, param) ->
                 expr ?: IrConstImpl.defaultValueForType(0, 0, param.type)
             }
 
@@ -3529,7 +3529,7 @@ open class KotlinFileExtractor(
         callTarget: IrFunction,
         valueArguments: List<IrExpression?>
     ): Boolean {
-        val varargParam = callTarget.codeQlValueParameters.withIndex().find { it.value.isVararg }
+        val varargParam = callTarget.valueParameters.withIndex().find { it.value.isVararg }
         // If the vararg param is the only one not specified, and it has no default value, then we
         // don't need to call a $default method,
         // as omitting it already implies passing an empty vararg array.
@@ -3805,7 +3805,7 @@ open class KotlinFileExtractor(
     ) =
         extractCallValueArguments(
             callId,
-            (0 until call.codeQlValueArgumentsCount).map { call.codeQlGetValueArgument(it) },
+            (0 until call.valueArgumentsCount).map { call.getValueArgument(it) },
             enclosingStmt,
             enclosingCallable,
             idxOffset
@@ -3874,7 +3874,7 @@ open class KotlinFileExtractor(
                     (owner.parentClassOrNull?.fqNameWhenAvailable?.asString() == type ||
                         (owner.parent is IrExternalPackageFragment &&
                             getFileClassFqName(owner)?.asString() == type)) &&
-                        owner.codeQlValueParameters
+                        owner.valueParameters
                             .map { it.type.classFqName?.asString() }
                             .toTypedArray() contentEquals parameterTypes
                 }
@@ -3926,8 +3926,8 @@ open class KotlinFileExtractor(
         val result =
             javaLangString?.declarations?.findSubType<IrFunction> {
                 it.name.asString() == "valueOf" &&
-                    it.codeQlValueParameters.size == 1 &&
-                    it.codeQlValueParameters[0].type == pluginContext.irBuiltIns.anyNType
+                    it.valueParameters.size == 1 &&
+                    it.valueParameters[0].type == pluginContext.irBuiltIns.anyNType
             }
         if (result == null) {
             logger.error("Couldn't find declaration java.lang.String.valueOf(Object)")
@@ -3951,7 +3951,7 @@ open class KotlinFileExtractor(
     val kotlinNoWhenBranchMatchedConstructor by lazy {
         val result =
             kotlinNoWhenBranchMatchedExn?.declarations?.findSubType<IrConstructor> {
-                it.codeQlValueParameters.isEmpty()
+                it.valueParameters.isEmpty()
             }
         if (result == null) {
             logger.error("Couldn't find no-arg constructor for kotlin.NoWhenBranchMatchedException")
@@ -3990,7 +3990,7 @@ open class KotlinFileExtractor(
             verboseln("No match as function name is ${target.name.asString()} not $fName")
             return false
         }
-        val extensionReceiverParameter = target.codeQlExtensionReceiverParameter
+        val extensionReceiverParameter = target.extensionReceiverParameter
         val targetClass =
             if (extensionReceiverParameter == null) {
                 if (isNullable == true) {
@@ -4098,8 +4098,8 @@ open class KotlinFileExtractor(
             ) {
                 val typeArgs =
                     if (extractMethodTypeArguments)
-                        (0 until c.codeQlTypeArgumentsCount)
-                            .map { c.codeQlGetTypeArgument(it) }
+                        (0 until c.typeArgumentsCount)
+                            .map { c.getTypeArgument(it) }
                             .requireNoNullsOrNull()
                     else listOf()
 
@@ -4116,9 +4116,9 @@ open class KotlinFileExtractor(
                     parent,
                     idx,
                     enclosingStmt,
-                    (0 until c.codeQlValueArgumentsCount).map { c.codeQlGetValueArgument(it) },
+                    (0 until c.valueArgumentsCount).map { c.getValueArgument(it) },
                     c.dispatchReceiver,
-                    c.codeQlExtensionReceiver,
+                    c.extensionReceiver,
                     typeArgs,
                     extractClassTypeArguments,
                     c.superQualifierSymbol
@@ -4126,12 +4126,12 @@ open class KotlinFileExtractor(
             }
 
             fun extractSpecialEnumFunction(fnName: String) {
-                if (c.codeQlTypeArgumentsCount != 1) {
+                if (c.typeArgumentsCount != 1) {
                     logger.errorElement("Expected to find exactly one type argument", c)
                     return
                 }
 
-                val enumType = (c.codeQlGetTypeArgument(0) as? IrSimpleType)?.classifier?.owner
+                val enumType = (c.getTypeArgument(0) as? IrSimpleType)?.classifier?.owner
                 if (enumType == null) {
                     logger.errorElement("Couldn't find type of enum type", c)
                     return
@@ -4178,13 +4178,13 @@ open class KotlinFileExtractor(
                 } else {
                     extractExpressionExpr(receiver, callable, id, 0, enclosingStmt)
                 }
-                if (c.codeQlValueArgumentsCount < 1) {
+                if (c.valueArgumentsCount < 1) {
                     logger.errorElement("No RHS found", c)
                 } else {
-                    if (c.codeQlValueArgumentsCount > 1) {
+                    if (c.valueArgumentsCount > 1) {
                         logger.errorElement("Extra arguments found", c)
                     }
-                    val arg = c.codeQlGetValueArgument(0)
+                    val arg = c.getValueArgument(0)
                     if (arg == null) {
                         logger.errorElement("RHS null", c)
                     } else {
@@ -4205,7 +4205,7 @@ open class KotlinFileExtractor(
                 } else {
                     extractExpressionExpr(receiver, callable, id, 0, enclosingStmt)
                 }
-                if (c.codeQlValueArgumentsCount > 0) {
+                if (c.valueArgumentsCount > 0) {
                     logger.errorElement("Extra arguments found", c)
                 }
             }
@@ -4219,7 +4219,7 @@ open class KotlinFileExtractor(
             }
 
             fun binopExt(id: Label<out DbExpr>) {
-                binopReceiver(id, c.codeQlExtensionReceiver, "Extension receiver")
+                binopReceiver(id, c.extensionReceiver, "Extension receiver")
             }
 
             fun unaryopDisp(id: Label<out DbExpr>) {
@@ -4227,7 +4227,7 @@ open class KotlinFileExtractor(
             }
 
             fun unaryopExt(id: Label<out DbExpr>) {
-                unaryopReceiver(id, c.codeQlExtensionReceiver, "Extension receiver")
+                unaryopReceiver(id, c.extensionReceiver, "Extension receiver")
             }
 
             val dr = c.dispatchReceiver
@@ -4249,7 +4249,7 @@ open class KotlinFileExtractor(
                             parent,
                             idx,
                             enclosingStmt,
-                            listOf(c.codeQlExtensionReceiver, c.codeQlGetValueArgument(0)),
+                            listOf(c.extensionReceiver, c.getValueArgument(0)),
                             null,
                             null
                         )
@@ -4350,7 +4350,7 @@ open class KotlinFileExtractor(
                 // != gets desugared into not and ==. Here we resugar it.
                 c.origin == IrStatementOrigin.EXCLEQ &&
                     isFunction(target, "kotlin", "Boolean", "not") &&
-                    c.codeQlValueArgumentsCount == 0 &&
+                    c.valueArgumentsCount == 0 &&
                     dr != null &&
                     dr is IrCall &&
                     isBuiltinCallInternal(dr, "EQEQ") -> {
@@ -4362,7 +4362,7 @@ open class KotlinFileExtractor(
                 }
                 c.origin == IrStatementOrigin.EXCLEQEQ &&
                     isFunction(target, "kotlin", "Boolean", "not") &&
-                    c.codeQlValueArgumentsCount == 0 &&
+                    c.valueArgumentsCount == 0 &&
                     dr != null &&
                     dr is IrCall &&
                     isBuiltinCallInternal(dr, "EQEQEQ") -> {
@@ -4374,7 +4374,7 @@ open class KotlinFileExtractor(
                 }
                 c.origin == IrStatementOrigin.EXCLEQ &&
                     isFunction(target, "kotlin", "Boolean", "not") &&
-                    c.codeQlValueArgumentsCount == 0 &&
+                    c.valueArgumentsCount == 0 &&
                     dr != null &&
                     dr is IrCall &&
                     isBuiltinCallInternal(dr, "ieee754equals") -> {
@@ -4576,7 +4576,7 @@ open class KotlinFileExtractor(
                             parent,
                             idx,
                             enclosingStmt,
-                            listOf(c.codeQlExtensionReceiver),
+                            listOf(c.extensionReceiver),
                             null,
                             null
                         )
@@ -4596,8 +4596,8 @@ open class KotlinFileExtractor(
                     val locId = tw.getLocation(c)
                     extractExprContext(id, locId, callable, enclosingStmt)
 
-                    if (c.codeQlTypeArgumentsCount == 1) {
-                        val typeArgument = c.codeQlGetTypeArgument(0)
+                    if (c.typeArgumentsCount == 1) {
+                        val typeArgument = c.getTypeArgument(0)
                         if (typeArgument == null) {
                             logger.errorElement("Type argument missing in an arrayOfNulls call", c)
                         } else {
@@ -4618,8 +4618,8 @@ open class KotlinFileExtractor(
                         )
                     }
 
-                    if (c.codeQlValueArgumentsCount == 1) {
-                        val dim = c.codeQlGetValueArgument(0)
+                    if (c.valueArgumentsCount == 1) {
+                        val dim = c.getValueArgument(0)
                         if (dim != null) {
                             extractExpressionExpr(dim, callable, id, 0, enclosingStmt)
                         } else {
@@ -4651,8 +4651,8 @@ open class KotlinFileExtractor(
                             c.type.getArrayElementTypeCodeQL(pluginContext.irBuiltIns)
                         } else {
                             // TODO: is there any reason not to always use getArrayElementTypeCodeQL?
-                            if (c.codeQlTypeArgumentsCount == 1) {
-                                c.codeQlGetTypeArgument(0).also {
+                            if (c.typeArgumentsCount == 1) {
+                                c.getTypeArgument(0).also {
                                     if (it == null) {
                                         logger.errorElement(
                                             "Type argument missing in an arrayOf call",
@@ -4670,7 +4670,7 @@ open class KotlinFileExtractor(
                         }
 
                     val arg =
-                        if (c.codeQlValueArgumentsCount == 1) c.codeQlGetValueArgument(0)
+                        if (c.valueArgumentsCount == 1) c.getValueArgument(0)
                             else {
                                 logger.errorElement(
                                     "Expected to find only one (vararg) argument in ${c.symbol.owner.name.asString()} call",
@@ -4719,7 +4719,7 @@ open class KotlinFileExtractor(
                                 return
                             }
 
-                            val ext = c.codeQlExtensionReceiver
+                            val ext = c.extensionReceiver
                             if (ext == null) {
                                 logger.errorElement(
                                     "No extension receiver found for `KClass::java` call",
@@ -4826,8 +4826,8 @@ open class KotlinFileExtractor(
                     c.origin == IrStatementOrigin.EQ &&
                     c.dispatchReceiver != null -> {
                     val array = c.dispatchReceiver
-                    val arrayIdx = c.codeQlGetValueArgument(0)
-                    val assignedValue = c.codeQlGetValueArgument(1)
+                    val arrayIdx = c.getValueArgument(0)
+                    val assignedValue = c.getValueArgument(1)
 
                     if (array != null && arrayIdx != null && assignedValue != null) {
 
@@ -4882,22 +4882,22 @@ open class KotlinFileExtractor(
                 }
                 isBuiltinCall(c, "<unsafe-coerce>", "kotlin.jvm.internal") -> {
 
-                    if (c.codeQlValueArgumentsCount != 1) {
+                    if (c.valueArgumentsCount != 1) {
                         logger.errorElement(
-                            "Expected to find one argument for a kotlin.jvm.internal.<unsafe-coerce>() call, but found ${c.codeQlValueArgumentsCount}",
+                            "Expected to find one argument for a kotlin.jvm.internal.<unsafe-coerce>() call, but found ${c.valueArgumentsCount}",
                             c
                         )
                         return
                     }
 
-                    if (c.codeQlTypeArgumentsCount != 2) {
+                    if (c.typeArgumentsCount != 2) {
                         logger.errorElement(
-                            "Expected to find two type arguments for a kotlin.jvm.internal.<unsafe-coerce>() call, but found ${c.codeQlTypeArgumentsCount}",
+                            "Expected to find two type arguments for a kotlin.jvm.internal.<unsafe-coerce>() call, but found ${c.typeArgumentsCount}",
                             c
                         )
                         return
                     }
-                    val valueArg = c.codeQlGetValueArgument(0)
+                    val valueArg = c.getValueArgument(0)
                     if (valueArg == null) {
                         logger.errorElement(
                             "Cannot find value argument for a kotlin.jvm.internal.<unsafe-coerce>() call",
@@ -4905,7 +4905,7 @@ open class KotlinFileExtractor(
                         )
                         return
                     }
-                    val typeArg = c.codeQlGetTypeArgument(1)
+                    val typeArg = c.getTypeArgument(1)
                     if (typeArg == null) {
                         logger.errorElement(
                             "Cannot find type argument for a kotlin.jvm.internal.<unsafe-coerce>() call",
@@ -4924,7 +4924,7 @@ open class KotlinFileExtractor(
                     extractExpressionExpr(valueArg, callable, id, 1, enclosingStmt)
                 }
                 isBuiltinCallInternal(c, "dataClassArrayMemberToString") -> {
-                    val arrayArg = c.codeQlGetValueArgument(0)
+                    val arrayArg = c.getValueArgument(0)
                     val realArrayClass = arrayArg?.type?.classOrNull
                     if (realArrayClass == null) {
                         logger.errorElement(
@@ -4936,8 +4936,8 @@ open class KotlinFileExtractor(
                     val realCallee =
                         javaUtilArrays?.declarations?.findSubType<IrFunction> { decl ->
                             decl.name.asString() == "toString" &&
-                                decl.codeQlValueParameters.size == 1 &&
-                                decl.codeQlValueParameters[0].type.classOrNull?.let {
+                                decl.valueParameters.size == 1 &&
+                                decl.valueParameters[0].type.classOrNull?.let {
                                     it == realArrayClass
                                 } == true
                         }
@@ -4962,7 +4962,7 @@ open class KotlinFileExtractor(
                     }
                 }
                 isBuiltinCallInternal(c, "dataClassArrayMemberHashCode") -> {
-                    val arrayArg = c.codeQlGetValueArgument(0)
+                    val arrayArg = c.getValueArgument(0)
                     val realArrayClass = arrayArg?.type?.classOrNull
                     if (realArrayClass == null) {
                         logger.errorElement(
@@ -4974,8 +4974,8 @@ open class KotlinFileExtractor(
                     val realCallee =
                         javaUtilArrays?.declarations?.findSubType<IrFunction> { decl ->
                             decl.name.asString() == "hashCode" &&
-                                decl.codeQlValueParameters.size == 1 &&
-                                decl.codeQlValueParameters[0].type.classOrNull?.let {
+                                decl.valueParameters.size == 1 &&
+                                decl.valueParameters[0].type.classOrNull?.let {
                                     it == realArrayClass
                                 } == true
                         }
@@ -5155,7 +5155,7 @@ open class KotlinFileExtractor(
         val type = useType(eType)
         val isAnonymous = eType.isAnonymous
         val locId = tw.getLocation(e)
-        val valueArgs = (0 until e.codeQlValueArgumentsCount).map { e.codeQlGetValueArgument(it) }
+        val valueArgs = (0 until e.valueArgumentsCount).map { e.getValueArgument(it) }
 
         val id =
             if (
@@ -5211,10 +5211,10 @@ open class KotlinFileExtractor(
                         realCallTarget is IrConstructor &&
                         realCallTarget.parentClassOrNull?.fqNameWhenAvailable?.asString() ==
                             "kotlin.Enum" &&
-                        realCallTarget.codeQlValueParameters.size == 2 &&
-                        realCallTarget.codeQlValueParameters[0].type ==
+                        realCallTarget.valueParameters.size == 2 &&
+                        realCallTarget.valueParameters[0].type ==
                             pluginContext.irBuiltIns.stringType &&
-                        realCallTarget.codeQlValueParameters[1].type == pluginContext.irBuiltIns.intType
+                        realCallTarget.valueParameters[1].type == pluginContext.irBuiltIns.intType
                 ) {
 
                     val id0 =
@@ -5287,7 +5287,7 @@ open class KotlinFileExtractor(
             }
 
             val args =
-                (0 until e.codeQlTypeArgumentsCount).map { e.codeQlGetTypeArgument(it) }.requireNoNullsOrNull()
+                (0 until e.typeArgumentsCount).map { e.getTypeArgument(it) }.requireNoNullsOrNull()
             if (args == null) {
                 logger.warnElement("Found null type argument in enum constructor call", e)
                 return
@@ -5365,7 +5365,7 @@ open class KotlinFileExtractor(
                 // Check for an expression like x = get(x).op(e):
                 val opReceiver = updateRhs.dispatchReceiver
                 if (isExpectedLhs(opReceiver)) {
-                    updateRhs.codeQlGetValueArgument(0)
+                    updateRhs.getValueArgument(0)
                 } else null
             } else null
         }
@@ -5560,7 +5560,7 @@ open class KotlinFileExtractor(
                                     "set"
                                 )
                             ) {
-                                val updateRhs0 = arraySetCall.codeQlGetValueArgument(1)
+                                val updateRhs0 = arraySetCall.getValueArgument(1)
                                 if (updateRhs0 == null) {
                                     logger.errorElement("Update RHS not found", e)
                                     return false
@@ -6403,12 +6403,12 @@ open class KotlinFileExtractor(
                     val ids = getLocallyVisibleFunctionLabels(e.function)
                     val locId = tw.getLocation(e)
 
-                    val ext = e.function.codeQlExtensionReceiverParameter
+                    val ext = e.function.extensionReceiverParameter
                     val parameters =
                         if (ext != null) {
-                            listOf(ext) + e.function.codeQlValueParameters
+                            listOf(ext) + e.function.valueParameters
                         } else {
-                            e.function.codeQlValueParameters
+                            e.function.valueParameters
                         }
 
                     var types = parameters.map { it.type }
@@ -6670,7 +6670,7 @@ open class KotlinFileExtractor(
                 is IrFunction -> {
                     if (
                         ownerParent.dispatchReceiverParameter == owner &&
-                            ownerParent.codeQlExtensionReceiverParameter != null
+                            ownerParent.extensionReceiverParameter != null
                     ) {
 
                         val ownerParent2 = ownerParent.parent
@@ -7089,7 +7089,7 @@ open class KotlinFileExtractor(
             makeReceiverInfo(callableReferenceExpr.dispatchReceiver, 0)
         private val extensionReceiverInfo =
             makeReceiverInfo(
-                callableReferenceExpr.codeQlExtensionReceiver,
+                callableReferenceExpr.extensionReceiver,
                 if (dispatchReceiverInfo == null) 0 else 1
             )
 
@@ -7627,8 +7627,8 @@ open class KotlinFileExtractor(
                     }
 
             val expressionTypeArguments =
-                (0 until propertyReferenceExpr.codeQlTypeArgumentsCount).mapNotNull {
-                    propertyReferenceExpr.codeQlGetTypeArgument(it)
+                (0 until propertyReferenceExpr.typeArgumentsCount).mapNotNull {
+                    propertyReferenceExpr.getTypeArgument(it)
                 }
 
             val idPropertyRef = tw.getFreshIdLabel<DbPropertyref>()
@@ -7829,7 +7829,7 @@ open class KotlinFileExtractor(
 
             if (
                 functionReferenceExpr.dispatchReceiver != null &&
-                    functionReferenceExpr.codeQlExtensionReceiver != null
+                    functionReferenceExpr.extensionReceiver != null
             ) {
                 logger.errorElement(
                     "Unexpected: dispatchReceiver and extensionReceiver are both non-null",
@@ -7840,7 +7840,7 @@ open class KotlinFileExtractor(
 
             if (
                 target.owner.dispatchReceiverParameter != null &&
-                    target.owner.codeQlExtensionReceiverParameter != null
+                    target.owner.extensionReceiverParameter != null
             ) {
                 logger.errorElement(
                     "Unexpected: dispatch and extension parameters are both non-null",
@@ -7899,8 +7899,8 @@ open class KotlinFileExtractor(
                             null
                         }
                 expressionTypeArguments =
-                    (0 until functionReferenceExpr.codeQlTypeArgumentsCount).mapNotNull {
-                        functionReferenceExpr.codeQlGetTypeArgument(it)
+                    (0 until functionReferenceExpr.typeArgumentsCount).mapNotNull {
+                        functionReferenceExpr.getTypeArgument(it)
                     }
                 dispatchReceiverIdx = -1
             }
@@ -7965,7 +7965,7 @@ open class KotlinFileExtractor(
                         functionReferenceExpr,
                         declarationParent,
                         null,
-                        { it.codeQlValueParameters.size == 1 }
+                        { it.valueParameters.size == 1 }
                     ) {
                         // The argument to FunctionReference's constructor is the function arity.
                         extractConstantInteger(
@@ -8572,7 +8572,7 @@ open class KotlinFileExtractor(
         reverse: Boolean = false
     ) {
         val typeArguments =
-            (0 until c.codeQlTypeArgumentsCount).map { c.codeQlGetTypeArgument(it) }.requireNoNullsOrNull()
+            (0 until c.typeArgumentsCount).map { c.getTypeArgument(it) }.requireNoNullsOrNull()
         if (typeArguments == null) {
             logger.errorElement("Found a null type argument for a member access expression", c)
         } else {
@@ -8923,11 +8923,11 @@ open class KotlinFileExtractor(
                     tw.writeVariableBinding(lhsId, fieldId)
 
                     val parameters = mutableListOf<IrValueParameter>()
-                    val extParam = samMember.codeQlExtensionReceiverParameter
+                    val extParam = samMember.extensionReceiverParameter
                     if (extParam != null) {
                         parameters.add(extParam)
                     }
-                    parameters.addAll(samMember.codeQlValueParameters)
+                    parameters.addAll(samMember.valueParameters)
 
                     fun extractArgument(
                         p: IrValueParameter,
@@ -9032,7 +9032,7 @@ open class KotlinFileExtractor(
         elementToReportOn: IrElement,
         declarationParent: IrDeclarationParent,
         compilerGeneratedKindOverride: CompilerGeneratedKinds? = null,
-        superConstructorSelector: (IrFunction) -> Boolean = { it.codeQlValueParameters.isEmpty() },
+        superConstructorSelector: (IrFunction) -> Boolean = { it.valueParameters.isEmpty() },
         extractSuperconstructorArgs: (Label<DbSuperconstructorinvocationstmt>) -> Unit = {},
     ): Label<out DbClassorinterface> {
         // Write class

java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt

@@ -12,7 +12,7 @@ import org.jetbrains.kotlin.ir.ObsoleteDescriptorBasedAPI
 import org.jetbrains.kotlin.ir.declarations.*
 import org.jetbrains.kotlin.ir.expressions.*
 import org.jetbrains.kotlin.ir.symbols.*
-import com.github.codeql.utils.versions.codeQlAddAnnotations
+import org.jetbrains.kotlin.ir.types.addAnnotations
 import org.jetbrains.kotlin.ir.types.classFqName
 import org.jetbrains.kotlin.ir.types.classifierOrNull
 import org.jetbrains.kotlin.ir.types.classOrNull
@@ -355,7 +355,7 @@ open class KotlinUsesExtractor(
     }
 
     private fun propertySignature(p: IrProperty) =
-        ((p.getter ?: p.setter)?.codeQlExtensionReceiverParameter?.let {
+        ((p.getter ?: p.setter)?.extensionReceiverParameter?.let {
             useType(erase(it.type)).javaResult.signature
         } ?: "")
 
@@ -368,7 +368,7 @@ open class KotlinUsesExtractor(
                 // useDeclarationParent -> useFunction
                 // -> extractFunctionLaterIfExternalFileMember, which would result for `fun <T> f(t:
                 // T) { ... }` for example.
-                (listOfNotNull(d.codeQlExtensionReceiverParameter) + d.codeQlValueParameters)
+                (listOfNotNull(d.extensionReceiverParameter) + d.valueParameters)
                     .map { useType(erase(it.type)).javaResult.signature }
                     .joinToString(separator = ",", prefix = "(", postfix = ")")
             is IrProperty -> propertySignature(d) + externalClassExtractor.propertySignature
@@ -488,8 +488,8 @@ open class KotlinUsesExtractor(
             val result =
                 replacementClass.declarations.findSubType<IrSimpleFunction> { replacementDecl ->
                     replacementDecl.name == f.name &&
-                        replacementDecl.codeQlValueParameters.size == f.codeQlValueParameters.size &&
-                        replacementDecl.codeQlValueParameters.zip(f.codeQlValueParameters).all {
+                        replacementDecl.valueParameters.size == f.valueParameters.size &&
+                        replacementDecl.valueParameters.zip(f.valueParameters).all {
                             erase(it.first.type) == erase(it.second.type)
                         }
                 }
@@ -1265,7 +1265,7 @@ open class KotlinUsesExtractor(
     private fun getWildcardSuppressionDirective(t: IrAnnotationContainer): Boolean? =
         t.getAnnotation(jvmWildcardSuppressionAnnotation)?.let {
             @Suppress("USELESS_CAST") // `as? Boolean` is not needed for Kotlin < 2.1
-            (it.codeQlGetValueArgument(0) as? CodeQLIrConst<Boolean>)?.value as? Boolean ?: true
+            (it.getValueArgument(0) as? CodeQLIrConst<Boolean>)?.value as? Boolean ?: true
         }
 
     private fun addJavaLoweringArgumentWildcards(
@@ -1376,9 +1376,9 @@ open class KotlinUsesExtractor(
             f.parent,
             parentId,
             getFunctionShortName(f).nameInDB,
-            (maybeParameterList ?: f.codeQlValueParameters).map { it.type },
+            (maybeParameterList ?: f.valueParameters).map { it.type },
             getAdjustedReturnType(f),
-            f.codeQlExtensionReceiverParameter?.type,
+            f.extensionReceiverParameter?.type,
             getFunctionTypeParameters(f),
             classTypeArgsIncludingOuterClasses,
             overridesCollectionsMethodWithAlteredParameterTypes(f),
@@ -1401,12 +1401,12 @@ open class KotlinUsesExtractor(
         // The name of the function; normally f.name.asString().
         name: String,
         // The types of the value parameters that the functions takes; normally
-        // f.codeQlValueParameters.map { it.type }.
+        // f.valueParameters.map { it.type }.
         parameterTypes: List<IrType>,
         // The return type of the function; normally f.returnType.
         returnType: IrType,
         // The extension receiver of the function, if any; normally
-        // f.codeQlExtensionReceiverParameter?.type.
+        // f.extensionReceiverParameter?.type.
         extensionParamType: IrType?,
         // The type parameters of the function. This does not include type parameters of enclosing
         // classes.
@@ -1579,7 +1579,7 @@ open class KotlinUsesExtractor(
                 parentClass.fqNameWhenAvailable?.asString() !=
                     "java.util.concurrent.ConcurrentHashMap" ||
                 getFunctionShortName(f).nameInDB != "keySet" ||
-                f.codeQlValueParameters.isNotEmpty() ||
+                f.valueParameters.isNotEmpty() ||
                 f.returnType.classFqName?.asString() != "kotlin.collections.MutableSet"
         ) {
             return f.returnType
@@ -1587,7 +1587,7 @@ open class KotlinUsesExtractor(
 
         val otherKeySet =
             parentClass.declarations.findSubType<IrFunction> {
-                it.name.asString() == "keySet" && it.codeQlValueParameters.size == 1
+                it.name.asString() == "keySet" && it.valueParameters.size == 1
             } ?: return f.returnType
 
         return otherKeySet.returnType.codeQlWithHasQuestionMark(false)
@@ -1695,8 +1695,8 @@ open class KotlinUsesExtractor(
                         javaClass.declarations.findSubType<IrFunction> { decl ->
                             !decl.isFakeOverride &&
                                 decl.name.asString() == jvmName &&
-                                decl.codeQlValueParameters.size == f.codeQlValueParameters.size &&
-                                decl.codeQlValueParameters.zip(f.codeQlValueParameters).all { p ->
+                                decl.valueParameters.size == f.valueParameters.size &&
+                                decl.valueParameters.zip(f.valueParameters).all { p ->
                                     erase(p.first.type).classifierOrNull ==
                                         erase(p.second.type).classifierOrNull
                                 }
@@ -2125,7 +2125,7 @@ open class KotlinUsesExtractor(
                 }
 
                 return if (t.arguments.isNotEmpty())
-                    t.codeQlAddAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
+                    t.addAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
                 else t
             }
         }
@@ -2153,7 +2153,7 @@ open class KotlinUsesExtractor(
         val idxOffset =
             if (
                 declarationParent is IrFunction &&
-                    declarationParent.codeQlExtensionReceiverParameter != null
+                    declarationParent.extensionReceiverParameter != null
             )
             // For extension functions increase the index to match what the java extractor sees:
             1
@@ -2187,7 +2187,7 @@ open class KotlinUsesExtractor(
     // Gets a field's corresponding property's extension receiver type, if any
     fun getExtensionReceiverType(f: IrField) =
         f.correspondingPropertySymbol?.owner?.let {
-            (it.getter ?: it.setter)?.codeQlExtensionReceiverParameter?.type
+            (it.getter ?: it.setter)?.extensionReceiverParameter?.type
         }
 
     fun getFieldLabel(f: IrField): String {
@@ -2222,14 +2222,14 @@ open class KotlinUsesExtractor(
         val setter = p.setter
 
         val func = getter ?: setter
-        val ext = func?.codeQlExtensionReceiverParameter
+        val ext = func?.extensionReceiverParameter
 
         return if (ext == null) {
             "@\"property;{$parentId};${p.name.asString()}\""
         } else {
             val returnType =
                 getter?.returnType
-                    ?: setter?.codeQlValueParameters?.singleOrNull()?.type
+                    ?: setter?.valueParameters?.singleOrNull()?.type
                     ?: pluginContext.irBuiltIns.unitType
             val typeParams = getFunctionTypeParameters(func)
 

java/kotlin-extractor/src/main/kotlin/MetaAnnotationSupport.kt

@@ -1,10 +1,5 @@
 package com.github.codeql
 
-import com.github.codeql.utils.versions.codeQlAnnotationFromSymbolOwner
-import com.github.codeql.utils.versions.codeQlGetValueArgument
-import com.github.codeql.utils.versions.codeQlPutValueArgument
-import com.github.codeql.utils.versions.codeQlSetAnnotations
-import com.github.codeql.utils.versions.codeQlSetDispatchReceiverParameter
 import com.github.codeql.utils.versions.createImplicitParameterDeclarationWithWrappedDescriptor
 import java.lang.annotation.ElementType
 import java.util.HashSet
@@ -100,7 +95,7 @@ class MetaAnnotationSupport(
                     JvmAnnotationNames.REPEATABLE_ANNOTATION
             }
         return if (jvmRepeatable != null) {
-            ((jvmRepeatable.codeQlGetValueArgument(0) as? IrClassReference)?.symbol as? IrClassSymbol)
+            ((jvmRepeatable.getValueArgument(0) as? IrClassReference)?.symbol as? IrClassSymbol)
                 ?.owner
         } else {
             getOrCreateSyntheticRepeatableAnnotationContainer(annotationClass)
@@ -122,12 +117,12 @@ class MetaAnnotationSupport(
             )
             return null
         } else {
-            return codeQlAnnotationFromSymbolOwner(
+            return IrConstructorCallImpl.fromSymbolOwner(
                     containerClass.defaultType,
                     containerConstructor.symbol
                 )
                 .apply {
-                    codeQlPutValueArgument(
+                    putValueArgument(
                         0,
                         IrVarargImpl(
                             UNDEFINED_OFFSET,
@@ -149,7 +144,7 @@ class MetaAnnotationSupport(
 
     // Taken from AdditionalClassAnnotationLowering.kt
     private fun loadAnnotationTargets(targetEntry: IrConstructorCall): Set<KotlinTarget>? {
-        val valueArgument = targetEntry.codeQlGetValueArgument(0) as? IrVararg ?: return null
+        val valueArgument = targetEntry.getValueArgument(0) as? IrVararg ?: return null
         return valueArgument.elements
             .filterIsInstance<IrGetEnumValue>()
             .mapNotNull { KotlinTarget.valueOrNull(it.symbol.owner.name.asString()) }
@@ -235,14 +230,14 @@ class MetaAnnotationSupport(
             )
         }
 
-        return codeQlAnnotationFromSymbolOwner(
+        return IrConstructorCallImpl.fromSymbolOwner(
                 UNDEFINED_OFFSET,
                 UNDEFINED_OFFSET,
                 targetConstructor.returnType,
                 targetConstructor.symbol,
                 0
             )
-            .apply { codeQlPutValueArgument(0, vararg) }
+            .apply { putValueArgument(0, vararg) }
     }
 
     private val javaAnnotationRetention by lazy {
@@ -268,7 +263,7 @@ class MetaAnnotationSupport(
     // Taken from AnnotationCodegen.kt (not available in Kotlin < 1.6.20)
     private fun IrClass.getAnnotationRetention(): KotlinRetention? {
         val retentionArgument =
-            getAnnotation(StandardNames.FqNames.retention)?.codeQlGetValueArgument(0) as? IrGetEnumValue
+            getAnnotation(StandardNames.FqNames.retention)?.getValueArgument(0) as? IrGetEnumValue
                 ?: return null
         val retentionArgumentValue = retentionArgument.symbol.owner
         return KotlinRetention.valueOf(retentionArgumentValue.name.asString())
@@ -288,7 +283,7 @@ class MetaAnnotationSupport(
         val targetConstructor =
             retentionType.declarations.firstIsInstanceOrNull<IrConstructor>() ?: return null
 
-        return codeQlAnnotationFromSymbolOwner(
+        return IrConstructorCallImpl.fromSymbolOwner(
                 UNDEFINED_OFFSET,
                 UNDEFINED_OFFSET,
                 targetConstructor.returnType,
@@ -296,7 +291,7 @@ class MetaAnnotationSupport(
                 0
             )
             .apply {
-                codeQlPutValueArgument(
+                putValueArgument(
                     0,
                     IrGetEnumValueImpl(
                         UNDEFINED_OFFSET,
@@ -338,7 +333,7 @@ class MetaAnnotationSupport(
                             return
                         }
                 val newParam = thisReceiever.copyTo(this)
-                codeQlSetDispatchReceiverParameter(newParam)
+                dispatchReceiverParameter = newParam
                 body =
                     factory
                         .createBlockBody(UNDEFINED_OFFSET, UNDEFINED_OFFSET)
@@ -411,7 +406,7 @@ class MetaAnnotationSupport(
             val repeatableContainerAnnotation =
                 kotlinAnnotationRepeatableContainer?.constructors?.single()
 
-            codeQlSetAnnotations(containerClass,
+            containerClass.annotations =
                 annotationClass.annotations
                     .filter {
                         it.isAnnotationWithEqualFqName(StandardNames.FqNames.retention) ||
@@ -420,7 +415,7 @@ class MetaAnnotationSupport(
                     .map { it.deepCopyWithSymbols(containerClass) } +
                     listOfNotNull(
                         repeatableContainerAnnotation?.let {
-                            codeQlAnnotationFromSymbolOwner(
+                            IrConstructorCallImpl.fromSymbolOwner(
                                 UNDEFINED_OFFSET,
                                 UNDEFINED_OFFSET,
                                 it.returnType,
@@ -429,7 +424,6 @@ class MetaAnnotationSupport(
                             )
                         }
                     )
-            )
 
             containerClass
         }
@@ -468,14 +462,14 @@ class MetaAnnotationSupport(
                 containerClass.symbol,
                 containerClass.defaultType
             )
-        return codeQlAnnotationFromSymbolOwner(
+        return IrConstructorCallImpl.fromSymbolOwner(
                 UNDEFINED_OFFSET,
                 UNDEFINED_OFFSET,
                 repeatableConstructor.returnType,
                 repeatableConstructor.symbol,
                 0
             )
-            .apply { codeQlPutValueArgument(0, containerReference) }
+            .apply { putValueArgument(0, containerReference) }
     }
 
     private val javaAnnotationDocumented by lazy {
@@ -494,7 +488,7 @@ class MetaAnnotationSupport(
             javaAnnotationDocumented?.declarations?.firstIsInstanceOrNull<IrConstructor>()
                 ?: return null
 
-        return codeQlAnnotationFromSymbolOwner(
+        return IrConstructorCallImpl.fromSymbolOwner(
             UNDEFINED_OFFSET,
             UNDEFINED_OFFSET,
             documentedConstructor.returnType,

java/kotlin-extractor/src/main/kotlin/TrapWriter.kt

@@ -1,7 +1,6 @@
 package com.github.codeql
 
 import com.github.codeql.KotlinUsesExtractor.LocallyVisibleFunctionLabels
-import com.github.codeql.utils.versions.codeQlExtensionReceiver
 import com.semmle.extractor.java.PopulateFile
 import com.semmle.util.unicode.UTF8Util
 import java.io.BufferedWriter
@@ -332,7 +331,7 @@ open class FileTrapWriter(
             is IrCall -> {
                 // Calls have incorrect startOffset, so we adjust them:
                 val dr = e.dispatchReceiver?.let { getStartOffset(it) }
-                val er = e.codeQlExtensionReceiver?.let { getStartOffset(it) }
+                val er = e.extensionReceiver?.let { getStartOffset(it) }
                 offsetMinOf(e.startOffset, dr, er)
             }
             else -> e.startOffset

java/kotlin-extractor/src/main/kotlin/comments/CommentExtractor.kt

@@ -2,7 +2,6 @@ package com.github.codeql.comments
 
 import com.github.codeql.*
 import com.github.codeql.utils.isLocalFunction
-import com.github.codeql.utils.versions.codeQlExtensionReceiverParameter
 import com.github.codeql.utils.versions.isDispatchReceiver
 import org.jetbrains.kotlin.ir.IrElement
 import org.jetbrains.kotlin.ir.declarations.*
@@ -12,7 +11,7 @@ import org.jetbrains.kotlin.ir.util.parentClassOrNull
 
 private fun IrValueParameter.isExtensionReceiver(): Boolean {
     val parentFun = parent as? IrFunction ?: return false
-    return parentFun.codeQlExtensionReceiverParameter == this
+    return parentFun.extensionReceiverParameter == this
 }
 
 open class CommentExtractor(

java/kotlin-extractor/src/main/kotlin/utils/JvmNames.kt

@@ -1,8 +1,6 @@
 package com.github.codeql.utils
 
 import com.github.codeql.utils.versions.CodeQLIrConst
-import com.github.codeql.utils.versions.codeQlGetValueArgument
-import com.github.codeql.utils.versions.codeQlValueArgumentsCount
 import org.jetbrains.kotlin.builtins.StandardNames
 import org.jetbrains.kotlin.ir.declarations.IrAnnotationContainer
 import org.jetbrains.kotlin.ir.declarations.IrClass
@@ -78,9 +76,9 @@ private fun getSpecialJvmName(f: IrFunction): String? {
 fun getJvmName(container: IrAnnotationContainer): String? {
     for (a: IrConstructorCall in container.annotations) {
         val t = a.type
-        if (t is IrSimpleType && a.codeQlValueArgumentsCount == 1) {
+        if (t is IrSimpleType && a.valueArgumentsCount == 1) {
             val owner = t.classifier.owner
-            val v = a.codeQlGetValueArgument(0)
+            val v = a.getValueArgument(0)
             if (owner is IrClass) {
                 val aPkg = owner.packageFqName?.asString()
                 val name = owner.name.asString()

java/kotlin-extractor/src/main/kotlin/utils/TypeSubstitution.kt

@@ -18,7 +18,7 @@ import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
 import org.jetbrains.kotlin.ir.expressions.impl.*
 import org.jetbrains.kotlin.ir.symbols.IrTypeParameterSymbol
 import org.jetbrains.kotlin.ir.symbols.impl.DescriptorlessExternalPackageFragmentSymbol
-import com.github.codeql.utils.versions.codeQlAddAnnotations
+import org.jetbrains.kotlin.ir.types.addAnnotations
 import org.jetbrains.kotlin.ir.types.classifierOrNull
 import org.jetbrains.kotlin.ir.types.makeNotNull
 import org.jetbrains.kotlin.ir.types.makeNullable
@@ -192,7 +192,7 @@ object RawTypeAnnotation {
                     addConstructor { isPrimary = true }
                 }
         val constructor = annoClass.constructors.single()
-        codeQlAnnotationFromSymbolOwner(constructor.constructedClassType, constructor.symbol)
+        IrConstructorCallImpl.fromSymbolOwner(constructor.constructedClassType, constructor.symbol)
     }
 }
 
@@ -202,7 +202,7 @@ fun IrType.toRawType(): IrType =
             when (val owner = this.classifier.owner) {
                 is IrClass -> {
                     if (this.arguments.isNotEmpty())
-                        this.codeQlAddAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
+                        this.addAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
                     else this
                 }
                 is IrTypeParameter -> owner.superTypes[0].toRawType()
@@ -215,7 +215,7 @@ fun IrType.toRawType(): IrType =
 fun IrClass.toRawType(): IrType {
     val result = this.typeWith(listOf())
     return if (this.typeParameters.isNotEmpty())
-        result.codeQlAddAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
+        result.addAnnotations(listOf(RawTypeAnnotation.annotationConstructor))
     else result
 }
 

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/IrCompat.kt

@@ -1,70 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.declarations.IrFunction
-import org.jetbrains.kotlin.ir.declarations.IrValueParameter
-import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
-import org.jetbrains.kotlin.ir.expressions.IrExpression
-import org.jetbrains.kotlin.ir.expressions.IrMemberAccessExpression
-import org.jetbrains.kotlin.ir.expressions.impl.*
-import org.jetbrains.kotlin.ir.symbols.IrConstructorSymbol
-import org.jetbrains.kotlin.ir.types.IrType
-import org.jetbrains.kotlin.ir.types.addAnnotations
-
-/**
- * Compatibility accessors for pre-2.4.0 API patterns.
- * In pre-2.4.0 versions, these delegate directly to the existing APIs.
- */
-
-// IrFunction: valueParameters
-val IrFunction.codeQlValueParameters: List<IrValueParameter>
-    get() = valueParameters
-
-// IrFunction: extensionReceiverParameter
-val IrFunction.codeQlExtensionReceiverParameter: IrValueParameter?
-    get() = extensionReceiverParameter
-
-// IrMemberAccessExpression: valueArgumentsCount
-val IrMemberAccessExpression<*>.codeQlValueArgumentsCount: Int
-    get() = valueArgumentsCount
-
-// IrMemberAccessExpression: getValueArgument
-fun IrMemberAccessExpression<*>.codeQlGetValueArgument(index: Int): IrExpression? = getValueArgument(index)
-
-// IrMemberAccessExpression: putValueArgument
-fun IrMemberAccessExpression<*>.codeQlPutValueArgument(index: Int, value: IrExpression?) {
-    putValueArgument(index, value)
-}
-
-// IrMemberAccessExpression: extensionReceiver
-val IrMemberAccessExpression<*>.codeQlExtensionReceiver: IrExpression?
-    get() = extensionReceiver
-
-// IrMemberAccessExpression: typeArgumentsCount
-val IrMemberAccessExpression<*>.codeQlTypeArgumentsCount: Int
-    get() = typeArgumentsCount
-
-// IrMemberAccessExpression: getTypeArgument
-fun IrMemberAccessExpression<*>.codeQlGetTypeArgument(index: Int): IrType? = getTypeArgument(index)
-
-// addAnnotations compat: in pre-2.4.0, addAnnotations expects List<IrConstructorCall>
-fun IrType.codeQlAddAnnotations(annotations: List<IrConstructorCall>): IrType =
-    addAnnotations(annotations)
-
-// IrMutableAnnotationContainer.annotations setter: in pre-2.4.0, annotations is var with List<IrConstructorCall>
-fun codeQlSetAnnotations(container: org.jetbrains.kotlin.ir.declarations.IrMutableAnnotationContainer, annotations: List<IrConstructorCall>) {
-    container.annotations = annotations
-}
-
-// IrFunction: set dispatch receiver parameter (pre-2.4.0 it's a var)
-fun IrFunction.codeQlSetDispatchReceiverParameter(param: IrValueParameter?) {
-    dispatchReceiverParameter = param
-}
-
-// In pre-2.4.0, annotations are List<IrConstructorCall> so IrConstructorCallImpl works directly.
-fun codeQlAnnotationFromSymbolOwner(
-    startOffset: Int, endOffset: Int, type: IrType, symbol: IrConstructorSymbol, typeArgumentsCount: Int
-): IrConstructorCall =
-    IrConstructorCallImpl.fromSymbolOwner(startOffset, endOffset, type, symbol, typeArgumentsCount)
-
-fun codeQlAnnotationFromSymbolOwner(type: IrType, symbol: IrConstructorSymbol): IrConstructorCall =
-    IrConstructorCallImpl.fromSymbolOwner(type, symbol)

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_8_0/Kotlin2ComponentRegistrar.kt

@@ -3,32 +3,10 @@
 
 package com.github.codeql
 
-import com.intellij.mock.MockProject
-import com.intellij.openapi.extensions.LoadingOrder
-import org.jetbrains.kotlin.backend.common.extensions.IrGenerationExtension
 import org.jetbrains.kotlin.compiler.plugin.ComponentRegistrar
 import org.jetbrains.kotlin.compiler.plugin.ExperimentalCompilerApi
-import org.jetbrains.kotlin.config.CompilerConfiguration
 
 @OptIn(ExperimentalCompilerApi::class)
 abstract class Kotlin2ComponentRegistrar : ComponentRegistrar {
     /* Nothing to do; supportsK2 doesn't exist yet. */
-
-    private var project: MockProject? = null
-
-    override fun registerProjectComponents(
-        project: MockProject,
-        configuration: CompilerConfiguration
-    ) {
-        this.project = project
-        doRegisterExtensions(configuration)
-    }
-
-    abstract fun doRegisterExtensions(configuration: CompilerConfiguration)
-
-    fun registerExtractorExtension(extension: IrGenerationExtension) {
-        val p = project ?: throw IllegalStateException("registerExtractorExtension called before registerProjectComponents")
-        val extensionPoint = p.extensionArea.getExtensionPoint(IrGenerationExtension.extensionPointName)
-        extensionPoint.registerExtension(extension, LoadingOrder.LAST, p)
-    }
 }

java/kotlin-extractor/src/main/kotlin/utils/versions/v_1_9_0-Beta/Kotlin2ComponentRegistrar.kt

@@ -3,35 +3,11 @@
 
 package com.github.codeql
 
-import com.intellij.mock.MockProject
-import com.intellij.openapi.extensions.LoadingOrder
-import org.jetbrains.kotlin.backend.common.extensions.IrGenerationExtension
 import org.jetbrains.kotlin.compiler.plugin.ComponentRegistrar
 import org.jetbrains.kotlin.compiler.plugin.ExperimentalCompilerApi
-import org.jetbrains.kotlin.config.CompilerConfiguration
 
 @OptIn(ExperimentalCompilerApi::class)
 abstract class Kotlin2ComponentRegistrar : ComponentRegistrar {
     override val supportsK2: Boolean
         get() = true
-
-    private var project: MockProject? = null
-
-    override fun registerProjectComponents(
-        project: MockProject,
-        configuration: CompilerConfiguration
-    ) {
-        this.project = project
-        doRegisterExtensions(configuration)
-    }
-
-    abstract fun doRegisterExtensions(configuration: CompilerConfiguration)
-
-    fun registerExtractorExtension(extension: IrGenerationExtension) {
-        val p = project ?: throw IllegalStateException("registerExtractorExtension called before registerProjectComponents")
-        // Register with LoadingOrder.LAST to ensure the extractor runs after other
-        // IR generation plugins (like kotlinx.serialization) have generated their code.
-        val extensionPoint = p.extensionArea.getExtensionPoint(IrGenerationExtension.extensionPointName)
-        extensionPoint.registerExtension(extension, LoadingOrder.LAST, p)
-    }
 }

java/kotlin-extractor/src/main/kotlin/utils/versions/v_2_4_0/IrCompat.kt

@@ -1,121 +0,0 @@
-@file:Suppress("DEPRECATION")
-
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.declarations.IrFunction
-import org.jetbrains.kotlin.ir.declarations.IrValueParameter
-import org.jetbrains.kotlin.ir.expressions.IrAnnotation
-import org.jetbrains.kotlin.ir.expressions.IrConstructorCall
-import org.jetbrains.kotlin.ir.expressions.IrExpression
-import org.jetbrains.kotlin.ir.expressions.IrMemberAccessExpression
-import org.jetbrains.kotlin.ir.expressions.impl.IrAnnotationImpl
-import org.jetbrains.kotlin.ir.expressions.impl.fromSymbolOwner
-import org.jetbrains.kotlin.ir.symbols.IrConstructorSymbol
-import org.jetbrains.kotlin.ir.types.IrType
-import org.jetbrains.kotlin.ir.types.addAnnotations
-
-/**
- * Compatibility accessors for pre-2.4.0 API patterns.
- * In 2.4.0, valueParameters/extensionReceiverParameter/extensionReceiver/
- * getValueArgument/putValueArgument/valueArgumentsCount/typeArgumentsCount/getTypeArgument
- * have been removed. This file provides the 2.4.0 implementations.
- */
-
-// IrFunction: valueParameters -> parameters filtered to Regular kind
-val IrFunction.codeQlValueParameters: List<IrValueParameter>
-    get() = parameters.filter { it.kind == org.jetbrains.kotlin.ir.declarations.IrParameterKind.Regular }
-
-// IrFunction: extensionReceiverParameter
-val IrFunction.codeQlExtensionReceiverParameter: IrValueParameter?
-    get() = parameters.firstOrNull { it.kind == org.jetbrains.kotlin.ir.declarations.IrParameterKind.ExtensionReceiver }
-
-// Helper: get the offset of value arguments in the arguments list
-// In 2.4.0, arguments[] includes dispatch/extension receivers before regular params
-private fun IrMemberAccessExpression<*>.valueArgumentOffset(): Int {
-    val owner = symbol.owner as? IrFunction ?: return 0
-    return owner.parameters.count { it.kind != org.jetbrains.kotlin.ir.declarations.IrParameterKind.Regular }
-}
-
-// IrMemberAccessExpression: valueArgumentsCount
-val IrMemberAccessExpression<*>.codeQlValueArgumentsCount: Int
-    get() = arguments.size - valueArgumentOffset()
-
-// IrMemberAccessExpression: getValueArgument
-fun IrMemberAccessExpression<*>.codeQlGetValueArgument(index: Int): IrExpression? = arguments[index + valueArgumentOffset()]
-
-// IrMemberAccessExpression: putValueArgument
-fun IrMemberAccessExpression<*>.codeQlPutValueArgument(index: Int, value: IrExpression?) {
-    arguments[index + valueArgumentOffset()] = value
-}
-
-// IrMemberAccessExpression: extensionReceiver
-// For IrCall/IrFunctionReference, look at symbol.owner (IrFunction) directly.
-// For IrPropertyReference, symbol.owner is IrProperty; use the getter's parameters instead.
-val IrMemberAccessExpression<*>.codeQlExtensionReceiver: IrExpression?
-    get() {
-        val erp = extensionReceiverParameterIndex() ?: return null
-        return arguments[erp]
-    }
-
-private fun IrMemberAccessExpression<*>.extensionReceiverParameterIndex(): Int? {
-    // Direct function owner (IrCall, IrFunctionReference, etc.)
-    (symbol.owner as? IrFunction)?.codeQlExtensionReceiverParameter?.let {
-        return it.indexInParameters
-    }
-    // Property reference: look at getter or setter function
-    (this as? org.jetbrains.kotlin.ir.expressions.IrPropertyReference)?.let { propRef ->
-        propRef.getter?.owner?.codeQlExtensionReceiverParameter?.let {
-            return it.indexInParameters
-        }
-        propRef.setter?.owner?.codeQlExtensionReceiverParameter?.let {
-            return it.indexInParameters
-        }
-    }
-    return null
-}
-
-// IrMemberAccessExpression: typeArgumentsCount
-val IrMemberAccessExpression<*>.codeQlTypeArgumentsCount: Int
-    get() = typeArguments.size
-
-// IrMemberAccessExpression: getTypeArgument
-fun IrMemberAccessExpression<*>.codeQlGetTypeArgument(index: Int): IrType? = typeArguments[index]
-
-// addAnnotations compat: in 2.4.0, addAnnotations expects List<IrAnnotation>
-// IrConstructorCall implements IrAnnotation in 2.4.0, so filterIsInstance is identity
-fun IrType.codeQlAddAnnotations(annotations: List<IrConstructorCall>): IrType =
-    addAnnotations(annotations.filterIsInstance<IrAnnotation>())
-
-// IrMutableAnnotationContainer.annotations setter: in 2.4.0, expects List<IrAnnotation>
-fun codeQlSetAnnotations(container: org.jetbrains.kotlin.ir.declarations.IrMutableAnnotationContainer, annotations: List<IrConstructorCall>) {
-    container.annotations = annotations.filterIsInstance<IrAnnotation>()
-}
-
-// IrFunction: set dispatch receiver parameter
-// In 2.4.0, dispatchReceiverParameter is val; modify the parameters list directly.
-fun IrFunction.codeQlSetDispatchReceiverParameter(param: IrValueParameter?) {
-    val existing = parameters.indexOfFirst { it.kind == org.jetbrains.kotlin.ir.declarations.IrParameterKind.DispatchReceiver }
-    val mutableParams = parameters.toMutableList()
-    if (existing >= 0) {
-        if (param != null) {
-            mutableParams[existing] = param
-        } else {
-            mutableParams.removeAt(existing)
-        }
-    } else if (param != null) {
-        param.kind = org.jetbrains.kotlin.ir.declarations.IrParameterKind.DispatchReceiver
-        mutableParams.add(0, param)
-    }
-    parameters = mutableParams
-}
-
-// In 2.4.0, annotation lists require IrAnnotation instances.
-// Use IrAnnotationImpl.fromSymbolOwner instead of IrConstructorCallImpl.fromSymbolOwner.
-fun codeQlAnnotationFromSymbolOwner(
-    startOffset: Int, endOffset: Int, type: IrType, symbol: IrConstructorSymbol, typeArgumentsCount: Int
-): IrConstructorCall =
-    IrAnnotationImpl.fromSymbolOwner(startOffset, endOffset, type, symbol, typeArgumentsCount)
-
-fun codeQlAnnotationFromSymbolOwner(type: IrType, symbol: IrConstructorSymbol): IrConstructorCall =
-    IrAnnotationImpl.fromSymbolOwner(type, symbol)
-

java/kotlin-extractor/src/main/kotlin/utils/versions/v_2_4_0/Kotlin2ComponentRegistrar.kt

@@ -1,45 +0,0 @@
-@file:Suppress("DEPRECATION", "DEPRECATION_ERROR")
-@file:OptIn(ExperimentalCompilerApi::class)
-
-package com.github.codeql
-
-import com.intellij.mock.MockProject
-import org.jetbrains.kotlin.backend.common.extensions.IrGenerationExtension
-import org.jetbrains.kotlin.compiler.plugin.ComponentRegistrar
-import org.jetbrains.kotlin.compiler.plugin.CompilerPluginRegistrar
-import org.jetbrains.kotlin.compiler.plugin.ExperimentalCompilerApi
-import org.jetbrains.kotlin.config.CompilerConfiguration
-
-abstract class Kotlin2ComponentRegistrar : CompilerPluginRegistrar(), ComponentRegistrar {
-    override val supportsK2: Boolean
-        get() = true
-
-    override val pluginId: String
-        get() = "kotlin-extractor"
-
-    // ComponentRegistrar implementation (legacy path, still called by Kotlin compiler)
-    override fun registerProjectComponents(
-        project: MockProject,
-        configuration: CompilerConfiguration
-    ) {
-        // In 2.4.0, we use CompilerPluginRegistrar path instead.
-        // This is only called if the compiler uses the ComponentRegistrar service file.
-        // We do nothing here since registerExtensions will be called separately.
-    }
-
-    private var extensionStorage: CompilerPluginRegistrar.ExtensionStorage? = null
-
-    override fun ExtensionStorage.registerExtensions(configuration: CompilerConfiguration) {
-        this@Kotlin2ComponentRegistrar.extensionStorage = this
-        doRegisterExtensions(configuration)
-    }
-
-    abstract fun doRegisterExtensions(configuration: CompilerConfiguration)
-
-    protected fun registerExtractorExtension(extension: IrGenerationExtension) {
-        val storage = extensionStorage ?: throw IllegalStateException("registerExtractorExtension called before registerExtensions")
-        with(storage) {
-            IrGenerationExtension.registerExtension(extension)
-        }
-    }
-}

java/kotlin-extractor/src/main/kotlin/utils/versions/v_2_4_0/parameterIndexExcludingReceivers.kt

@@ -1,13 +0,0 @@
-package com.github.codeql.utils.versions
-
-import org.jetbrains.kotlin.ir.declarations.IrFunction
-import org.jetbrains.kotlin.ir.declarations.IrParameterKind
-import org.jetbrains.kotlin.ir.declarations.IrValueParameter
-
-fun parameterIndexExcludingReceivers(vp: IrValueParameter): Int {
-    val offset =
-        (vp.parent as? IrFunction)?.let { f ->
-            f.parameters.count { it.kind == IrParameterKind.DispatchReceiver || it.kind == IrParameterKind.ExtensionReceiver || it.kind == IrParameterKind.Context }
-        } ?: 0
-    return vp.indexInParameters - offset
-}

java/kotlin-extractor/src/main/resources/META-INF/services/org.jetbrains.kotlin.compiler.plugin.CompilerPluginRegistrar

@@ -1 +0,0 @@
-com.github.codeql.KotlinExtractorComponentRegistrar

java/kotlin-extractor/versions.bzl

@@ -1,5 +1,8 @@
 # when updating this list, `bazel mod tidy` should be run from `codeql` to update `MODULE.bazel`
 VERSIONS = [
+    "1.8.0",
+    "1.9.0-Beta",
+    "1.9.20-Beta",
     "2.0.0-RC1",
     "2.0.20-Beta2",
     "2.1.0-Beta1",
@@ -8,7 +11,6 @@ VERSIONS = [
     "2.2.20-Beta2",
     "2.3.0",
     "2.3.20",
-    "2.4.0",
 ]
 
 def _version_to_tuple(v):

java/ql/integration-tests/kotlin/all-platforms/diagnostics/kotlin-version-too-new/diagnostics.expected

@@ -1,5 +1,5 @@
 {
-  "markdownMessage": "The Kotlin version installed (`999.999.999`) is too recent for this version of CodeQL. Install a version lower than 2.4.10.",
+  "markdownMessage": "The Kotlin version installed (`999.999.999`) is too recent for this version of CodeQL. Install a version lower than 2.3.30.",
   "severity": "error",
   "source": {
     "extractorName": "java",

java/ql/integration-tests/kotlin/all-platforms/enhanced-nullability/DB-CHECK.expected

@@ -1,3 +0,0 @@
-[VALUE_NOT_IN_TYPE] predicate callableBinding(@caller callerid, @callable callee): Value 44417 of field callee is not in type @callable. Appears in tuple (-16777158,44417)
-	Relevant element: callee=44417
-		Full ID for 44417: @"callable;(0).f((55))(55)". The ID may expand to @"callable;{@"class;Test"}.f({@"type;int"}){@"type;int"}"