set compileForOverlayEval true for java

.github/workflows/go-tests-other-os.yml

@@ -26,8 +26,9 @@ jobs:
         uses: ./go/actions/test
 
   test-win:
+    if: github.repository_owner == 'github'
     name: Test Windows
-    runs-on: windows-latest
+    runs-on: windows-latest-xl
     steps:
       - name: Check out code
         uses: actions/checkout@v4

.github/workflows/mad_modelDiff.yml

@@ -68,7 +68,7 @@ jobs:
             DATABASE=$2
             cd codeql-$QL_VARIANT
             SHORTNAME=`basename $DATABASE`
-            python misc/scripts/models-as-data/generate_mad.py --language java --with-summaries --with-sinks $DATABASE $SHORTNAME/$QL_VARIANT
+            python java/ql/src/utils/modelgenerator/GenerateFlowModel.py --with-summaries --with-sinks $DATABASE $SHORTNAME/$QL_VARIANT
             mkdir -p $MODELS/$SHORTNAME
             mv java/ql/lib/ext/generated/$SHORTNAME/$QL_VARIANT $MODELS/$SHORTNAME
             cd ..

.github/workflows/swift.yml

@@ -32,7 +32,7 @@ jobs:
     if: github.repository_owner == 'github'
     strategy:
       matrix:
-        runner: [ubuntu-latest, macos-15-xlarge]
+        runner: [ubuntu-latest, macos-13-xlarge]
       fail-fast: false
     runs-on: ${{ matrix.runner }}
     steps:

.gitignore

@@ -62,7 +62,6 @@ node_modules/
 
 # Temporary folders for working with generated models
 .model-temp
-/mad-generation-build
 
 # bazel-built in-tree extractor packs
 /*/extractor-pack
@@ -72,7 +71,3 @@ node_modules/
 
 # cargo build directory
 /target
-
-# some upgrade/downgrade checks create these files
-**/upgrades/*/*.dbscheme.stats
-**/downgrades/*/*.dbscheme.stats

CODEOWNERS

@@ -17,7 +17,6 @@
 
 # Experimental CodeQL cryptography
 **/experimental/quantum/ @github/ps-codeql
-/shared/quantum/ @github/ps-codeql
 
 # CodeQL tools and associated docs
 /docs/codeql/codeql-cli/ @github/codeql-cli-reviewers

Cargo.toml

@@ -10,7 +10,6 @@ members = [
     "rust/ast-generator",
     "rust/autobuild",
 ]
-exclude = ["mad-generation-build"]
 
 [patch.crates-io]
 # patch for build script bug preventing bazel build

MODULE.bazel

@@ -24,7 +24,7 @@ bazel_dep(name = "bazel_skylib", version = "1.7.1")
 bazel_dep(name = "abseil-cpp", version = "20240116.1", repo_name = "absl")
 bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
 bazel_dep(name = "fmt", version = "10.0.0")
-bazel_dep(name = "rules_kotlin", version = "2.1.3-codeql.1")
+bazel_dep(name = "rules_kotlin", version = "2.0.0-codeql.1")
 bazel_dep(name = "gazelle", version = "0.40.0")
 bazel_dep(name = "rules_dotnet", version = "0.17.4")
 bazel_dep(name = "googletest", version = "1.14.0.bcr.1")
@@ -193,6 +193,10 @@ use_repo(
     kotlin_extractor_deps,
     "codeql_kotlin_defaults",
     "codeql_kotlin_embeddable",
+    "kotlin-compiler-1.5.0",
+    "kotlin-compiler-1.5.10",
+    "kotlin-compiler-1.5.20",
+    "kotlin-compiler-1.5.30",
     "kotlin-compiler-1.6.0",
     "kotlin-compiler-1.6.20",
     "kotlin-compiler-1.7.0",
@@ -204,7 +208,10 @@ use_repo(
     "kotlin-compiler-2.0.20-Beta2",
     "kotlin-compiler-2.1.0-Beta1",
     "kotlin-compiler-2.1.20-Beta1",
-    "kotlin-compiler-2.2.0-Beta1",
+    "kotlin-compiler-embeddable-1.5.0",
+    "kotlin-compiler-embeddable-1.5.10",
+    "kotlin-compiler-embeddable-1.5.20",
+    "kotlin-compiler-embeddable-1.5.30",
     "kotlin-compiler-embeddable-1.6.0",
     "kotlin-compiler-embeddable-1.6.20",
     "kotlin-compiler-embeddable-1.7.0",
@@ -216,7 +223,10 @@ use_repo(
     "kotlin-compiler-embeddable-2.0.20-Beta2",
     "kotlin-compiler-embeddable-2.1.0-Beta1",
     "kotlin-compiler-embeddable-2.1.20-Beta1",
-    "kotlin-compiler-embeddable-2.2.0-Beta1",
+    "kotlin-stdlib-1.5.0",
+    "kotlin-stdlib-1.5.10",
+    "kotlin-stdlib-1.5.20",
+    "kotlin-stdlib-1.5.30",
     "kotlin-stdlib-1.6.0",
     "kotlin-stdlib-1.6.20",
     "kotlin-stdlib-1.7.0",
@@ -228,7 +238,6 @@ use_repo(
     "kotlin-stdlib-2.0.20-Beta2",
     "kotlin-stdlib-2.1.0-Beta1",
     "kotlin-stdlib-2.1.20-Beta1",
-    "kotlin-stdlib-2.2.0-Beta1",
 )
 
 go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")

actions/ql/integration-tests/query-suite/actions-code-quality.qls.expected

@@ -1 +0,0 @@
-

actions/ql/integration-tests/query-suite/actions-code-scanning.qls.expected

@@ -1,17 +0,0 @@
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
-ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
-ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
-ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
-ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
-ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql

actions/ql/integration-tests/query-suite/actions-security-and-quality.qls.expected

@@ -1,27 +0,0 @@
-ql/actions/ql/src/Debug/SyntaxError.ql
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
-ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
-ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
-ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
-ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
-ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
-ql/actions/ql/src/Security/CWE-571/ExpressionIsAlwaysTrueCritical.ql
-ql/actions/ql/src/Security/CWE-571/ExpressionIsAlwaysTrueHigh.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
-ql/actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.ql
-ql/actions/ql/src/Violations Of Best Practice/CodeQL/UnnecessaryUseOfAdvancedConfig.ql

actions/ql/integration-tests/query-suite/actions-security-extended.qls.expected

@@ -1,23 +0,0 @@
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
-ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
-ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
-ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
-ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
-ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
-ql/actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.ql

actions/ql/integration-tests/query-suite/not_included_in_qls.expected

@@ -1,17 +0,0 @@
-ql/actions/ql/src/Debug/partial.ql
-ql/actions/ql/src/Models/CompositeActionsSinks.ql
-ql/actions/ql/src/Models/CompositeActionsSources.ql
-ql/actions/ql/src/Models/CompositeActionsSummaries.ql
-ql/actions/ql/src/Models/ReusableWorkflowsSinks.ql
-ql/actions/ql/src/Models/ReusableWorkflowsSources.ql
-ql/actions/ql/src/Models/ReusableWorkflowsSummaries.ql
-ql/actions/ql/src/experimental/Security/CWE-074/OutputClobberingHigh.ql
-ql/actions/ql/src/experimental/Security/CWE-078/CommandInjectionCritical.ql
-ql/actions/ql/src/experimental/Security/CWE-078/CommandInjectionMedium.ql
-ql/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.ql
-ql/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.ql
-ql/actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql
-ql/actions/ql/src/experimental/Security/CWE-284/CodeExecutionOnSelfHostedRunner.ql
-ql/actions/ql/src/experimental/Security/CWE-829/ArtifactPoisoningPathTraversal.ql
-ql/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.ql
-ql/actions/ql/src/experimental/Security/CWE-918/RequestForgery.ql

actions/ql/integration-tests/query-suite/test.py

@@ -1,14 +0,0 @@
-import runs_on
-import pytest
-from query_suites import *
-
-well_known_query_suites = ['actions-code-quality.qls', 'actions-security-and-quality.qls', 'actions-security-extended.qls', 'actions-code-scanning.qls']
-
-@runs_on.posix
-@pytest.mark.parametrize("query_suite", well_known_query_suites)
-def test(codeql, actions, check_query_suite, query_suite):
-    check_query_suite(query_suite)
-
-@runs_on.posix
-def test_not_included_queries(codeql, actions, check_queries_not_included):
-    check_queries_not_included('actions', well_known_query_suites)

actions/ql/lib/CHANGELOG.md

@@ -1,20 +1,6 @@
-## 0.4.10
-
-No user-facing changes.
-
-## 0.4.9
-
-No user-facing changes.
-
-## 0.4.8
-
-No user-facing changes.
-
 ## 0.4.7
 
-### New Features
-
-* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.
+No user-facing changes.
 
 ## 0.4.6
 

actions/ql/lib/change-notes/released/0.4.10.md

@@ -1,3 +0,0 @@
-## 0.4.10
-
-No user-facing changes.

actions/ql/lib/change-notes/released/0.4.7.md

@@ -1,5 +1,3 @@
 ## 0.4.7
 
-### New Features
-
-* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.
+No user-facing changes.

actions/ql/lib/change-notes/released/0.4.8.md

@@ -1,3 +0,0 @@
-## 0.4.8
-
-No user-facing changes.

actions/ql/lib/change-notes/released/0.4.9.md

@@ -1,3 +0,0 @@
-## 0.4.9
-
-No user-facing changes.

actions/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.10
+lastReleaseVersion: 0.4.7

actions/ql/lib/ext/config/actions_permissions.yml

@@ -22,21 +22,16 @@ extensions:
       - ["actions/stale", "pull-requests: write"]
       - ["actions/attest-build-provenance", "id-token: write"]
       - ["actions/attest-build-provenance", "attestations: write"]
-      - ["actions/deploy-pages", "pages: write"]
-      - ["actions/deploy-pages", "id-token: write"]
-      - ["actions/delete-package-versions", "packages: write"]
       - ["actions/jekyll-build-pages", "contents: read"]
       - ["actions/jekyll-build-pages", "pages: write"]
       - ["actions/jekyll-build-pages", "id-token: write"]
       - ["actions/publish-action", "contents: write"]
-      - ["actions/versions-package-tools", "contents: read"]
+      - ["actions/versions-package-tools", "contents: read"]      
       - ["actions/versions-package-tools", "actions: read"]
-      - ["actions/reusable-workflows", "contents: read"]
+      - ["actions/reusable-workflows", "contents: read"]      
       - ["actions/reusable-workflows", "actions: read"]
-      - ["actions/ai-inference", "contents: read"]
-      - ["actions/ai-inference", "models: read"]
       # TODO: Add permissions for actions/download-artifact
       # TODO: Add permissions for actions/upload-artifact
-      # No permissions needed for actions/upload-pages-artifact
       # TODO: Add permissions for actions/cache
-      # No permissions needed for actions/configure-pages
+
+      

actions/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.10
+version: 0.4.8-dev
 library: true
 warnOnImplicitThis: true
 dependencies:

actions/ql/src/CHANGELOG.md

@@ -1,39 +1,5 @@
-## 0.6.2
-
-### Minor Analysis Improvements
-
-* The query `actions/missing-workflow-permissions` is now aware of the minimal permissions needed for the actions `deploy-pages`, `delete-package-versions`, `ai-inference`. This should lead to better alert messages and better fix suggestions.
-
-## 0.6.1
-
-No user-facing changes.
-
-## 0.6.0
-
-### Breaking Changes
-
-* The following queries have been removed from the `security-and-quality` suite.
-  They are not intended to produce user-facing
-  alerts describing vulnerabilities.
-  Any existing alerts for these queries will be closed automatically.
-  * `actions/composite-action-sinks`
-  * `actions/composite-action-sources`
-  * `actions/composite-action-summaries`
-  * `actions/reusable-workflow-sinks`
-    (renamed from `actions/reusable-wokflow-sinks`)
-  * `actions/reusable-workflow-sources`
-  * `actions/reusable-workflow-summaries`
-
-### Bug Fixes
-
-* Assigned a `security-severity` to the query `actions/excessive-secrets-exposure`.
-
 ## 0.5.4
 
-### New Features
-
-* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.
-
 ### Bug Fixes
 
 * Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.

actions/ql/src/Models/ReusableWorkflowsSinks.ql

@@ -5,7 +5,7 @@
  * @problem.severity warning
  * @security-severity 9.3
  * @precision high
- * @id actions/reusable-workflow-sinks
+ * @id actions/reusable-wokflow-sinks
  * @tags actions
  *       model-generator
  *       external/cwe/cwe-020

actions/ql/src/change-notes/2025-04-14-excessive-secrets-exposure-security-severity.md

@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Assigned a `security-severity` to the query `actions/excessive-secrets-exposure`.

actions/ql/src/change-notes/released/0.5.4.md

@@ -1,9 +1,5 @@
 ## 0.5.4
 
-### New Features
-
-* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.
-
 ### Bug Fixes
 
 * Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.

actions/ql/src/change-notes/released/0.6.0.md

@@ -1,19 +0,0 @@
-## 0.6.0
-
-### Breaking Changes
-
-* The following queries have been removed from the `security-and-quality` suite.
-  They are not intended to produce user-facing
-  alerts describing vulnerabilities.
-  Any existing alerts for these queries will be closed automatically.
-  * `actions/composite-action-sinks`
-  * `actions/composite-action-sources`
-  * `actions/composite-action-summaries`
-  * `actions/reusable-workflow-sinks`
-    (renamed from `actions/reusable-wokflow-sinks`)
-  * `actions/reusable-workflow-sources`
-  * `actions/reusable-workflow-summaries`
-
-### Bug Fixes
-
-* Assigned a `security-severity` to the query `actions/excessive-secrets-exposure`.

actions/ql/src/change-notes/released/0.6.1.md

@@ -1,3 +0,0 @@
-## 0.6.1
-
-No user-facing changes.

actions/ql/src/change-notes/released/0.6.2.md

@@ -1,5 +0,0 @@
-## 0.6.2
-
-### Minor Analysis Improvements
-
-* The query `actions/missing-workflow-permissions` is now aware of the minimal permissions needed for the actions `deploy-pages`, `delete-package-versions`, `ai-inference`. This should lead to better alert messages and better fix suggestions.

actions/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.2
+lastReleaseVersion: 0.5.4

actions/ql/src/codeql-suites/actions-code-quality.qls

@@ -1,3 +1 @@
-- queries: .
-- apply: code-quality-selectors.yml
-  from: codeql/suite-helpers
+[]

actions/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.2
+version: 0.5.5-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms10.yml

@@ -1,10 +0,0 @@
-on:
-  workflow_call:
-  workflow_dispatch:
-
-jobs:
-  build:
-    name: Build and test
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/ai-inference

actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms8.yml

@@ -1,10 +0,0 @@
-on:
-  workflow_call:
-  workflow_dispatch:
-
-jobs:
-  build:
-    name: Build and test
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/deploy-pages

actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms9.yml

@@ -1,10 +0,0 @@
-on:
-  workflow_call:
-  workflow_dispatch:
-
-jobs:
-  build:
-    name: Build and test
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/delete-package-versions

actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected

@@ -3,6 +3,3 @@
 | .github/workflows/perms5.yml:7:5:10:32 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read} |
 | .github/workflows/perms6.yml:7:5:11:39 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read, id-token: write, pages: write} |
 | .github/workflows/perms7.yml:7:5:10:38 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {} |
-| .github/workflows/perms8.yml:7:5:10:33 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {id-token: write, pages: write} |
-| .github/workflows/perms9.yml:7:5:10:44 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {packages: write} |
-| .github/workflows/perms10.yml:7:5:10:33 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read, models: read} |

config/annotate-overlay-local.py

@@ -0,0 +1,175 @@
+# This script is used to annotate .qll files with overlay[local?] annotations.
+# It will walk the directory tree and annotate most .qll files, skipping only
+# some specific cases (e.g., empty files, files that configure dataflow for queries).
+# It will also add overlay[caller] annotations to predicates that are pragma[inline]
+# and either not private or in a hardcoded list of predicates.
+
+# The script takes a list of languages and processes the corresponding directories.
+
+# Usage: python3 annotate-overlay-local.py <language1> <language2> ...
+
+# The script will modify the files in place and print the changes made.
+# The script is designed to be run from the root of the repository.
+
+#!/usr/bin/python3
+import sys
+import os
+from difflib import *
+
+# These are the only two predicates that are pragma[inline], private, and must be
+# overlay[caller] in order to successfully compile our internal java queries.
+hardcoded_overlay_caller_preds = [
+    "fwdFlowInCand", "fwdFlowInCandTypeFlowDisabled"]
+
+
+def filter_out_annotations(filename):
+    '''
+    Read the file and strip all existing overlay[...] annotations from the contents.
+    Return the file modified file content as a list of lines.
+    '''
+    overlays = ["local", "local?", "global", "caller"]
+    annotations = [f"overlay[{t}]" for t in overlays]
+    with open(filename, 'r') as file_in:
+        lines = [l for l in file_in if not l.strip() in annotations]
+    for ann in annotations:
+        if any(line for line in lines if ann in line):
+            raise Exception(f"Failed to filter out {ann} from {filename}.")
+    return lines
+
+
+def insert_toplevel_maybe_local_anntotation(filename, lines):
+    '''
+    Find a suitable place to insert an overlay[local?] annotation at the top of the file.
+    Return a pair: (string describing action taken, modified content as list of lines).
+    '''
+    out_lines = []
+    status = 0
+
+    for line in lines:
+        if status == 0 and line.rstrip().endswith("module;"):
+            out_lines.append("overlay[local?]\n")
+            status = 1
+        out_lines.append(line)
+
+    if status == 1:
+        return (f"Annotating \"{filename}\" via existing file-level module statement", out_lines)
+
+    out_lines = []
+    empty_line_buffer = []
+    status = 0
+    for line in lines:
+        trimmed = line.strip()
+        if not trimmed:
+            empty_line_buffer.append(line)
+            continue
+        if status <= 1 and trimmed.endswith("*/"):
+            status = 2
+        elif status == 0 and trimmed.startswith("/**"):
+            status = 1
+        elif status == 0 and not trimmed.startswith("/*"):
+            out_lines.append("overlay[local?]\n")
+            out_lines.append("module;\n")
+            out_lines.append("\n")
+            status = 3
+        elif status == 2 and (trimmed.startswith("import ") or trimmed.startswith("private import ")):
+            out_lines.append("overlay[local?]\n")
+            out_lines.append("module;\n")
+            status = 3
+        elif status == 2 and (trimmed.startswith("class ") or trimmed.startswith("predicate ")
+                              or trimmed.startswith("module ") or trimmed.startswith("signature ")):
+            out_lines = ["overlay[local?]\n", "module;\n", "\n"] + out_lines
+            status = 3
+        elif status == 2 and trimmed.startswith("/*"):
+            out_lines.append("overlay[local?]\n")
+            out_lines.append("module;\n")
+            status = 3
+        elif status == 2:
+            status = 4
+        if empty_line_buffer:
+            out_lines += empty_line_buffer
+            empty_line_buffer = []
+        out_lines.append(line)
+    if status == 3:
+        out_lines += empty_line_buffer
+
+    if status == 3:
+        return (f"Annotating \"{filename}\" after file-level module qldoc", out_lines)
+
+    raise Exception(f"Failed to annotate \"{filename}\" as overlay[local?].")
+
+
+def insert_overlay_caller_annotations(lines):
+    '''
+    Mark pragma[inline] predicates as overlay[caller] if they are not declared private
+    or if they are private but are in the list of hardcoded_overlay_caller_preds.
+    '''
+    out_lines = []
+    for i, line in enumerate(lines):
+        trimmed = line.strip()
+        if trimmed == "pragma[inline]":
+            if (not "private" in lines[i+1] or
+                    any(pred in lines[i+1] for pred in hardcoded_overlay_caller_preds)):
+                whitespace = line[0: line.find(trimmed)]
+                out_lines.append(f"{whitespace}overlay[caller]\n")
+        out_lines.append(line)
+    return out_lines
+
+
+def annotate_as_appropriate(filename):
+    '''
+    Read file and strip all existing overlay[...] annotations from the contents;
+    then insert new overlay[...] annotations according to heuristics.
+    Return a pair: (string describing action taken, modified content as list of lines).
+    '''
+    lines = filter_out_annotations(filename)
+    lines = insert_overlay_caller_annotations(lines)
+
+    # These simple heuristics filter out those .qll files that we no _not_ want to annotate
+    # as overlay[local?].  It is not clear that these heuristics are exactly what we want,
+    # but they seem to work well enough for now (as determined by speed and accuracy numbers).
+    if (filename.endswith("Test.qll") or
+        ((filename.endswith("Query.qll") or filename.endswith("Config.qll")) and
+         any("implements DataFlow::ConfigSig" in line for line in lines))):
+        return (f"Keeping \"{filename}\" global because it configures dataflow for a query", lines)
+    elif not any(line for line in lines if line.strip()):
+        return (f"Keeping \"{filename}\" global because it is empty", lines)
+
+    return insert_toplevel_maybe_local_anntotation(filename, lines)
+
+
+def process_single_file(filename):
+    '''
+    Process a single file, annotating it as appropriate and writing the changes back to the file.
+    '''
+    annotate_result = annotate_as_appropriate(filename)
+
+    old = [line for line in open(filename)]
+    new = annotate_result[1]
+
+    if old != new:
+        diff = context_diff(old, new, fromfile=filename, tofile=filename)
+        diff = [line for line in diff]
+        if diff:
+            print(annotate_result[0])
+            for line in diff:
+                print(line.rstrip())
+            with open(filename, "w") as out_file:
+                for line in new:
+                    out_file.write(line)
+
+
+dirs = []
+for lang in sys.argv[1:]:
+    if lang in ["cpp", "go", "csharp", "java", "javascript", "python", "ruby", "rust", "swift"]:
+        dirs.append(f"{lang}/ql/lib")
+    else:
+        raise Exception(f"Unknown language \"{lang}\".")
+
+if dirs:
+    dirs.append("shared")
+
+for roots in dirs:
+    for dirpath, dirnames, filenames in os.walk(roots):
+        for filename in filenames:
+            if filename.endswith(".qll") and not dirpath.endswith("tutorial"):
+                process_single_file(os.path.join(dirpath, filename))

cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/decltypes.ql

@@ -1,11 +0,0 @@
-class Type extends @type {
-  string toString() { none() }
-}
-
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-from Type decltype, Expr expr, Type basetype, boolean parentheses
-where decltypes(decltype, expr, _, basetype, parentheses)
-select decltype, expr, basetype, parentheses

cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/derivedtypes.ql

@@ -1,19 +0,0 @@
-class Type extends @type {
-  string toString() { none() }
-}
-
-predicate derivedType(Type type, string name, int kind, Type type_id) {
-  derivedtypes(type, name, kind, type_id)
-}
-
-predicate typeTransformation(Type type, string name, int kind, Type type_id) {
-  type_operators(type, _, _, type_id) and
-  name = "" and
-  kind = 3 // @type_with_specifiers
-}
-
-from Type type, string name, int kind, Type type_id
-where
-  derivedType(type, name, kind, type_id) or
-  typeTransformation(type, name, kind, type_id)
-select type, name, kind, type_id

cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/upgrade.properties

@@ -1,5 +0,0 @@
-description: Support C23 typeof and typeof_unqual
-compatibility: backwards
-decltypes.rel: run decltypes.qlo
-derivedtypes.rel: run derivedtypes.qlo
-type_operators.rel: delete

cpp/ql/integration-tests/header-variant-tests/clang-pch/a.c

@@ -1,2 +0,0 @@
-#include "a.h"
-#define FOUR 4

cpp/ql/integration-tests/header-variant-tests/clang-pch/c.c

@@ -1,3 +0,0 @@
-int main() {
-  return ONE + FOUR;
-}

cpp/ql/integration-tests/header-variant-tests/clang-pch/d.c

@@ -1 +0,0 @@
-#import "d.h"

cpp/ql/integration-tests/header-variant-tests/clang-pch/e.c

@@ -1,3 +0,0 @@
-int main() {
-  return SEVENTEEN;
-}

cpp/ql/integration-tests/header-variant-tests/clang-pch/f.c

@@ -1,5 +0,0 @@
-#if 1
-#pragma hdrstop
-extern int x;
-#define SEEN_F
-#endif

cpp/ql/integration-tests/header-variant-tests/clang-pch/g.c

@@ -1,5 +0,0 @@
-#ifdef SEEN_F
-static int g() {
-  return 20;
-}
-#endif

cpp/ql/integration-tests/header-variant-tests/clang-pch/h.c

@@ -1,4 +0,0 @@
-#include "h1.h"
-#pragma hdrstop
-#include "h2.h"
-#define SEEN_H

cpp/ql/integration-tests/header-variant-tests/clang-pch/test.py

@@ -1,17 +0,0 @@
-import os
-
-
-def test(codeql, cpp):
-    os.mkdir("pch")
-    extractor = cpp.get_tool("extractor")
-    codeql.database.create(command=[
-        f'"{extractor}" --mimic-clang -emit-pch -o pch/a.pch a.c',
-        f'"{extractor}" --mimic-clang -include-pch pch/a.pch -Iextra_dummy_path b.c',
-        f'"{extractor}" --mimic-clang -include pch/a -Iextra_dummy_path c.c',
-        f'"{extractor}" --mimic-clang -emit-pch -o pch/d.pch d.c',
-        f'"{extractor}" --mimic-clang -include-pch pch/d.pch e.c',
-        f'"{extractor}" --mimic-clang -emit-pch -o pch/f.pch f.c',
-        f'"{extractor}" --mimic-clang -include-pch pch/f.pch g.c',
-        f'"{extractor}" --mimic-clang -emit-pch -o pch/h.pch h.c',
-        f'"{extractor}" --mimic-clang -include-pch pch/h.pch i.c',
-    ])

cpp/ql/integration-tests/header-variant-tests/microsoft-pch/a.c

@@ -1 +0,0 @@
-#include "a.h"

cpp/ql/integration-tests/header-variant-tests/microsoft-pch/b.c

@@ -1,6 +0,0 @@
-#pragma hdrstop
-#include "b.h"
-
-int b() {
-  return A;
-}

cpp/ql/integration-tests/header-variant-tests/microsoft-pch/c.c

@@ -1,6 +0,0 @@
-#include "d.h"
-#include "c.h"
-
-int c() {
-  return A;
-}

cpp/ql/integration-tests/header-variant-tests/microsoft-pch/test.py

@@ -1,11 +0,0 @@
-import os
-
-
-def test(codeql, cpp):
-    os.mkdir("pch")
-    extractor = cpp.get_tool("extractor")
-    codeql.database.create(command=[
-        f'"{extractor}" --mimic-cl /Yca.h /Fppch/a.pch a.c',
-        f'"{extractor}" --mimic-cl /Yub.h /Fppch/a.pch b.c',
-        f'"{extractor}" --mimic-cl /Yuc.h /Fppch/a.pch c.c',
-    ])

cpp/ql/integration-tests/query-suite/cpp-code-quality.qls.expected

@@ -1 +0,0 @@
-

cpp/ql/integration-tests/query-suite/cpp-code-scanning.qls.expected

@@ -1,60 +0,0 @@
-ql/cpp/ql/src/Critical/DoubleFree.ql
-ql/cpp/ql/src/Critical/IncorrectCheckScanf.ql
-ql/cpp/ql/src/Critical/NewFreeMismatch.ql
-ql/cpp/ql/src/Critical/OverflowStatic.ql
-ql/cpp/ql/src/Critical/UseAfterFree.ql
-ql/cpp/ql/src/Diagnostics/ExtractedFiles.ql
-ql/cpp/ql/src/Diagnostics/ExtractionWarnings.ql
-ql/cpp/ql/src/Diagnostics/FailedExtractorInvocations.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
-ql/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql
-ql/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
-ql/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql
-ql/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql
-ql/cpp/ql/src/Likely Bugs/Underspecified Functions/TooFewArguments.ql
-ql/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql
-ql/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
-ql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
-ql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
-ql/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
-ql/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
-ql/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
-ql/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
-ql/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
-ql/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
-ql/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/UseOfStringAfterLifetimeEnds.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
-ql/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
-ql/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/DangerousFunctionOverflow.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/DangerousUseOfCin.ql
-ql/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/OpenCallMissingModeArgument.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
-ql/cpp/ql/src/Summary/LinesOfCode.ql
-ql/cpp/ql/src/Summary/LinesOfUserCode.ql
-ql/cpp/ql/src/Telemetry/CompilerErrors.ql
-ql/cpp/ql/src/Telemetry/DatabaseQuality.ql
-ql/cpp/ql/src/Telemetry/ExtractionMetrics.ql
-ql/cpp/ql/src/Telemetry/MissingIncludes.ql
-ql/cpp/ql/src/Telemetry/SucceededIncludes.ql

cpp/ql/integration-tests/query-suite/cpp-security-and-quality.qls.expected

@@ -1,181 +0,0 @@
-ql/cpp/ql/src/Best Practices/BlockWithTooManyStatements.ql
-ql/cpp/ql/src/Best Practices/ComplexCondition.ql
-ql/cpp/ql/src/Best Practices/Exceptions/AccidentalRethrow.ql
-ql/cpp/ql/src/Best Practices/Exceptions/CatchingByValue.ql
-ql/cpp/ql/src/Best Practices/Exceptions/LeakyCatch.ql
-ql/cpp/ql/src/Best Practices/Exceptions/ThrowingPointers.ql
-ql/cpp/ql/src/Best Practices/GuardedFree.ql
-ql/cpp/ql/src/Best Practices/Hiding/DeclarationHidesParameter.ql
-ql/cpp/ql/src/Best Practices/Hiding/DeclarationHidesVariable.ql
-ql/cpp/ql/src/Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql
-ql/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql
-ql/cpp/ql/src/Best Practices/Likely Errors/EmptyBlock.ql
-ql/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql
-ql/cpp/ql/src/Best Practices/Likely Errors/Slicing.ql
-ql/cpp/ql/src/Best Practices/RuleOfTwo.ql
-ql/cpp/ql/src/Best Practices/SloppyGlobal.ql
-ql/cpp/ql/src/Best Practices/SwitchLongCase.ql
-ql/cpp/ql/src/Best Practices/Unused Entities/UnusedLocals.ql
-ql/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticFunctions.ql
-ql/cpp/ql/src/Best Practices/Unused Entities/UnusedStaticVariables.ql
-ql/cpp/ql/src/Best Practices/UseOfGoto.ql
-ql/cpp/ql/src/Critical/DeadCodeGoto.ql
-ql/cpp/ql/src/Critical/DoubleFree.ql
-ql/cpp/ql/src/Critical/IncorrectCheckScanf.ql
-ql/cpp/ql/src/Critical/LargeParameter.ql
-ql/cpp/ql/src/Critical/MissingCheckScanf.ql
-ql/cpp/ql/src/Critical/NewArrayDeleteMismatch.ql
-ql/cpp/ql/src/Critical/NewDeleteArrayMismatch.ql
-ql/cpp/ql/src/Critical/NewFreeMismatch.ql
-ql/cpp/ql/src/Critical/OverflowStatic.ql
-ql/cpp/ql/src/Critical/SizeCheck.ql
-ql/cpp/ql/src/Critical/SizeCheck2.ql
-ql/cpp/ql/src/Critical/UseAfterFree.ql
-ql/cpp/ql/src/Diagnostics/ExtractedFiles.ql
-ql/cpp/ql/src/Diagnostics/ExtractionWarnings.ql
-ql/cpp/ql/src/Diagnostics/FailedExtractorInvocations.ql
-ql/cpp/ql/src/Documentation/CommentedOutCode.ql
-ql/cpp/ql/src/Documentation/FixmeComments.ql
-ql/cpp/ql/src/Documentation/UncommentedFunction.ql
-ql/cpp/ql/src/Header Cleanup/Cleanup-DuplicateIncludeGuard.ql
-ql/cpp/ql/src/Likely Bugs/AmbiguouslySignedBitField.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/BadCheckOdd.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/BitwiseSignCheck.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/ComparisonPrecedence.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/FloatComparison.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/PointlessComparison.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/PointlessSelfComparison.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/UnsignedGEZero.ql
-ql/cpp/ql/src/Likely Bugs/ContinueInFalseLoop.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/ArrayArgSizeMismatch.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/ImplicitDowncastFromBitfield.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/LossyFunctionResultCast.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/LossyPointerCast.ql
-ql/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
-ql/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql
-ql/cpp/ql/src/Likely Bugs/Format/TooManyFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/InconsistentCallOnResult.ql
-ql/cpp/ql/src/Likely Bugs/InconsistentCheckReturnNull.ql
-ql/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql
-ql/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
-ql/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/AssignWhereCompareMeant.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/CompareWhereAssignMeant.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/DubiousNullCheck.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/ExprHasNoEffect.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/FutileConditional.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/MissingEnumCaseInSwitch.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/ShortCircuitBitMask.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/inconsistentLoopDirection.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/ReturnCstrOfLocalStdString.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/StackAddressEscapes.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
-ql/cpp/ql/src/Likely Bugs/NestedLoopSameVar.ql
-ql/cpp/ql/src/Likely Bugs/OO/IncorrectConstructorDelegation.ql
-ql/cpp/ql/src/Likely Bugs/OO/NonVirtualDestructorInBaseClass.ql
-ql/cpp/ql/src/Likely Bugs/OO/ThrowInDestructor.ql
-ql/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql
-ql/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql
-ql/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql
-ql/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql
-ql/cpp/ql/src/Likely Bugs/ReturnConstType.ql
-ql/cpp/ql/src/Likely Bugs/ReturnConstTypeMember.ql
-ql/cpp/ql/src/Likely Bugs/Underspecified Functions/ImplicitFunctionDeclaration.ql
-ql/cpp/ql/src/Likely Bugs/Underspecified Functions/MistypedFunctionArguments.ql
-ql/cpp/ql/src/Likely Bugs/Underspecified Functions/TooFewArguments.ql
-ql/cpp/ql/src/Likely Bugs/Underspecified Functions/TooManyArguments.ql
-ql/cpp/ql/src/Likely Bugs/UseInOwnInitializer.ql
-ql/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql
-ql/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
-ql/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
-ql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
-ql/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql
-ql/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql
-ql/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
-ql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
-ql/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
-ql/cpp/ql/src/Security/CWE/CWE-193/InvalidPointerDeref.ql
-ql/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql
-ql/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
-ql/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql
-ql/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
-ql/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql
-ql/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
-ql/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
-ql/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
-ql/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
-ql/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/UseOfStringAfterLifetimeEnds.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
-ql/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
-ql/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
-ql/cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql
-ql/cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql
-ql/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/DangerousFunctionOverflow.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/DangerousUseOfCin.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
-ql/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/OpenCallMissingModeArgument.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
-ql/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql
-ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql
-ql/cpp/ql/src/Summary/LinesOfCode.ql
-ql/cpp/ql/src/Summary/LinesOfUserCode.ql
-ql/cpp/ql/src/Telemetry/CompilerErrors.ql
-ql/cpp/ql/src/Telemetry/DatabaseQuality.ql
-ql/cpp/ql/src/Telemetry/ExtractionMetrics.ql
-ql/cpp/ql/src/Telemetry/MissingIncludes.ql
-ql/cpp/ql/src/Telemetry/SucceededIncludes.ql
-ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 32.ql
-ql/cpp/ql/src/jsf/4.07 Header Files/AV Rule 35.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 71.1.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 79.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 82.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 88.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 89.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 95.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 97.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 107.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 114.ql
-ql/cpp/ql/src/jsf/4.16 Initialization/AV Rule 145.ql
-ql/cpp/ql/src/jsf/4.17 Types/AV Rule 148.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 166.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 196.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 197.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 201.ql

cpp/ql/integration-tests/query-suite/cpp-security-extended.qls.expected

@@ -1,97 +0,0 @@
-ql/cpp/ql/src/Best Practices/Likely Errors/CommaBeforeMisleadingIndentation.ql
-ql/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql
-ql/cpp/ql/src/Critical/DoubleFree.ql
-ql/cpp/ql/src/Critical/IncorrectCheckScanf.ql
-ql/cpp/ql/src/Critical/MissingCheckScanf.ql
-ql/cpp/ql/src/Critical/NewFreeMismatch.ql
-ql/cpp/ql/src/Critical/OverflowStatic.ql
-ql/cpp/ql/src/Critical/SizeCheck.ql
-ql/cpp/ql/src/Critical/SizeCheck2.ql
-ql/cpp/ql/src/Critical/UseAfterFree.ql
-ql/cpp/ql/src/Diagnostics/ExtractedFiles.ql
-ql/cpp/ql/src/Diagnostics/ExtractionWarnings.ql
-ql/cpp/ql/src/Diagnostics/FailedExtractorInvocations.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
-ql/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
-ql/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql
-ql/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
-ql/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql
-ql/cpp/ql/src/Likely Bugs/Protocols/TlsSettingsMisconfiguration.ql
-ql/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.ql
-ql/cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql
-ql/cpp/ql/src/Likely Bugs/Underspecified Functions/TooFewArguments.ql
-ql/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql
-ql/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
-ql/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
-ql/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
-ql/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql
-ql/cpp/ql/src/Security/CWE/CWE-119/OverrunWriteProductFlow.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql
-ql/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
-ql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
-ql/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
-ql/cpp/ql/src/Security/CWE/CWE-193/InvalidPointerDeref.ql
-ql/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql
-ql/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
-ql/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql
-ql/cpp/ql/src/Security/CWE/CWE-295/SSLResultNotChecked.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
-ql/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
-ql/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql
-ql/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
-ql/cpp/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
-ql/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
-ql/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
-ql/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/UseOfStringAfterLifetimeEnds.ql
-ql/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
-ql/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
-ql/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
-ql/cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql
-ql/cpp/ql/src/Security/CWE/CWE-570/IncorrectAllocationErrorHandling.ql
-ql/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/DangerousFunctionOverflow.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/DangerousUseOfCin.ql
-ql/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
-ql/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/OpenCallMissingModeArgument.ql
-ql/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
-ql/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql
-ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql
-ql/cpp/ql/src/Summary/LinesOfCode.ql
-ql/cpp/ql/src/Summary/LinesOfUserCode.ql
-ql/cpp/ql/src/Telemetry/CompilerErrors.ql
-ql/cpp/ql/src/Telemetry/DatabaseQuality.ql
-ql/cpp/ql/src/Telemetry/ExtractionMetrics.ql
-ql/cpp/ql/src/Telemetry/MissingIncludes.ql
-ql/cpp/ql/src/Telemetry/SucceededIncludes.ql

cpp/ql/integration-tests/query-suite/not_included_in_qls.expected

@@ -1,448 +0,0 @@
-ql/cpp/ql/src/AlertSuppression.ql
-ql/cpp/ql/src/Architecture/FeatureEnvy.ql
-ql/cpp/ql/src/Architecture/General Class-Level Information/ClassHierarchies.ql
-ql/cpp/ql/src/Architecture/General Class-Level Information/HubClasses.ql
-ql/cpp/ql/src/Architecture/General Class-Level Information/InheritanceDepthDistribution.ql
-ql/cpp/ql/src/Architecture/General Namespace-Level Information/CyclicNamespaces.ql
-ql/cpp/ql/src/Architecture/General Namespace-Level Information/GlobalNamespaceClasses.ql
-ql/cpp/ql/src/Architecture/General Namespace-Level Information/NamespaceDependencies.ql
-ql/cpp/ql/src/Architecture/General Top-Level Information/GeneralStatistics.ql
-ql/cpp/ql/src/Architecture/InappropriateIntimacy.ql
-ql/cpp/ql/src/Architecture/Refactoring Opportunities/ClassesWithManyDependencies.ql
-ql/cpp/ql/src/Architecture/Refactoring Opportunities/ClassesWithManyFields.ql
-ql/cpp/ql/src/Architecture/Refactoring Opportunities/ComplexFunctions.ql
-ql/cpp/ql/src/Architecture/Refactoring Opportunities/CyclomaticComplexity.ql
-ql/cpp/ql/src/Architecture/Refactoring Opportunities/FunctionsWithManyParameters.ql
-ql/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql
-ql/cpp/ql/src/Best Practices/Magic Constants/MagicConstantsNumbers.ql
-ql/cpp/ql/src/Best Practices/Magic Constants/MagicConstantsString.ql
-ql/cpp/ql/src/Best Practices/Magic Constants/MagicNumbersUseConstant.ql
-ql/cpp/ql/src/Best Practices/Magic Constants/MagicStringsUseConstant.ql
-ql/cpp/ql/src/Best Practices/NVI.ql
-ql/cpp/ql/src/Best Practices/NVIHub.ql
-ql/cpp/ql/src/Best Practices/RuleOfThree.ql
-ql/cpp/ql/src/Best Practices/Unused Entities/UnusedIncludes.ql
-ql/cpp/ql/src/Critical/DeadCodeCondition.ql
-ql/cpp/ql/src/Critical/DeadCodeFunction.ql
-ql/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql
-ql/cpp/ql/src/Critical/DescriptorNeverClosed.ql
-ql/cpp/ql/src/Critical/FileMayNotBeClosed.ql
-ql/cpp/ql/src/Critical/FileNeverClosed.ql
-ql/cpp/ql/src/Critical/GlobalUseBeforeInit.ql
-ql/cpp/ql/src/Critical/InconsistentNullnessTesting.ql
-ql/cpp/ql/src/Critical/InitialisationNotRun.ql
-ql/cpp/ql/src/Critical/LateNegativeTest.ql
-ql/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
-ql/cpp/ql/src/Critical/MemoryNeverFreed.ql
-ql/cpp/ql/src/Critical/MissingNegativityTest.ql
-ql/cpp/ql/src/Critical/MissingNullTest.ql
-ql/cpp/ql/src/Critical/NotInitialised.ql
-ql/cpp/ql/src/Critical/OverflowCalculated.ql
-ql/cpp/ql/src/Critical/OverflowDestination.ql
-ql/cpp/ql/src/Critical/ReturnStackAllocatedObject.ql
-ql/cpp/ql/src/Critical/ReturnValueIgnored.ql
-ql/cpp/ql/src/Critical/Unused.ql
-ql/cpp/ql/src/Diagnostics/Internal/ExtractionErrors.ql
-ql/cpp/ql/src/Documentation/DocumentApi.ql
-ql/cpp/ql/src/Documentation/TodoComments.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 03/ExitNonterminatingLoop.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 03/LoopBounds.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 04/Recursion.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 05/HeapMemory.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 07/ThreadSafety.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 09/AvoidNestedSemaphores.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 09/AvoidSemaphores.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 09/OutOfOrderLocks.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 09/ReleaseLocksWhenAcquired.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 11/SimpleControlFlowGoto.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 11/SimpleControlFlowJmp.ql
-ql/cpp/ql/src/JPL_C/LOC-2/Rule 12/EnumInitialization.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 13/ExternDeclsInHeader.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 13/LimitedScopeFile.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 13/LimitedScopeFunction.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 13/LimitedScopeLocalHidesGlobal.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 14/CheckingReturnValues.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 15/CheckingParameterValues.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 16/UseOfAssertionsConstant.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 16/UseOfAssertionsDensity.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 16/UseOfAssertionsNonBoolean.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 16/UseOfAssertionsSideEffect.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 17/BasicIntTypes.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 18/CompoundExpressions.ql
-ql/cpp/ql/src/JPL_C/LOC-3/Rule 19/NoBooleanSideEffects.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 20/PreprocessorUse.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 20/PreprocessorUseIfdef.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 20/PreprocessorUsePartial.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 20/PreprocessorUseUndisciplined.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 21/MacroInBlock.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 22/UseOfUndef.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 23/MismatchedIfdefs.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 24/MultipleStmtsPerLine.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 24/MultipleVarDeclsPerLine.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 25/FunctionSizeLimits.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 26/DeclarationPointerNesting.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 27/PointerDereferenceInStmt.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 28/HiddenPointerDereferenceMacro.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 28/HiddenPointerIndirectionTypedef.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 29/NonConstFunctionPointer.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 30/FunctionPointerConversions.ql
-ql/cpp/ql/src/JPL_C/LOC-4/Rule 31/IncludesFirst.ql
-ql/cpp/ql/src/Likely Bugs/Arithmetic/ComparisonWithCancelingSubExpr.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/ConversionChangesSign.ql
-ql/cpp/ql/src/Likely Bugs/Conversion/NonzeroValueCastToPointer.ql
-ql/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql
-ql/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql
-ql/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/BoolValueInBitOp.ql
-ql/cpp/ql/src/Likely Bugs/Likely Typos/LogicalExprCouldBeSimplified.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/Padding/More64BitWaste.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/Padding/NonPortablePrintf.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/Padding/Suboptimal64BitType.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/PotentialBufferOverflow.ql
-ql/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql
-ql/cpp/ql/src/Likely Bugs/OO/NonVirtualDestructor.ql
-ql/cpp/ql/src/Likely Bugs/OO/SelfAssignmentCheck.ql
-ql/cpp/ql/src/Likely Bugs/OO/VirtualCallInStructor.ql
-ql/cpp/ql/src/Likely Bugs/ShortLoopVarName.ql
-ql/cpp/ql/src/Metrics/Classes/CAfferentCoupling.ql
-ql/cpp/ql/src/Metrics/Classes/CEfferentCoupling.ql
-ql/cpp/ql/src/Metrics/Classes/CHalsteadBugs.ql
-ql/cpp/ql/src/Metrics/Classes/CHalsteadDifficulty.ql
-ql/cpp/ql/src/Metrics/Classes/CHalsteadEffort.ql
-ql/cpp/ql/src/Metrics/Classes/CHalsteadLength.ql
-ql/cpp/ql/src/Metrics/Classes/CHalsteadVocabulary.ql
-ql/cpp/ql/src/Metrics/Classes/CHalsteadVolume.ql
-ql/cpp/ql/src/Metrics/Classes/CInheritanceDepth.ql
-ql/cpp/ql/src/Metrics/Classes/CLackOfCohesionCK.ql
-ql/cpp/ql/src/Metrics/Classes/CLackOfCohesionHS.ql
-ql/cpp/ql/src/Metrics/Classes/CLinesOfCode.ql
-ql/cpp/ql/src/Metrics/Classes/CNumberOfFields.ql
-ql/cpp/ql/src/Metrics/Classes/CNumberOfFunctions.ql
-ql/cpp/ql/src/Metrics/Classes/CNumberOfStatements.ql
-ql/cpp/ql/src/Metrics/Classes/CPercentageOfComplexCode.ql
-ql/cpp/ql/src/Metrics/Classes/CResponse.ql
-ql/cpp/ql/src/Metrics/Classes/CSizeOfAPI.ql
-ql/cpp/ql/src/Metrics/Classes/CSpecialisation.ql
-ql/cpp/ql/src/Metrics/Dependencies/ExternalDependencies.ql
-ql/cpp/ql/src/Metrics/Dependencies/ExternalDependenciesSourceLinks.ql
-ql/cpp/ql/src/Metrics/External/FileCompilationDisplayStrings.ql
-ql/cpp/ql/src/Metrics/External/FileCompilationSourceLinks.ql
-ql/cpp/ql/src/Metrics/Files/AutogeneratedLOC.ql
-ql/cpp/ql/src/Metrics/Files/ConditionalSegmentConditions.ql
-ql/cpp/ql/src/Metrics/Files/ConditionalSegmentLines.ql
-ql/cpp/ql/src/Metrics/Files/FAfferentCoupling.ql
-ql/cpp/ql/src/Metrics/Files/FCommentRatio.ql
-ql/cpp/ql/src/Metrics/Files/FCyclomaticComplexity.ql
-ql/cpp/ql/src/Metrics/Files/FDirectIncludes.ql
-ql/cpp/ql/src/Metrics/Files/FEfferentCoupling.ql
-ql/cpp/ql/src/Metrics/Files/FHalsteadBugs.ql
-ql/cpp/ql/src/Metrics/Files/FHalsteadDifficulty.ql
-ql/cpp/ql/src/Metrics/Files/FHalsteadEffort.ql
-ql/cpp/ql/src/Metrics/Files/FHalsteadLength.ql
-ql/cpp/ql/src/Metrics/Files/FHalsteadVocabulary.ql
-ql/cpp/ql/src/Metrics/Files/FHalsteadVolume.ql
-ql/cpp/ql/src/Metrics/Files/FLines.ql
-ql/cpp/ql/src/Metrics/Files/FLinesOfCode.ql
-ql/cpp/ql/src/Metrics/Files/FLinesOfCommentedOutCode.ql
-ql/cpp/ql/src/Metrics/Files/FLinesOfComments.ql
-ql/cpp/ql/src/Metrics/Files/FMacroRatio.ql
-ql/cpp/ql/src/Metrics/Files/FNumberOfClasses.ql
-ql/cpp/ql/src/Metrics/Files/FNumberOfTests.ql
-ql/cpp/ql/src/Metrics/Files/FTimeInFrontend.ql
-ql/cpp/ql/src/Metrics/Files/FTodoComments.ql
-ql/cpp/ql/src/Metrics/Files/FTransitiveIncludes.ql
-ql/cpp/ql/src/Metrics/Files/FTransitiveSourceIncludes.ql
-ql/cpp/ql/src/Metrics/Files/FunctionLength.ql
-ql/cpp/ql/src/Metrics/Files/NumberOfFunctions.ql
-ql/cpp/ql/src/Metrics/Files/NumberOfGlobals.ql
-ql/cpp/ql/src/Metrics/Files/NumberOfParameters.ql
-ql/cpp/ql/src/Metrics/Files/NumberOfPublicFunctions.ql
-ql/cpp/ql/src/Metrics/Files/NumberOfPublicGlobals.ql
-ql/cpp/ql/src/Metrics/Functions/FunCyclomaticComplexity.ql
-ql/cpp/ql/src/Metrics/Functions/FunIterationNestingDepth.ql
-ql/cpp/ql/src/Metrics/Functions/FunLinesOfCode.ql
-ql/cpp/ql/src/Metrics/Functions/FunLinesOfComments.ql
-ql/cpp/ql/src/Metrics/Functions/FunNumberOfCalls.ql
-ql/cpp/ql/src/Metrics/Functions/FunNumberOfParameters.ql
-ql/cpp/ql/src/Metrics/Functions/FunNumberOfStatements.ql
-ql/cpp/ql/src/Metrics/Functions/FunPercentageOfComments.ql
-ql/cpp/ql/src/Metrics/Functions/StatementNestingDepth.ql
-ql/cpp/ql/src/Metrics/Internal/ASTConsistency.ql
-ql/cpp/ql/src/Metrics/Internal/CallableDisplayStrings.ql
-ql/cpp/ql/src/Metrics/Internal/CallableExtents.ql
-ql/cpp/ql/src/Metrics/Internal/CallableSourceLinks.ql
-ql/cpp/ql/src/Metrics/Internal/DiagnosticsSumElapsedTimes.ql
-ql/cpp/ql/src/Metrics/Internal/IRConsistency.ql
-ql/cpp/ql/src/Metrics/Internal/IncludeResolutionStatus.ql
-ql/cpp/ql/src/Metrics/Internal/ReftypeDisplayStrings.ql
-ql/cpp/ql/src/Metrics/Internal/ReftypeSourceLinks.ql
-ql/cpp/ql/src/Metrics/Namespaces/AbstractNamespaces.ql
-ql/cpp/ql/src/Metrics/Namespaces/ConcreteNamespaces.ql
-ql/cpp/ql/src/Metrics/Namespaces/HighAfferentCouplingNamespaces.ql
-ql/cpp/ql/src/Metrics/Namespaces/HighDistanceFromMainLineNamespaces.ql
-ql/cpp/ql/src/Metrics/Namespaces/HighEfferentCouplingNamespaces.ql
-ql/cpp/ql/src/Metrics/Namespaces/StableNamespaces.ql
-ql/cpp/ql/src/Metrics/Namespaces/UnstableNamespaces.ql
-ql/cpp/ql/src/Microsoft/CallWithNullSAL.ql
-ql/cpp/ql/src/Microsoft/IgnoreReturnValueSAL.ql
-ql/cpp/ql/src/Microsoft/InconsistentSAL.ql
-ql/cpp/ql/src/PointsTo/Debug.ql
-ql/cpp/ql/src/PointsTo/PreparedStagedPointsTo.ql
-ql/cpp/ql/src/PointsTo/Stats.ql
-ql/cpp/ql/src/PointsTo/TaintedFormatStrings.ql
-ql/cpp/ql/src/Power of 10/Rule 1/UseOfGoto.ql
-ql/cpp/ql/src/Power of 10/Rule 1/UseOfJmp.ql
-ql/cpp/ql/src/Power of 10/Rule 1/UseOfRecursion.ql
-ql/cpp/ql/src/Power of 10/Rule 2/BoundedLoopIterations.ql
-ql/cpp/ql/src/Power of 10/Rule 2/ExitPermanentLoop.ql
-ql/cpp/ql/src/Power of 10/Rule 3/DynamicAllocAfterInit.ql
-ql/cpp/ql/src/Power of 10/Rule 4/FunctionTooLong.ql
-ql/cpp/ql/src/Power of 10/Rule 4/OneStmtPerLine.ql
-ql/cpp/ql/src/Power of 10/Rule 5/AssertionDensity.ql
-ql/cpp/ql/src/Power of 10/Rule 5/AssertionSideEffect.ql
-ql/cpp/ql/src/Power of 10/Rule 5/ConstantAssertion.ql
-ql/cpp/ql/src/Power of 10/Rule 5/NonBooleanAssertion.ql
-ql/cpp/ql/src/Power of 10/Rule 6/GlobalCouldBeStatic.ql
-ql/cpp/ql/src/Power of 10/Rule 6/VariableScopeTooLarge.ql
-ql/cpp/ql/src/Power of 10/Rule 7/CheckArguments.ql
-ql/cpp/ql/src/Power of 10/Rule 7/CheckReturnValues.ql
-ql/cpp/ql/src/Power of 10/Rule 8/AvoidConditionalCompilation.ql
-ql/cpp/ql/src/Power of 10/Rule 8/PartialMacro.ql
-ql/cpp/ql/src/Power of 10/Rule 8/RestrictPreprocessor.ql
-ql/cpp/ql/src/Power of 10/Rule 8/UndisciplinedMacro.ql
-ql/cpp/ql/src/Power of 10/Rule 9/FunctionPointer.ql
-ql/cpp/ql/src/Power of 10/Rule 9/HiddenPointerIndirection.ql
-ql/cpp/ql/src/Power of 10/Rule 9/PointerNesting.ql
-ql/cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql
-ql/cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql
-ql/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql
-ql/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql
-ql/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
-ql/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
-ql/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
-ql/cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql
-ql/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingChar.ql
-ql/cpp/ql/src/Security/CWE/CWE-764/LockOrderCycle.ql
-ql/cpp/ql/src/Security/CWE/CWE-764/TwiceLocked.ql
-ql/cpp/ql/src/Security/CWE/CWE-764/UnreleasedLock.ql
-ql/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql
-ql/cpp/ql/src/definitions.ql
-ql/cpp/ql/src/experimental/Best Practices/UselessTest.ql
-ql/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql
-ql/cpp/ql/src/experimental/Likely Bugs/ArrayAccessProductFlow.ql
-ql/cpp/ql/src/experimental/Likely Bugs/DerefNullResult.ql
-ql/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-1240/CustomCryptographicPrimitive.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-285/PamAuthorization.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-295/CurlSSL.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-369/DivideByZeroUsingReturnValue.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-416/UseAfterExpiredLifetime.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql
-ql/cpp/ql/src/experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql
-ql/cpp/ql/src/experimental/cryptography/example_alerts/UnknownAsymmetricKeyGen.ql
-ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakAsymmetricKeyGen.ql
-ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakBlockMode.ql
-ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakEllipticCurve.ql
-ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakEncryption.ql
-ql/cpp/ql/src/experimental/cryptography/example_alerts/WeakHashes.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AllAsymmetricAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AllCryptoAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricEncryptionAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AsymmetricPaddingAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/AuthenticatedEncryptionAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeKnownIVsOrNonces.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/BlockModeUnknownIVsOrNonces.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithmSize.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/HashingAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/KeyExchangeAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/KnownAsymmetricKeyGeneration.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/SigningAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricEncryptionAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/SymmetricPaddingAlgorithms.ql
-ql/cpp/ql/src/experimental/cryptography/inventory/new_models/UnknownAsymmetricKeyGeneration.ql
-ql/cpp/ql/src/experimental/quantum/PrintCBOMGraph.ql
-ql/cpp/ql/src/external/examples/filters/BumpMetricBy10.ql
-ql/cpp/ql/src/external/examples/filters/EditDefectMessage.ql
-ql/cpp/ql/src/external/examples/filters/ExcludeGeneratedCode.ql
-ql/cpp/ql/src/filters/ClassifyFiles.ql
-ql/cpp/ql/src/jsf/3.02 Code Size and Complexity/AV Rule 1.ql
-ql/cpp/ql/src/jsf/3.02 Code Size and Complexity/AV Rule 2.ql
-ql/cpp/ql/src/jsf/3.02 Code Size and Complexity/AV Rule 3.ql
-ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 11.ql
-ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 12.ql
-ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 13.ql
-ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 14.ql
-ql/cpp/ql/src/jsf/4.04 Environment/AV Rule 9.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 17.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 18.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 19.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 20.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 21.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 22.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 23.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 24.ql
-ql/cpp/ql/src/jsf/4.05 Libraries/AV Rule 25.ql
-ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 26.ql
-ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 27.ql
-ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 28.ql
-ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 29.ql
-ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 30.ql
-ql/cpp/ql/src/jsf/4.06 Pre-Processing Directives/AV Rule 31.ql
-ql/cpp/ql/src/jsf/4.07 Header Files/AV Rule 33.ql
-ql/cpp/ql/src/jsf/4.07 Header Files/AV Rule 39.ql
-ql/cpp/ql/src/jsf/4.08 Implementation Files/AV Rule 40.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 41.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 42.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 43.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 44.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 45.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 46.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 47.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 48.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 49.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 50.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 51.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 52.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 53.1.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 53.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 54.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 57.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 58.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 59.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 60.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 61.ql
-ql/cpp/ql/src/jsf/4.09 Style/AV Rule 63.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 68.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 69.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 70.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 71.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 73.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 74.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 75.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 76.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 77.1.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 78.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 81.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 85.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 88.1.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 94.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 96.ql
-ql/cpp/ql/src/jsf/4.10 Classes/AV Rule 97.1.ql
-ql/cpp/ql/src/jsf/4.11 Namespaces/AV Rule 99.ql
-ql/cpp/ql/src/jsf/4.12 Templates/AV Rule 104.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 108.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 110.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 111.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 113.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 115.ql
-ql/cpp/ql/src/jsf/4.13 Functions/AV Rule 119.ql
-ql/cpp/ql/src/jsf/4.14 Comments/AV Rule 126.ql
-ql/cpp/ql/src/jsf/4.14 Comments/AV Rule 127.ql
-ql/cpp/ql/src/jsf/4.14 Comments/AV Rule 133.ql
-ql/cpp/ql/src/jsf/4.15 Declarations and Definitions/AV Rule 135.ql
-ql/cpp/ql/src/jsf/4.15 Declarations and Definitions/AV Rule 138.ql
-ql/cpp/ql/src/jsf/4.15 Declarations and Definitions/AV Rule 139.ql
-ql/cpp/ql/src/jsf/4.15 Declarations and Definitions/AV Rule 140.ql
-ql/cpp/ql/src/jsf/4.16 Initialization/AV Rule 142.ql
-ql/cpp/ql/src/jsf/4.16 Initialization/AV Rule 143.ql
-ql/cpp/ql/src/jsf/4.17 Types/AV Rule 147.ql
-ql/cpp/ql/src/jsf/4.18 Constants/AV Rule 149.ql
-ql/cpp/ql/src/jsf/4.18 Constants/AV Rule 150.ql
-ql/cpp/ql/src/jsf/4.18 Constants/AV Rule 151.1.ql
-ql/cpp/ql/src/jsf/4.18 Constants/AV Rule 151.ql
-ql/cpp/ql/src/jsf/4.19 Variables/AV Rule 152.ql
-ql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 153.ql
-ql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 154.ql
-ql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 155.ql
-ql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 156.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 157.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 158.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 159.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 160.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 162.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 163.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 164.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql
-ql/cpp/ql/src/jsf/4.21 Operators/AV Rule 168.ql
-ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 170.ql
-ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 171.ql
-ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 173.ql
-ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 175.ql
-ql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 176.ql
-ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 178.ql
-ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 179.ql
-ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 180.ql
-ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 181.ql
-ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 182.ql
-ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 184.ql
-ql/cpp/ql/src/jsf/4.23 Type Conversions/AV Rule 185.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 186.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 187.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 188.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 189.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 190.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 191.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 192.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 193.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 194.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 195.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 198.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 199.ql
-ql/cpp/ql/src/jsf/4.24 Control Flow Structures/AV Rule 200.ql
-ql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 202.ql
-ql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 204.1.ql
-ql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 204.ql
-ql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 205.ql
-ql/cpp/ql/src/jsf/4.26 Memory Allocation/AV Rule 206.ql
-ql/cpp/ql/src/jsf/4.26 Memory Allocation/AV Rule 207.ql
-ql/cpp/ql/src/jsf/4.27 Fault Handling/AV Rule 208.ql
-ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 209.ql
-ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 210.ql
-ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 212.ql
-ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 213.ql
-ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 214.ql
-ql/cpp/ql/src/jsf/4.28 Portable Code/AV Rule 215.ql
-ql/cpp/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql
-ql/cpp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
-ql/cpp/ql/src/utils/modelgenerator/CaptureSinkModels.ql
-ql/cpp/ql/src/utils/modelgenerator/CaptureSourceModels.ql
-ql/cpp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql

cpp/ql/integration-tests/query-suite/test.py

@@ -1,14 +0,0 @@
-import runs_on
-import pytest
-from query_suites import *
-
-well_known_query_suites = ['cpp-code-quality.qls', 'cpp-security-and-quality.qls', 'cpp-security-extended.qls', 'cpp-code-scanning.qls']
-
-@runs_on.posix
-@pytest.mark.parametrize("query_suite", well_known_query_suites)
-def test(codeql, cpp, check_query_suite, query_suite):
-    check_query_suite(query_suite)
-
-@runs_on.posix
-def test_not_included_queries(codeql, cpp, check_queries_not_included):
-    check_queries_not_included('cpp', well_known_query_suites)

cpp/ql/lib/CHANGELOG.md

@@ -1,42 +1,3 @@
-## 5.0.0
-
-### Breaking Changes
-
-* Deleted the deprecated `userInputArgument` predicate and its convenience accessor from the `Security.qll`.
-* Deleted the deprecated `userInputReturned` predicate and its convenience accessor from the `Security.qll`.
-* Deleted the deprecated `userInputReturn` predicate from the `Security.qll`.
-* Deleted the deprecated `isUserInput` predicate and its convenience accessor from the `Security.qll`.
-* Deleted the deprecated `userInputArgument` predicate from the `SecurityOptions.qll`.
-* Deleted the deprecated `userInputReturned` predicate from the `SecurityOptions.qll`.
-
-### New Features
-
-* Added local flow source models for `ReadFile`, `ReadFileEx`, `MapViewOfFile`, `MapViewOfFile2`, `MapViewOfFile3`, `MapViewOfFile3FromApp`, `MapViewOfFileEx`, `MapViewOfFileFromApp`, `MapViewOfFileNuma2`, and `NtReadFile`.
-* Added the `pCmdLine` arguments of `WinMain` and `wWinMain` as local flow sources.
-* Added source models for `GetCommandLineA`, `GetCommandLineW`, `GetEnvironmentStringsA`, `GetEnvironmentStringsW`, `GetEnvironmentVariableA`, and `GetEnvironmentVariableW`.
-* Added summary models for `CommandLineToArgvA` and `CommandLineToArgvW`.
-* Added support for `wmain` as part of the ArgvSource model.
-
-### Bug Fixes
-
-* Fixed a problem where `asExpr()` on `DataFlow::Node` would never return `ArrayAggregateLiteral`s.
-* Fixed a problem where `asExpr()` on `DataFlow::Node` would never return `ClassAggregateLiteral`s.
-
-## 4.3.1
-
-### Bug Fixes
-
-* Fixed an infinite loop in `semmle.code.cpp.rangeanalysis.new.RangeAnalysis` when computing ranges in very large and complex function bodies.
-
-## 4.3.0
-
-### New Features
-
-* New classes `TypeofType`, `TypeofExprType`, and `TypeofTypeType` were introduced, which represent the C23 `typeof` and `typeof_unqual` operators. The `TypeofExprType` class represents the variant taking an expression as its argument. The `TypeofTypeType` class represents the variant taking a type as its argument.
-* A new class `IntrinsicTransformedType` was introduced, which represents the type transforming intrinsics supported by clang, gcc, and MSVC.
-* Introduced `hasDesignator()` predicates to distinguish between designated and positional initializations for both struct/union fields and array elements.
-* Added the `isVla()` predicate to the `ArrayType` class. This allows queries to identify variable-length arrays (VLAs).
-
 ## 4.2.0
 
 ### New Features

cpp/ql/lib/change-notes/2025-04-14-variable-length-arrays.md

@@ -0,0 +1,4 @@
+---
+category: feature
+---
+* Added the `isVla()` predicate to the `ArrayType` class. This allows queries to identify variable-length arrays (VLAs).

cpp/ql/lib/change-notes/2025-04-15-field-array-designator.md

@@ -0,0 +1,4 @@
+---
+category: feature
+---
+* Introduced `hasDesignator()` predicates to distinguish between designated and positional initializations for both struct/union fields and array elements.

cpp/ql/lib/change-notes/released/4.3.0.md

@@ -1,8 +0,0 @@
-## 4.3.0
-
-### New Features
-
-* New classes `TypeofType`, `TypeofExprType`, and `TypeofTypeType` were introduced, which represent the C23 `typeof` and `typeof_unqual` operators. The `TypeofExprType` class represents the variant taking an expression as its argument. The `TypeofTypeType` class represents the variant taking a type as its argument.
-* A new class `IntrinsicTransformedType` was introduced, which represents the type transforming intrinsics supported by clang, gcc, and MSVC.
-* Introduced `hasDesignator()` predicates to distinguish between designated and positional initializations for both struct/union fields and array elements.
-* Added the `isVla()` predicate to the `ArrayType` class. This allows queries to identify variable-length arrays (VLAs).

cpp/ql/lib/change-notes/released/4.3.1.md

@@ -1,5 +0,0 @@
-## 4.3.1
-
-### Bug Fixes
-
-* Fixed an infinite loop in `semmle.code.cpp.rangeanalysis.new.RangeAnalysis` when computing ranges in very large and complex function bodies.

cpp/ql/lib/change-notes/released/5.0.0.md

@@ -1,23 +0,0 @@
-## 5.0.0
-
-### Breaking Changes
-
-* Deleted the deprecated `userInputArgument` predicate and its convenience accessor from the `Security.qll`.
-* Deleted the deprecated `userInputReturned` predicate and its convenience accessor from the `Security.qll`.
-* Deleted the deprecated `userInputReturn` predicate from the `Security.qll`.
-* Deleted the deprecated `isUserInput` predicate and its convenience accessor from the `Security.qll`.
-* Deleted the deprecated `userInputArgument` predicate from the `SecurityOptions.qll`.
-* Deleted the deprecated `userInputReturned` predicate from the `SecurityOptions.qll`.
-
-### New Features
-
-* Added local flow source models for `ReadFile`, `ReadFileEx`, `MapViewOfFile`, `MapViewOfFile2`, `MapViewOfFile3`, `MapViewOfFile3FromApp`, `MapViewOfFileEx`, `MapViewOfFileFromApp`, `MapViewOfFileNuma2`, and `NtReadFile`.
-* Added the `pCmdLine` arguments of `WinMain` and `wWinMain` as local flow sources.
-* Added source models for `GetCommandLineA`, `GetCommandLineW`, `GetEnvironmentStringsA`, `GetEnvironmentStringsW`, `GetEnvironmentVariableA`, and `GetEnvironmentVariableW`.
-* Added summary models for `CommandLineToArgvA` and `CommandLineToArgvW`.
-* Added support for `wmain` as part of the ArgvSource model.
-
-### Bug Fixes
-
-* Fixed a problem where `asExpr()` on `DataFlow::Node` would never return `ArrayAggregateLiteral`s.
-* Fixed a problem where `asExpr()` on `DataFlow::Node` would never return `ClassAggregateLiteral`s.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.0.0
+lastReleaseVersion: 4.2.0

cpp/ql/lib/experimental/quantum/Language.qll

@@ -1,129 +0,0 @@
-private import cpp as Language
-import semmle.code.cpp.dataflow.new.TaintTracking
-import codeql.quantum.experimental.Model
-private import OpenSSL.GenericSourceCandidateLiteral
-
-module CryptoInput implements InputSig<Language::Location> {
-  class DataFlowNode = DataFlow::Node;
-
-  class LocatableElement = Language::Locatable;
-
-  class UnknownLocation = Language::UnknownDefaultLocation;
-
-  LocatableElement dfn_to_element(DataFlow::Node node) {
-    result = node.asExpr() or
-    result = node.asParameter() or
-    result = node.asVariable()
-  }
-
-  string locationToFileBaseNameAndLineNumberString(Location location) {
-    result = location.getFile().getBaseName() + ":" + location.getStartLine()
-  }
-
-  predicate artifactOutputFlowsToGenericInput(
-    DataFlow::Node artifactOutput, DataFlow::Node otherInput
-  ) {
-    ArtifactFlow::flow(artifactOutput, otherInput)
-  }
-}
-
-module Crypto = CryptographyBase<Language::Location, CryptoInput>;
-
-module ArtifactFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    source = any(Crypto::ArtifactInstance artifact).getOutputNode()
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    sink = any(Crypto::FlowAwareElement other).getInputNode()
-  }
-
-  predicate isBarrierOut(DataFlow::Node node) {
-    node = any(Crypto::FlowAwareElement element).getInputNode()
-  }
-
-  predicate isBarrierIn(DataFlow::Node node) {
-    node = any(Crypto::FlowAwareElement element).getOutputNode()
-  }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node1.(AdditionalFlowInputStep).getOutput() = node2
-  }
-}
-
-module ArtifactFlow = DataFlow::Global<ArtifactFlowConfig>;
-
-/**
- * Artifact output to node input configuration
- */
-abstract class AdditionalFlowInputStep extends DataFlow::Node {
-  abstract DataFlow::Node getOutput();
-
-  final DataFlow::Node getInput() { result = this }
-}
-
-/**
- * Generic data source to node input configuration
- */
-module GenericDataSourceFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    source = any(Crypto::GenericSourceInstance i).getOutputNode()
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    sink = any(Crypto::FlowAwareElement other).getInputNode()
-  }
-
-  predicate isBarrierOut(DataFlow::Node node) {
-    node = any(Crypto::FlowAwareElement element).getInputNode()
-  }
-
-  predicate isBarrierIn(DataFlow::Node node) {
-    node = any(Crypto::FlowAwareElement element).getOutputNode()
-  }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node1.(AdditionalFlowInputStep).getOutput() = node2
-  }
-}
-
-module GenericDataSourceFlow = TaintTracking::Global<GenericDataSourceFlowConfig>;
-
-private class ConstantDataSource extends Crypto::GenericConstantSourceInstance instanceof Literal {
-  ConstantDataSource() { this instanceof OpenSSLGenericSourceCandidateLiteral }
-
-  override DataFlow::Node getOutputNode() { result.asExpr() = this }
-
-  override predicate flowsTo(Crypto::FlowAwareElement other) {
-    // TODO: separate config to avoid blowing up data-flow analysis
-    GenericDataSourceFlow::flow(this.getOutputNode(), other.getInputNode())
-  }
-
-  override string getAdditionalDescription() { result = this.toString() }
-}
-
-module ArtifactUniversalFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    source = any(Crypto::ArtifactInstance artifact).getOutputNode()
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    sink = any(Crypto::FlowAwareElement other).getInputNode()
-  }
-
-  predicate isBarrierOut(DataFlow::Node node) {
-    node = any(Crypto::FlowAwareElement element).getInputNode()
-  }
-
-  predicate isBarrierIn(DataFlow::Node node) {
-    node = any(Crypto::FlowAwareElement element).getOutputNode()
-  }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    node1.(AdditionalFlowInputStep).getOutput() = node2
-  }
-}
-
-module ArtifactUniversalFlow = DataFlow::Global<ArtifactUniversalFlowConfig>;
-
-import OpenSSL.OpenSSL

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll

@@ -1,173 +0,0 @@
-import cpp
-private import experimental.quantum.Language
-private import semmle.code.cpp.dataflow.new.DataFlow
-private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
-private import PaddingAlgorithmInstance
-
-/**
- * Traces 'known algorithms' to AVCs, specifically
- * algorithms that are in the set of known algorithm constants.
- * Padding-specific consumers exist that have their own values that
- * overlap with the known algorithm constants.
- * Padding consumers (specific padding consumers) are excluded from the set of sinks.
- */
-module KnownOpenSSLAlgorithmToAlgorithmValueConsumerConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    source.asExpr() instanceof KnownOpenSSLAlgorithmConstant
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    exists(OpenSSLAlgorithmValueConsumer c |
-      c.getInputNode() = sink and
-      // exclude padding algorithm consumers, since
-      // these consumers take in different constant values
-      // not in the typical "known algorithm" set
-      not c instanceof PaddingAlgorithmValueConsumer
-    )
-  }
-
-  predicate isBarrier(DataFlow::Node node) {
-    // False positive reducer, don't flow out through argv
-    exists(VariableAccess va, Variable v |
-      v.getAnAccess() = va and va = node.asExpr()
-      or
-      va = node.asIndirectExpr()
-    |
-      v.getName().matches("%argv")
-    )
-  }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    knownPassThroughStep(node1, node2)
-  }
-}
-
-module KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow =
-  DataFlow::Global<KnownOpenSSLAlgorithmToAlgorithmValueConsumerConfig>;
-
-module RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source.asExpr() instanceof OpenSSLPaddingLiteral }
-
-  predicate isSink(DataFlow::Node sink) {
-    exists(PaddingAlgorithmValueConsumer c | c.getInputNode() = sink)
-  }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    knownPassThroughStep(node1, node2)
-  }
-}
-
-module RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow =
-  DataFlow::Global<RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerConfig>;
-
-class OpenSSLAlgorithmAdditionalFlowStep extends AdditionalFlowInputStep {
-  OpenSSLAlgorithmAdditionalFlowStep() { exists(AlgorithmPassthroughCall c | c.getInNode() = this) }
-
-  override DataFlow::Node getOutput() {
-    exists(AlgorithmPassthroughCall c | c.getInNode() = this and c.getOutNode() = result)
-  }
-}
-
-abstract class AlgorithmPassthroughCall extends Call {
-  abstract DataFlow::Node getInNode();
-
-  abstract DataFlow::Node getOutNode();
-}
-
-class CopyAndDupAlgorithmPassthroughCall extends AlgorithmPassthroughCall {
-  DataFlow::Node inNode;
-  DataFlow::Node outNode;
-
-  CopyAndDupAlgorithmPassthroughCall() {
-    // Flow out through any return or other argument of the same type
-    // Assume flow in and out is asIndirectExpr or asDefinitingArgument since a pointer is assumed
-    // to be involved
-    // NOTE: not attempting to detect openssl specific copy/dup functions, but anything suspected to be copy/dup
-    this.getTarget().getName().toLowerCase().matches(["%_dup%", "%_copy%"]) and
-    exists(Expr inArg, Type t |
-      inArg = this.getAnArgument() and t = inArg.getUnspecifiedType().stripType()
-    |
-      inNode.asIndirectExpr() = inArg and
-      (
-        // Case 1: flow through another argument as an out arg of the same type
-        exists(Expr outArg |
-          outArg = this.getAnArgument() and
-          outArg != inArg and
-          outArg.getUnspecifiedType().stripType() = t
-        |
-          outNode.asDefiningArgument() = outArg
-        )
-        or
-        // Case 2: flow through the return value if the result is the same as the intput type
-        exists(Expr outArg | outArg = this and outArg.getUnspecifiedType().stripType() = t |
-          outNode.asIndirectExpr() = outArg
-        )
-      )
-    )
-  }
-
-  override DataFlow::Node getInNode() { result = inNode }
-
-  override DataFlow::Node getOutNode() { result = outNode }
-}
-
-class NIDToPointerPassthroughCall extends AlgorithmPassthroughCall {
-  DataFlow::Node inNode;
-  DataFlow::Node outNode;
-
-  NIDToPointerPassthroughCall() {
-    this.getTarget().getName() in ["OBJ_nid2obj", "OBJ_nid2ln", "OBJ_nid2sn"] and
-    inNode.asExpr() = this.getArgument(0) and
-    outNode.asExpr() = this
-    //outNode.asIndirectExpr() = this
-  }
-
-  override DataFlow::Node getInNode() { result = inNode }
-
-  override DataFlow::Node getOutNode() { result = outNode }
-}
-
-class PointerToPointerPassthroughCall extends AlgorithmPassthroughCall {
-  DataFlow::Node inNode;
-  DataFlow::Node outNode;
-
-  PointerToPointerPassthroughCall() {
-    this.getTarget().getName() = "OBJ_txt2obj" and
-    inNode.asIndirectExpr() = this.getArgument(0) and
-    outNode.asIndirectExpr() = this
-    or
-    //outNode.asExpr() = this
-    this.getTarget().getName() in ["OBJ_obj2txt", "i2t_ASN1_OBJECT"] and
-    inNode.asIndirectExpr() = this.getArgument(2) and
-    outNode.asDefiningArgument() = this.getArgument(0)
-  }
-
-  override DataFlow::Node getInNode() { result = inNode }
-
-  override DataFlow::Node getOutNode() { result = outNode }
-}
-
-class PointerToNIDPassthroughCall extends AlgorithmPassthroughCall {
-  DataFlow::Node inNode;
-  DataFlow::Node outNode;
-
-  PointerToNIDPassthroughCall() {
-    this.getTarget().getName() in ["OBJ_obj2nid", "OBJ_ln2nid", "OBJ_sn2nid", "OBJ_txt2nid"] and
-    (
-      inNode.asIndirectExpr() = this.getArgument(0)
-      or
-      inNode.asExpr() = this.getArgument(0)
-    ) and
-    outNode.asExpr() = this
-  }
-
-  override DataFlow::Node getInNode() { result = inNode }
-
-  override DataFlow::Node getOutNode() { result = outNode }
-}
-
-// TODO: pkeys pass through EVP_PKEY_CTX_new and any similar variant
-predicate knownPassThroughStep(DataFlow::Node node1, DataFlow::Node node2) {
-  exists(AlgorithmPassthroughCall c | c.getInNode() = node1 and c.getOutNode() = node2)
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/BlockAlgorithmInstance.qll

@@ -1,77 +0,0 @@
-import cpp
-private import experimental.quantum.Language
-private import OpenSSLAlgorithmInstanceBase
-private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
-private import AlgToAVCFlow
-
-/**
- * Given a `KnownOpenSSLBlockModeAlgorithmConstant`, converts this to a block family type.
- * Does not bind if there is no mapping (no mapping to 'unknown' or 'other').
- */
-predicate knownOpenSSLConstantToBlockModeFamilyType(
-  KnownOpenSSLBlockModeAlgorithmConstant e, Crypto::TBlockCipherModeOfOperationType type
-) {
-  exists(string name |
-    name = e.getNormalizedName() and
-    (
-      name.matches("CBC") and type instanceof Crypto::CBC
-      or
-      name.matches("CFB%") and type instanceof Crypto::CFB
-      or
-      name.matches("CTR") and type instanceof Crypto::CTR
-      or
-      name.matches("GCM") and type instanceof Crypto::GCM
-      or
-      name.matches("OFB") and type instanceof Crypto::OFB
-      or
-      name.matches("XTS") and type instanceof Crypto::XTS
-      or
-      name.matches("CCM") and type instanceof Crypto::CCM
-      or
-      name.matches("GCM") and type instanceof Crypto::GCM
-      or
-      name.matches("CCM") and type instanceof Crypto::CCM
-      or
-      name.matches("ECB") and type instanceof Crypto::ECB
-    )
-  )
-}
-
-class KnownOpenSSLBlockModeConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
-  Crypto::ModeOfOperationAlgorithmInstance instanceof KnownOpenSSLBlockModeAlgorithmConstant
-{
-  OpenSSLAlgorithmValueConsumer getterCall;
-
-  KnownOpenSSLBlockModeConstantAlgorithmInstance() {
-    // Two possibilities:
-    // 1) The source is a literal and flows to a getter, then we know we have an instance
-    // 2) The source is a KnownOpenSSLAlgorithm is call, and we know we have an instance immediately from that
-    // Possibility 1:
-    this instanceof Literal and
-    exists(DataFlow::Node src, DataFlow::Node sink |
-      // Sink is an argument to a CipherGetterCall
-      sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and
-      // Source is `this`
-      src.asExpr() = this and
-      // This traces to a getter
-      KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
-    )
-    or
-    // Possibility 2:
-    this instanceof DirectAlgorithmValueConsumer and getterCall = this
-  }
-
-  override Crypto::TBlockCipherModeOfOperationType getModeType() {
-    knownOpenSSLConstantToBlockModeFamilyType(this, result)
-    or
-    not knownOpenSSLConstantToBlockModeFamilyType(this, _) and result = Crypto::OtherMode()
-  }
-
-  // NOTE: I'm not going to attempt to parse out the mode specific part, so returning
-  // the same as the raw name for now.
-  override string getRawModeAlgorithmName() { result = this.(Literal).getValue().toString() }
-
-  override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll

@@ -1,124 +0,0 @@
-import cpp
-private import experimental.quantum.Language
-private import KnownAlgorithmConstants
-private import Crypto::KeyOpAlg as KeyOpAlg
-private import OpenSSLAlgorithmInstanceBase
-private import PaddingAlgorithmInstance
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
-private import AlgToAVCFlow
-private import BlockAlgorithmInstance
-
-/**
- * Given a `KnownOpenSSLCipherAlgorithmConstant`, converts this to a cipher family type.
- * Does not bind if there is no mapping (no mapping to 'unknown' or 'other').
- */
-predicate knownOpenSSLConstantToCipherFamilyType(
-  KnownOpenSSLCipherAlgorithmConstant e, Crypto::KeyOpAlg::TAlgorithm type
-) {
-  exists(string name |
-    name = e.getNormalizedName() and
-    (
-      name.matches("AES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::AES())
-      or
-      name.matches("ARIA%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::ARIA())
-      or
-      name.matches("BLOWFISH%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH())
-      or
-      name.matches("BF%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::BLOWFISH())
-      or
-      name.matches("CAMELLIA%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::CAMELLIA())
-      or
-      name.matches("CHACHA20%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::CHACHA20())
-      or
-      name.matches("CAST5%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::CAST5())
-      or
-      name.matches("2DES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DoubleDES())
-      or
-      name.matches("3DES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::TripleDES())
-      or
-      name.matches("DES%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DES())
-      or
-      name.matches("DESX%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DESX())
-      or
-      name.matches("GOST%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::GOST())
-      or
-      name.matches("IDEA%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::IDEA())
-      or
-      name.matches("KUZNYECHIK%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::KUZNYECHIK())
-      or
-      name.matches("MAGMA%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::MAGMA())
-      or
-      name.matches("RC2%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC2())
-      or
-      name.matches("RC4%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC4())
-      or
-      name.matches("RC5%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::RC5())
-      or
-      name.matches("RSA%") and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA())
-      or
-      name.matches("SEED%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::SEED())
-      or
-      name.matches("SM4%") and type = KeyOpAlg::TSymmetricCipher(KeyOpAlg::SM4())
-    )
-  )
-}
-
-class KnownOpenSSLCipherConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
-  Crypto::KeyOperationAlgorithmInstance instanceof KnownOpenSSLCipherAlgorithmConstant
-{
-  OpenSSLAlgorithmValueConsumer getterCall;
-
-  KnownOpenSSLCipherConstantAlgorithmInstance() {
-    // Two possibilities:
-    // 1) The source is a literal and flows to a getter, then we know we have an instance
-    // 2) The source is a KnownOpenSSLAlgorithm is call, and we know we have an instance immediately from that
-    // Possibility 1:
-    this instanceof Literal and
-    exists(DataFlow::Node src, DataFlow::Node sink |
-      // Sink is an argument to a CipherGetterCall
-      sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and
-      // Source is `this`
-      src.asExpr() = this and
-      // This traces to a getter
-      KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
-    )
-    or
-    // Possibility 2:
-    this instanceof DirectAlgorithmValueConsumer and getterCall = this
-  }
-
-  override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() {
-    // if there is a block mode associated with the same element, then that's the block mode
-    // note, if none are associated, we may need to parse if the cipher is a block cipher
-    // to determine if this is an unknown vs not relevant.
-    result = this
-  }
-
-  override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() {
-    //TODO: the padding is either self, or it flows through getter ctx to a set padding call
-    // like EVP_PKEY_CTX_set_rsa_padding
-    result = this
-    // TODO or trace through getter ctx to set padding
-  }
-
-  override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() }
-
-  override int getKeySizeFixed() {
-    this.(KnownOpenSSLCipherAlgorithmConstant).getExplicitKeySize() = result
-  }
-
-  override Crypto::KeyOpAlg::Algorithm getAlgorithmType() {
-    knownOpenSSLConstantToCipherFamilyType(this, result)
-    or
-    not knownOpenSSLConstantToCipherFamilyType(this, _) and
-    result = Crypto::KeyOpAlg::TUnknownKeyOperationAlgorithmType()
-  }
-
-  override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
-
-  override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() {
-    // TODO: trace to any key size initializer, symmetric and asymmetric
-    none()
-  }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll

@@ -1,49 +0,0 @@
-import cpp
-private import experimental.quantum.Language
-private import KnownAlgorithmConstants
-private import OpenSSLAlgorithmInstanceBase
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
-private import AlgToAVCFlow
-
-class KnownOpenSSLEllipticCurveConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
-  Crypto::EllipticCurveInstance instanceof KnownOpenSSLEllipticCurveAlgorithmConstant
-{
-  OpenSSLAlgorithmValueConsumer getterCall;
-
-  KnownOpenSSLEllipticCurveConstantAlgorithmInstance() {
-    // Two possibilities:
-    // 1) The source is a literal and flows to a getter, then we know we have an instance
-    // 2) The source is a KnownOpenSSLAlgorithm is call, and we know we have an instance immediately from that
-    // Possibility 1:
-    this instanceof Literal and
-    exists(DataFlow::Node src, DataFlow::Node sink |
-      // Sink is an argument to a CipherGetterCall
-      sink = getterCall.getInputNode() and
-      // Source is `this`
-      src.asExpr() = this and
-      // This traces to a getter
-      KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
-    )
-    or
-    // Possibility 2:
-    this instanceof DirectAlgorithmValueConsumer and getterCall = this
-  }
-
-  override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
-
-  override string getRawEllipticCurveName() { result = this.(Literal).getValue().toString() }
-
-  override Crypto::TEllipticCurveType getEllipticCurveType() {
-    Crypto::ellipticCurveNameToKeySizeAndFamilyMapping(this.getParsedEllipticCurveName(), _, result)
-  }
-
-  override string getParsedEllipticCurveName() {
-    result = this.(KnownOpenSSLEllipticCurveAlgorithmConstant).getNormalizedName()
-  }
-
-  override int getKeySize() {
-    Crypto::ellipticCurveNameToKeySizeAndFamilyMapping(this.(KnownOpenSSLEllipticCurveAlgorithmConstant)
-          .getNormalizedName(), result, _)
-  }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll

@@ -1,84 +0,0 @@
-import cpp
-private import experimental.quantum.Language
-private import KnownAlgorithmConstants
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
-private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
-private import AlgToAVCFlow
-
-predicate knownOpenSSLConstantToHashFamilyType(
-  KnownOpenSSLHashAlgorithmConstant e, Crypto::THashType type
-) {
-  exists(string name |
-    name = e.getNormalizedName() and
-    (
-      name.matches("BLAKE2B") and type instanceof Crypto::BLAKE2B
-      or
-      name.matches("BLAKE2S") and type instanceof Crypto::BLAKE2S
-      or
-      name.matches("GOST%") and type instanceof Crypto::GOSTHash
-      or
-      name.matches("MD2") and type instanceof Crypto::MD2
-      or
-      name.matches("MD4") and type instanceof Crypto::MD4
-      or
-      name.matches("MD5") and type instanceof Crypto::MD5
-      or
-      name.matches("MDC2") and type instanceof Crypto::MDC2
-      or
-      name.matches("POLY1305") and type instanceof Crypto::POLY1305
-      or
-      name.matches(["SHA", "SHA1"]) and type instanceof Crypto::SHA1
-      or
-      name.matches("SHA+%") and not name.matches(["SHA1", "SHA3-"]) and type instanceof Crypto::SHA2
-      or
-      name.matches("SHA3-%") and type instanceof Crypto::SHA3
-      or
-      name.matches(["SHAKE"]) and type instanceof Crypto::SHAKE
-      or
-      name.matches("SM3") and type instanceof Crypto::SM3
-      or
-      name.matches("RIPEMD160") and type instanceof Crypto::RIPEMD160
-      or
-      name.matches("WHIRLPOOL") and type instanceof Crypto::WHIRLPOOL
-    )
-  )
-}
-
-class KnownOpenSSLHashConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
-  Crypto::HashAlgorithmInstance instanceof KnownOpenSSLHashAlgorithmConstant
-{
-  OpenSSLAlgorithmValueConsumer getterCall;
-
-  KnownOpenSSLHashConstantAlgorithmInstance() {
-    // Two possibilities:
-    // 1) The source is a literal and flows to a getter, then we know we have an instance
-    // 2) The source is a KnownOpenSSLAlgorithm is call, and we know we have an instance immediately from that
-    // Possibility 1:
-    this instanceof Literal and
-    exists(DataFlow::Node src, DataFlow::Node sink |
-      // Sink is an argument to a CipherGetterCall
-      sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and
-      // Source is `this`
-      src.asExpr() = this and
-      // This traces to a getter
-      KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink)
-    )
-    or
-    // Possibility 2:
-    this instanceof DirectAlgorithmValueConsumer and getterCall = this
-  }
-
-  override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
-
-  override Crypto::THashType getHashFamily() {
-    knownOpenSSLConstantToHashFamilyType(this, result)
-    or
-    not knownOpenSSLConstantToHashFamilyType(this, _) and result = Crypto::OtherHashType()
-  }
-
-  override string getRawHashAlgorithmName() { result = this.(Literal).getValue().toString() }
-
-  override int getFixedDigestLength() {
-    this.(KnownOpenSSLHashAlgorithmConstant).getExplicitDigestLength() = result
-  }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/OpenSSLAlgorithmInstanceBase.qll

@@ -1,6 +0,0 @@
-private import experimental.quantum.Language
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
-
-abstract class OpenSSLAlgorithmInstance extends Crypto::AlgorithmInstance {
-  abstract OpenSSLAlgorithmValueConsumer getAVC();
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/OpenSSLAlgorithmInstances.qll

@@ -1,6 +0,0 @@
-import OpenSSLAlgorithmInstanceBase
-import CipherAlgorithmInstance
-import PaddingAlgorithmInstance
-import BlockAlgorithmInstance
-import HashAlgorithmInstance
-import EllipticCurveAlgorithmInstance

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll

@@ -1,174 +0,0 @@
-import cpp
-private import experimental.quantum.Language
-private import OpenSSLAlgorithmInstanceBase
-private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
-private import AlgToAVCFlow
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
-
-/**
- * A class to define padding specific integer values.
- * from rsa.h in openssl:
- *     # define RSA_PKCS1_PADDING          1
- *     # define RSA_NO_PADDING             3
- *     # define RSA_PKCS1_OAEP_PADDING     4
- *     # define RSA_X931_PADDING           5
- *     # define RSA_PKCS1_PSS_PADDING      6
- *     # define RSA_PKCS1_WITH_TLS_PADDING 7
- *     # define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
- */
-class OpenSSLPaddingLiteral extends Literal {
-  // TODO: we can be more specific about where the literal is in a larger expression
-  // to avoid literals that are clealy not representing an algorithm, e.g., array indices.
-  OpenSSLPaddingLiteral() { this.getValue().toInt() in [0, 1, 3, 4, 5, 6, 7, 8] }
-}
-
-/**
- * Given a `KnownOpenSSLPaddingAlgorithmConstant`, converts this to a padding family type.
- * Does not bind if there is no mapping (no mapping to 'unknown' or 'other').
- */
-predicate knownOpenSSLConstantToPaddingFamilyType(
-  KnownOpenSSLPaddingAlgorithmConstant e, Crypto::TPaddingType type
-) {
-  exists(string name |
-    name = e.getNormalizedName() and
-    (
-      name.matches("OAEP") and type = Crypto::OAEP()
-      or
-      name.matches("PSS") and type = Crypto::PSS()
-      or
-      name.matches("PKCS7") and type = Crypto::PKCS7()
-      or
-      name.matches("PKCS1V15") and type = Crypto::PKCS1_v1_5()
-    )
-  )
-}
-
-//abstract class OpenSSLPaddingAlgorithmInstance extends OpenSSLAlgorithmInstance, Crypto::PaddingAlgorithmInstance{}
-// TODO: need to alter this to include known padding constants which don't have the
-// same mechanics as those with known nids
-class KnownOpenSSLPaddingConstantAlgorithmInstance extends OpenSSLAlgorithmInstance,
-  Crypto::PaddingAlgorithmInstance instanceof Expr
-{
-  OpenSSLAlgorithmValueConsumer getterCall;
-  boolean isPaddingSpecificConsumer;
-
-  KnownOpenSSLPaddingConstantAlgorithmInstance() {
-    // three possibilities:
-    // 1) The source is a 'typical' literal and flows to a getter, then we know we have an instance
-    // 2) The source is a KnownOpenSSLAlgorithm is call, and we know we have an instance immediately from that
-    // 3) the source is a padding-specific literal flowing to a padding-specific consumer
-    // Possibility 1:
-    this instanceof Literal and
-    this instanceof KnownOpenSSLPaddingAlgorithmConstant and
-    exists(DataFlow::Node src, DataFlow::Node sink |
-      // Sink is an argument to a CipherGetterCall
-      sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and
-      // Source is `this`
-      src.asExpr() = this and
-      // This traces to a getter
-      KnownOpenSSLAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) and
-      isPaddingSpecificConsumer = false
-    )
-    or
-    // Possibility 2:
-    this instanceof DirectAlgorithmValueConsumer and
-    getterCall = this and
-    this instanceof KnownOpenSSLPaddingAlgorithmConstant and
-    isPaddingSpecificConsumer = false
-    or
-    // Possibility 3: padding-specific literal
-    this instanceof OpenSSLPaddingLiteral and
-    exists(DataFlow::Node src, DataFlow::Node sink |
-      // Sink is an argument to a CipherGetterCall
-      sink = getterCall.(OpenSSLAlgorithmValueConsumer).getInputNode() and
-      // Source is `this`
-      src.asExpr() = this and
-      // This traces to a padding-specific consumer
-      RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow::flow(src, sink)
-    ) and
-    isPaddingSpecificConsumer = true
-  }
-
-  override string getRawPaddingAlgorithmName() { result = this.(Literal).getValue().toString() }
-
-  override OpenSSLAlgorithmValueConsumer getAVC() { result = getterCall }
-
-  Crypto::TPaddingType getKnownPaddingType() {
-    this.(Literal).getValue().toInt() in [1, 7, 8] and result = Crypto::PKCS1_v1_5()
-    or
-    this.(Literal).getValue().toInt() = 3 and result = Crypto::NoPadding()
-    or
-    this.(Literal).getValue().toInt() = 4 and result = Crypto::OAEP()
-    or
-    this.(Literal).getValue().toInt() = 5 and result = Crypto::ANSI_X9_23()
-    or
-    this.(Literal).getValue().toInt() = 6 and result = Crypto::PSS()
-  }
-
-  override Crypto::TPaddingType getPaddingType() {
-    isPaddingSpecificConsumer = true and
-    (
-      result = this.getKnownPaddingType()
-      or
-      not exists(this.getKnownPaddingType()) and result = Crypto::OtherPadding()
-    )
-    or
-    isPaddingSpecificConsumer = false and
-    knownOpenSSLConstantToPaddingFamilyType(this, result)
-  }
-}
-
-// // Values used for EVP_PKEY_CTX_set_rsa_padding, these are
-// // not the same as 'typical' constants found in the set of known algorithm constants
-// // they do not have an NID
-// // TODO: what about setting the padding directly?
-// class KnownRSAPaddingConstant extends OpenSSLPaddingAlgorithmInstance, Crypto::PaddingAlgorithmInstance instanceof Literal
-// {
-//   KnownRSAPaddingConstant() {
-//     // from rsa.h in openssl:
-//     // # define RSA_PKCS1_PADDING          1
-//     // # define RSA_NO_PADDING             3
-//     // # define RSA_PKCS1_OAEP_PADDING     4
-//     // # define RSA_X931_PADDING           5
-//     // /* EVP_PKEY_ only */
-//     // # define RSA_PKCS1_PSS_PADDING      6
-//     // # define RSA_PKCS1_WITH_TLS_PADDING 7
-//     // /* internal RSA_ only */
-//     // # define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8
-//     this instanceof Literal and
-//     this.getValue().toInt() in [0, 1, 3, 4, 5, 6, 7, 8]
-//     // TODO: trace to padding-specific consumers
-//     RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow
-//   }
-//   override string getRawPaddingAlgorithmName() { result = this.(Literal).getValue().toString() }
-//   override Crypto::TPaddingType getPaddingType() {
-//     if this.(Literal).getValue().toInt() in [1, 6, 7, 8]
-//     then result = Crypto::PKCS1_v1_5()
-//     else
-//       if this.(Literal).getValue().toInt() = 3
-//       then result = Crypto::NoPadding()
-//       else
-//         if this.(Literal).getValue().toInt() = 4
-//         then result = Crypto::OAEP()
-//         else
-//           if this.(Literal).getValue().toInt() = 5
-//           then result = Crypto::ANSI_X9_23()
-//           else result = Crypto::OtherPadding()
-//   }
-// }
-class OAEPPaddingAlgorithmInstance extends Crypto::OAEPPaddingAlgorithmInstance,
-  KnownOpenSSLPaddingConstantAlgorithmInstance
-{
-  OAEPPaddingAlgorithmInstance() {
-    this.(Crypto::PaddingAlgorithmInstance).getPaddingType() = Crypto::OAEP()
-  }
-
-  override Crypto::HashAlgorithmInstance getOAEPEncodingHashAlgorithm() {
-    none() //TODO
-  }
-
-  override Crypto::HashAlgorithmInstance getMGF1HashAlgorithm() {
-    none() //TODO
-  }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/CipherAlgorithmValueConsumer.qll

@@ -1,37 +0,0 @@
-import cpp
-private import experimental.quantum.Language
-private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
-private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
-private import OpenSSLAlgorithmValueConsumerBase
-
-abstract class CipherAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
-
-// https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_fetch.html
-class EVPCipherAlgorithmValueConsumer extends CipherAlgorithmValueConsumer {
-  DataFlow::Node valueArgNode;
-  DataFlow::Node resultNode;
-
-  EVPCipherAlgorithmValueConsumer() {
-    resultNode.asExpr() = this and
-    (
-      this.(Call).getTarget().getName() in [
-          "EVP_get_cipherbyname", "EVP_get_cipherbyobj", "EVP_get_cipherbynid"
-        ] and
-      valueArgNode.asExpr() = this.(Call).getArgument(0)
-      or
-      this.(Call).getTarget().getName() in ["EVP_CIPHER_fetch", "EVP_ASYM_CIPHER_fetch"] and
-      valueArgNode.asExpr() = this.(Call).getArgument(1)
-    )
-  }
-
-  override DataFlow::Node getResultNode() { result = resultNode }
-
-  override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode }
-
-  // override DataFlow::Node getInputNode() { result = valueArgNode }
-  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
-    exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i)
-    //TODO: As a potential alternative, for OpenSSL only, add a generic source node for literals and only create flow (flowsTo) to
-    // OpenSSL AVCs... the unknown literal sources would have to be any literals not in the known set.
-  }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/DirectAlgorithmValueConsumer.qll

@@ -1,35 +0,0 @@
-import cpp
-private import experimental.quantum.Language
-private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
-
-/**
- * Cases like EVP_MD5(),
- * there is no input, rather it directly gets an algorithm
- * and returns it.
- */
-class DirectAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer {
-  DataFlow::Node resultNode;
-  Expr resultExpr;
-
-  DirectAlgorithmValueConsumer() {
-    this instanceof KnownOpenSSLAlgorithmConstant and
-    this instanceof Call and
-    resultExpr = this and
-    resultNode.asExpr() = resultExpr
-  }
-
-  /**
-   * These cases take in no explicit value (the value is implicit)
-   */
-  override Crypto::ConsumerInputDataFlowNode getInputNode() { none() }
-
-  override DataFlow::Node getResultNode() { result = resultNode }
-
-  //   override DataFlow::Node getOutputNode() { result = resultNode }
-  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
-    // Note: algorithm source definitions enforces that
-    // this class will be a known algorithm source
-    result = this
-  }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/EllipticCurveAlgorithmValueConsumer.qll

@@ -1,34 +0,0 @@
-import cpp
-private import experimental.quantum.Language
-private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
-private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
-
-abstract class EllipticCurveValueConsumer extends OpenSSLAlgorithmValueConsumer { }
-
-//https://docs.openssl.org/3.0/man3/EC_KEY_new/#name
-class EVPEllipticCurveAlgorithmConsumer extends EllipticCurveValueConsumer {
-  DataFlow::Node valueArgNode;
-  DataFlow::Node resultNode;
-
-  EVPEllipticCurveAlgorithmConsumer() {
-    resultNode.asExpr() = this.(Call) and // in all cases the result is the return
-    (
-      this.(Call).getTarget().getName() in ["EVP_EC_gen", "EC_KEY_new_by_curve_name"] and
-      valueArgNode.asExpr() = this.(Call).getArgument(0)
-      or
-      this.(Call).getTarget().getName() in [
-          "EC_KEY_new_by_curve_name_ex", "EVP_PKEY_CTX_set_ec_paramgen_curve_nid"
-        ] and
-      valueArgNode.asExpr() = this.(Call).getArgument(2)
-    )
-  }
-
-  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
-    exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i)
-  }
-
-  override DataFlow::Node getResultNode() { result = resultNode }
-
-  override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll

@@ -1,63 +0,0 @@
-import cpp
-private import experimental.quantum.Language
-private import semmle.code.cpp.dataflow.new.DataFlow
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
-private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
-private import experimental.quantum.OpenSSL.LibraryDetector
-
-abstract class HashAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
-
-/**
- * EVP_Q_Digest directly consumes algorithm constant values
- */
-class EVP_Q_Digest_Algorithm_Consumer extends OpenSSLAlgorithmValueConsumer {
-  EVP_Q_Digest_Algorithm_Consumer() {
-    isPossibleOpenSSLFunction(this.(Call).getTarget()) and
-    this.(Call).getTarget().getName() = "EVP_Q_digest"
-  }
-
-  override Crypto::ConsumerInputDataFlowNode getInputNode() {
-    result.asExpr() = this.(Call).getArgument(1)
-  }
-
-  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
-    exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i)
-  }
-
-  override DataFlow::Node getResultNode() {
-    // EVP_Q_Digest directly consumes the algorithm constant value and performs the operation, there is no
-    // algorithm result
-    none()
-  }
-}
-
-/**
- * The EVP digest algorithm getters
- * https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
- */
-class EVPDigestAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer {
-  DataFlow::Node valueArgNode;
-  DataFlow::Node resultNode;
-
-  EVPDigestAlgorithmValueConsumer() {
-    resultNode.asExpr() = this and
-    isPossibleOpenSSLFunction(this.(Call).getTarget()) and
-    (
-      this.(Call).getTarget().getName() in [
-          "EVP_get_digestbyname", "EVP_get_digestbynid", "EVP_get_digestbyobj"
-        ] and
-      valueArgNode.asExpr() = this.(Call).getArgument(0)
-      or
-      this.(Call).getTarget().getName() = "EVP_MD_fetch" and
-      valueArgNode.asExpr() = this.(Call).getArgument(1)
-    )
-  }
-
-  override DataFlow::Node getResultNode() { result = resultNode }
-
-  override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode }
-
-  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
-    exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i)
-  }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/OpenSSLAlgorithmValueConsumerBase.qll

@@ -1,8 +0,0 @@
-private import experimental.quantum.Language
-
-abstract class OpenSSLAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer instanceof Call {
-  /**
-   * Returns the node representing the resulting algorithm
-   */
-  abstract DataFlow::Node getResultNode();
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/OpenSSLAlgorithmValueConsumers.qll

@@ -1,7 +0,0 @@
-import OpenSSLAlgorithmValueConsumerBase
-import CipherAlgorithmValueConsumer
-import DirectAlgorithmValueConsumer
-import PaddingAlgorithmValueConsumer
-import HashAlgorithmValueConsumer
-import EllipticCurveAlgorithmValueConsumer
-import PKeyAlgorithmValueConsumer

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll

@@ -1,55 +0,0 @@
-import cpp
-private import experimental.quantum.Language
-private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase
-private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances
-
-abstract class PKeyValueConsumer extends OpenSSLAlgorithmValueConsumer { }
-
-class EVPPKeyAlgorithmConsumer extends PKeyValueConsumer {
-  DataFlow::Node valueArgNode;
-  DataFlow::Node resultNode;
-
-  EVPPKeyAlgorithmConsumer() {
-    resultNode.asExpr() = this.(Call) and // in all cases the result is the return
-    (
-      // NOTE: some of these consumers are themselves key gen operations,
-      // in these cases, the operation will be created separately for the same function.
-      this.(Call).getTarget().getName() in [
-          "EVP_PKEY_CTX_new_id", "EVP_PKEY_new_raw_private_key", "EVP_PKEY_new_raw_public_key",
-          "EVP_PKEY_new_mac_key"
-        ] and
-      valueArgNode.asExpr() = this.(Call).getArgument(0)
-      or
-      this.(Call).getTarget().getName() in [
-          "EVP_PKEY_CTX_new_from_name", "EVP_PKEY_new_raw_private_key_ex",
-          "EVP_PKEY_new_raw_public_key_ex", "EVP_PKEY_CTX_ctrl", "EVP_PKEY_CTX_set_group_name"
-        ] and
-      valueArgNode.asExpr() = this.(Call).getArgument(1)
-      or
-      // argInd 2 is 'type' which can be RSA, or EC
-      // if RSA argInd 3 is the key size, else if EC argInd 3 is the curve name
-      // In all other cases there is no argInd 3, and argInd 2 is the algorithm.
-      // Since this is a key gen operation, handling the key size should be handled
-      // when the operation is again modeled as a key gen operation.
-      this.(Call).getTarget().getName() = "EVP_PKEY_Q_keygen" and
-      (
-        // Elliptic curve case
-        // If the argInd 3 is a derived type (pointer or array) then assume it is a curve name
-        if this.(Call).getArgument(3).getType().getUnderlyingType() instanceof DerivedType
-        then valueArgNode.asExpr() = this.(Call).getArgument(3)
-        else
-          // All other cases
-          valueArgNode.asExpr() = this.(Call).getArgument(2)
-      )
-    )
-  }
-
-  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
-    exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i)
-  }
-
-  override DataFlow::Node getResultNode() { result = resultNode }
-
-  override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll

@@ -1,32 +0,0 @@
-import cpp
-private import experimental.quantum.Language
-private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants
-private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase
-private import OpenSSLAlgorithmValueConsumerBase
-
-abstract class PaddingAlgorithmValueConsumer extends OpenSSLAlgorithmValueConsumer { }
-
-// https://docs.openssl.org/master/man7/EVP_ASYM_CIPHER-RSA/#rsa-asymmetric-cipher-parameters
-// TODO: need to handle setting padding through EVP_PKEY_CTX_set_params, where modes like "OSSL_PKEY_RSA_PAD_MODE_OAEP"
-// are set.
-class EVP_PKEY_CTX_set_rsa_padding_AlgorithmValueConsumer extends PaddingAlgorithmValueConsumer {
-  DataFlow::Node valueArgNode;
-  DataFlow::Node resultNode;
-
-  EVP_PKEY_CTX_set_rsa_padding_AlgorithmValueConsumer() {
-    resultNode.asExpr() = this and
-    this.(Call).getTarget().getName() = "EVP_PKEY_CTX_set_rsa_padding" and
-    valueArgNode.asExpr() = this.(Call).getArgument(1)
-  }
-
-  override DataFlow::Node getResultNode() { result = resultNode }
-
-  override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode }
-
-  // override DataFlow::Node getInputNode() { result = valueArgNode }
-  override Crypto::AlgorithmInstance getAKnownAlgorithmSource() {
-    exists(OpenSSLAlgorithmInstance i | i.getAVC() = this and result = i)
-    //TODO: As a potential alternative, for OpenSSL only, add a generic source node for literals and only create flow (flowsTo) to
-    // OpenSSL AVCs... the unknown literal sources would have to be any literals not in the known set.
-  }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/CtxFlow.qll

@@ -1,127 +0,0 @@
-//TODO: model as data on open APIs should be able to get common flows, and obviate some of this
-// e.g., copy/dup calls, need to ingest those models for openSSL and refactor.
-/**
- * In OpenSSL, flow between 'context' parameters is often used to
- * store state/config of how an operation will eventually be performed.
- * Tracing algorithms and configurations to operations therefore
- * requires tracing context parameters for many OpenSSL apis.
- *
- * This library provides a dataflow analysis to track context parameters
- * between any two functions accepting openssl context parameters.
- * The dataflow takes into consideration flowing through duplication and copy calls
- * as well as flow through flow killers (free/reset calls).
- *
- * TODO: we may need to revisit 'free' as a dataflow killer, depending on how
- * we want to model use after frees.
- *
- * This library also provides classes to represent context Types and relevant
- * arguments/expressions.
- */
-
-import semmle.code.cpp.dataflow.new.DataFlow
-
-/**
- * An openSSL CTX type, which is type for which the stripped underlying type
- * matches the pattern 'evp_%ctx_%st'.
- * This includes types like:
- * - EVP_CIPHER_CTX
- * - EVP_MD_CTX
- * - EVP_PKEY_CTX
- */
-private class CtxType extends Type {
-  CtxType() { this.getUnspecifiedType().stripType().getName().matches("evp_%ctx_%st") }
-}
-
-/**
- * A pointer to a CtxType
- */
-private class CtxPointerExpr extends Expr {
-  CtxPointerExpr() {
-    this.getType() instanceof CtxType and
-    this.getType() instanceof PointerType
-  }
-}
-
-/**
- * A call argument of type CtxPointerExpr.
- */
-private class CtxPointerArgument extends CtxPointerExpr {
-  CtxPointerArgument() { exists(Call c | c.getAnArgument() = this) }
-
-  Call getCall() { result.getAnArgument() = this }
-}
-
-/**
- * A call whose target contains 'free' or 'reset' and has an argument of type
- * CtxPointerArgument.
- */
-private class CtxClearCall extends Call {
-  CtxClearCall() {
-    this.getTarget().getName().toLowerCase().matches(["%free%", "%reset%"]) and
-    this.getAnArgument() instanceof CtxPointerArgument
-  }
-}
-
-/**
- * A call whose target contains 'copy' and has an argument of type
- * CtxPointerArgument.
- */
-private class CtxCopyOutArgCall extends Call {
-  CtxCopyOutArgCall() {
-    this.getTarget().getName().toLowerCase().matches("%copy%") and
-    this.getAnArgument() instanceof CtxPointerArgument
-  }
-}
-
-/**
- * A call whose target contains 'dup' and has an argument of type
- * CtxPointerArgument.
- */
-private class CtxCopyReturnCall extends Call, CtxPointerExpr {
-  CtxCopyReturnCall() {
-    this.getTarget().getName().toLowerCase().matches("%dup%") and
-    this.getAnArgument() instanceof CtxPointerArgument
-  }
-}
-
-/**
- * Flow from any CtxPointerArgument to any other CtxPointerArgument
- */
-module OpenSSLCtxArgumentFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CtxPointerArgument }
-
-  predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof CtxPointerArgument }
-
-  predicate isBarrier(DataFlow::Node node) {
-    exists(CtxClearCall c | c.getAnArgument() = node.asExpr())
-  }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    exists(CtxCopyOutArgCall c |
-      c.getAnArgument() = node1.asExpr() and
-      c.getAnArgument() = node2.asExpr() and
-      node1.asExpr() != node2.asExpr() and
-      node2.asExpr().getType() instanceof CtxType
-    )
-    or
-    exists(CtxCopyReturnCall c |
-      c.getAnArgument() = node1.asExpr() and
-      c = node2.asExpr() and
-      node1.asExpr() != node2.asExpr() and
-      node2.asExpr().getType() instanceof CtxType
-    )
-  }
-}
-
-module OpenSSLCtxArgumentFlow = DataFlow::Global<OpenSSLCtxArgumentFlowConfig>;
-
-/**
- * Holds if there is a context flow from the source to the sink.
- */
-predicate ctxArgFlowsToCtxArg(CtxPointerArgument source, CtxPointerArgument sink) {
-  exists(DataFlow::Node a, DataFlow::Node b |
-    OpenSSLCtxArgumentFlow::flow(a, b) and
-    a.asExpr() = source and
-    b.asExpr() = sink
-  )
-}

cpp/ql/lib/experimental/quantum/OpenSSL/GenericSourceCandidateLiteral.qll

@@ -1,122 +0,0 @@
-import cpp
-private import semmle.code.cpp.models.Models
-private import semmle.code.cpp.models.interfaces.FormattingFunction
-
-private class IntLiteral extends Literal {
-  IntLiteral() {
-    //Heuristics for distinguishing int literals from other literals
-    exists(this.getValue().toInt()) and
-    not this instanceof CharLiteral and
-    not this instanceof StringLiteral
-  }
-}
-
-/**
- * Holds if a StringLiteral could conceivably be used in some way for cryptography.
- * Note: this predicate should only consider restrictions with respect to strings only.
- * General restrictions are in the OpenSSLGenericSourceCandidateLiteral class.
- */
-private predicate isOpenSSLStringLiteralGenericSourceCandidate(StringLiteral s) {
-  // 'EC' is a constant that may be used where typical algorithms are specified,
-  // but EC specifically means set up a default curve container, that will later be
-  //specified explicitly (or if not a default) curve is used.
-  s.getValue() != "EC" and
-  // Ignore empty strings
-  s.getValue() != "" and
-  // Filter out strings with "%", to filter out format strings
-  not s.getValue().matches("%\\%%") and
-  // Filter out strings in brackets or braces (commonly seen strings not relevant for crypto)
-  not s.getValue().matches(["[%]", "(%)"]) and
-  // Filter out all strings of length 1, since these are not algorithm names
-  // NOTE/ASSUMPTION: If a user legitimately passes a string of length 1 to some configuration
-  // we will assume this is generally unknown. We may need to reassess this in the future.
-  s.getValue().length() > 1 and
-  // Ignore all strings that are in format string calls outputing to a stream (e.g., stdout)
-  not exists(FormattingFunctionCall f |
-    exists(f.getOutputArgument(true)) and s = f.(Call).getAnArgument()
-  ) and
-  // Ignore all format string calls where there is no known out param (resulting string)
-  // i.e., ignore printf, since it will just output a string and not produce a new string
-  not exists(FormattingFunctionCall f |
-    // Note: using two ways of determining if there is an out param, since I'm not sure
-    // which way is canonical
-    not exists(f.getOutputArgument(false)) and
-    not f.getTarget().hasTaintFlow(_, _) and
-    f.(Call).getAnArgument() = s
-  )
-}
-
-/**
- * Holds if a StringLiteral could conceivably be used in some way for cryptography.
- * Note: this predicate should only consider restrictions with respect to integers only.
- * General restrictions are in the OpenSSLGenericSourceCandidateLiteral class.
- */
-private predicate isOpenSSLIntLiteralGenericSourceCandidate(IntLiteral l) {
-  // Ignore integer values of 0, commonly referring to NULL only (no known algorithm 0)
-  l.getValue().toInt() != 0 and
-  // ASSUMPTION, no negative numbers are allowed
-  // RATIONALE: this is a performance improvement to avoid having to trace every number
-  not exists(UnaryMinusExpr u | u.getOperand() = l) and
-  //  OPENSSL has a special macro for getting every line, ignore it
-  not exists(MacroInvocation mi | mi.getExpr() = l and mi.getMacroName() = "OPENSSL_LINE") and
-  // Filter out cases where an int is returned into a pointer, e.g., return NULL;
-  not exists(ReturnStmt r |
-    r.getExpr() = l and
-    r.getEnclosingFunction().getType().getUnspecifiedType() instanceof DerivedType
-  ) and
-  // A literal as an array index should not be relevant for crypo
-  not exists(ArrayExpr op | op.getArrayOffset() = l) and
-  // A literal used in a bitwise should not be relevant for crypto
-  not exists(BinaryBitwiseOperation op | op.getAnOperand() = l) and
-  not exists(AssignBitwiseOperation op | op.getAnOperand() = l) and
-  //Filter out cases where an int is assigned or initialized into a pointer, e.g., char* x = NULL;
-  not exists(Assignment a |
-    a.getRValue() = l and
-    a.getLValue().getType().getUnspecifiedType() instanceof DerivedType
-  ) and
-  not exists(Initializer i |
-    i.getExpr() = l and
-    i.getDeclaration().getADeclarationEntry().getUnspecifiedType() instanceof DerivedType
-  ) and
-  // Filter out cases where the literal is used in any kind of arithmetic operation
-  not exists(BinaryArithmeticOperation op | op.getAnOperand() = l) and
-  not exists(UnaryArithmeticOperation op | op.getOperand() = l) and
-  not exists(AssignArithmeticOperation op | op.getAnOperand() = l) and
-  // If a literal has no parent ignore it, this is a workaround for the current inability
-  // to find a literal in an array declaration: int x[100];
-  // NOTE/ASSUMPTION: this value might actually be relevant for finding hard coded sizes
-  // consider size as inferred through the allocation of a buffer.
-  // In these cases, we advise that the source is not generic and must be traced explicitly.
-  exists(l.getParent())
-}
-
-/**
- * Any literal that may be conceivably be used in some way for cryptography.
- * The set of all literals is restricted by this class to cases where there is higher
- * plausibility that the literal could be used as a source of configuration.
- * Literals are filtered, for example, if they are used in a way no indicative of an algorithm use
- * such as in an array index, bitwise operation, or logical operation.
- * Note a case like this:
- *      if(algVal == "AES")
- *
- * "AES" may be a legitimate algorithm literal, but the literal will not be used for an operation directly
- * since it is in a equality comparison, hence this case would also be filtered.
- */
-class OpenSSLGenericSourceCandidateLiteral extends Literal {
-  OpenSSLGenericSourceCandidateLiteral() {
-    (
-      isOpenSSLIntLiteralGenericSourceCandidate(this) or
-      isOpenSSLStringLiteralGenericSourceCandidate(this)
-    ) and
-    // ********* General filters beyond what is filtered for strings and ints *********
-    // An algorithm literal in a switch case will not be directly applied to an operation.
-    not exists(SwitchCase sc | sc.getExpr() = this) and
-    // A literal in a logical operation may be an algorithm, but not a candidate
-    // for the purposes of finding applied algorithms
-    not exists(BinaryLogicalOperation op | op.getAnOperand() = this) and
-    not exists(UnaryLogicalOperation op | op.getOperand() = this) and
-    // A literal in a comparison operation may be an algorithm, but not a candidate
-    // for the purposes of finding applied algorithms
-    not exists(ComparisonOperation op | op.getAnOperand() = this)
-  }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/LibraryDetector.qll

@@ -1,7 +0,0 @@
-import cpp
-
-predicate isPossibleOpenSSLFunction(Function f) {
-  isPossibleOpenSSLLocation(f.getADeclarationLocation())
-}
-
-predicate isPossibleOpenSSLLocation(Location l) { l.toString().toLowerCase().matches("%openssl%") }

cpp/ql/lib/experimental/quantum/OpenSSL/OpenSSL.qll

@@ -1,7 +0,0 @@
-module OpenSSLModel {
-  import AlgorithmInstances.OpenSSLAlgorithmInstances
-  import AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
-  import Operations.OpenSSLOperations
-  import Random
-  import GenericSourceCandidateLiteral
-}

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/ECKeyGenOperation.qll

@@ -1,61 +0,0 @@
-private import experimental.quantum.Language
-private import experimental.quantum.OpenSSL.CtxFlow as CTXFlow
-private import OpenSSLOperationBase
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
-private import semmle.code.cpp.dataflow.new.DataFlow
-
-private module AlgGetterToAlgConsumerConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    exists(OpenSSLAlgorithmValueConsumer c | c.getResultNode() = source)
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    exists(ECKeyGenOperation c | c.getAlgorithmArg() = sink.asExpr())
-  }
-}
-
-private module AlgGetterToAlgConsumerFlow = DataFlow::Global<AlgGetterToAlgConsumerConfig>;
-
-class ECKeyGenOperation extends OpenSSLOperation, Crypto::KeyGenerationOperationInstance {
-  ECKeyGenOperation() { this.(Call).getTarget().getName() = "EC_KEY_generate_key" }
-
-  override Expr getOutputArg() {
-    result = this.(Call) // return value of call
-  }
-
-  Expr getAlgorithmArg() { result = this.(Call).getArgument(0) }
-
-  override Expr getInputArg() {
-    // there is no 'input', in the sense that no data is being manipulated by the operation.
-    // There is an input of an algorithm, but that is not the intention of the operation input arg.
-    none()
-  }
-
-  override Crypto::KeyArtifactType getOutputKeyType() { result = Crypto::TAsymmetricKeyType() }
-
-  override Crypto::ArtifactOutputDataFlowNode getOutputKeyArtifact() {
-    result = this.getOutputNode()
-  }
-
-  override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
-    AlgGetterToAlgConsumerFlow::flow(result.(OpenSSLAlgorithmValueConsumer).getResultNode(),
-      DataFlow::exprNode(this.getAlgorithmArg()))
-  }
-
-  override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() {
-    none() // no explicit key size, inferred from algorithm
-  }
-
-  override int getKeySizeFixed() {
-    none()
-    // TODO: marked as none as the operation itself has no key size, it
-    // comes from the algorithm source, but note we could grab the
-    // algorithm source and get the key size (see below).
-    // We may need to reconsider what is the best approach here.
-    // result =
-    //   this.getAnAlgorithmValueConsumer()
-    //       .getAKnownAlgorithmSource()
-    //       .(Crypto::EllipticCurveInstance)
-    //       .getKeySize()
-  }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherInitializer.qll

@@ -1,123 +0,0 @@
-/**
- * see: https://docs.openssl.org/master/man3/EVP_EncryptInit/
- * Models cipher initialization for EVP cipher operations.
- */
-
-private import experimental.quantum.Language
-private import experimental.quantum.OpenSSL.CtxFlow as CTXFlow
-
-module EncValToInitEncArgConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source.asExpr().getValue().toInt() in [0, 1] }
-
-  predicate isSink(DataFlow::Node sink) {
-    exists(EVP_Cipher_Initializer initCall | sink.asExpr() = initCall.getOperationSubtypeArg())
-  }
-}
-
-module EncValToInitEncArgFlow = DataFlow::Global<EncValToInitEncArgConfig>;
-
-int getEncConfigValue(Expr e) {
-  exists(EVP_Cipher_Initializer initCall | e = initCall.getOperationSubtypeArg()) and
-  exists(DataFlow::Node a, DataFlow::Node b |
-    EncValToInitEncArgFlow::flow(a, b) and b.asExpr() = e and result = a.asExpr().getValue().toInt()
-  )
-}
-
-bindingset[i]
-Crypto::KeyOperationSubtype intToCipherOperationSubtype(int i) {
-  if i = 0
-  then result instanceof Crypto::TEncryptMode
-  else
-    if i = 1
-    then result instanceof Crypto::TDecryptMode
-    else result instanceof Crypto::TUnknownKeyOperationMode
-}
-
-// TODO: need to add key consumer
-abstract class EVP_Cipher_Initializer extends Call {
-  Expr getContextArg() { result = this.(Call).getArgument(0) }
-
-  Expr getAlgorithmArg() { result = this.(Call).getArgument(1) }
-
-  abstract Expr getKeyArg();
-
-  abstract Expr getIVArg();
-
-  //   abstract Crypto::CipherOperationSubtype getCipherOperationSubtype();
-  abstract Expr getOperationSubtypeArg();
-
-  Crypto::KeyOperationSubtype getCipherOperationSubtype() {
-    if this.(Call).getTarget().getName().toLowerCase().matches("%encrypt%")
-    then result instanceof Crypto::TEncryptMode
-    else
-      if this.(Call).getTarget().getName().toLowerCase().matches("%decrypt%")
-      then result instanceof Crypto::TDecryptMode
-      else
-        if exists(getEncConfigValue(this.getOperationSubtypeArg()))
-        then result = intToCipherOperationSubtype(getEncConfigValue(this.getOperationSubtypeArg()))
-        else result instanceof Crypto::TUnknownKeyOperationMode
-  }
-}
-
-abstract class EVP_EX_Initializer extends EVP_Cipher_Initializer {
-  override Expr getKeyArg() { result = this.(Call).getArgument(3) }
-
-  override Expr getIVArg() { result = this.(Call).getArgument(4) }
-}
-
-abstract class EVP_EX2_Initializer extends EVP_Cipher_Initializer {
-  override Expr getKeyArg() { result = this.(Call).getArgument(2) }
-
-  override Expr getIVArg() { result = this.(Call).getArgument(3) }
-}
-
-class EVP_Cipher_EX_Init_Call extends EVP_EX_Initializer {
-  EVP_Cipher_EX_Init_Call() {
-    this.(Call).getTarget().getName() in [
-        "EVP_EncryptInit_ex", "EVP_DecryptInit_ex", "EVP_CipherInit_ex"
-      ]
-  }
-
-  override Expr getOperationSubtypeArg() {
-    this.(Call).getTarget().getName().toLowerCase().matches("%cipherinit%") and
-    result = this.(Call).getArgument(5)
-  }
-}
-
-class EVP_Cipher_EX2_or_Simple_Init_Call extends EVP_EX2_Initializer {
-  EVP_Cipher_EX2_or_Simple_Init_Call() {
-    this.(Call).getTarget().getName() in [
-        "EVP_EncryptInit_ex2", "EVP_DecryptInit_ex2", "EVP_CipherInit_ex2", "EVP_EncryptInit",
-        "EVP_DecryptInit", "EVP_CipherInit"
-      ]
-  }
-
-  override Expr getOperationSubtypeArg() {
-    this.(Call).getTarget().getName().toLowerCase().matches("%cipherinit%") and
-    result = this.(Call).getArgument(4)
-  }
-}
-
-class EVP_CipherInit_SKEY_Call extends EVP_EX2_Initializer {
-  EVP_CipherInit_SKEY_Call() { this.(Call).getTarget().getName() in ["EVP_CipherInit_SKEY"] }
-
-  override Expr getOperationSubtypeArg() { result = this.(Call).getArgument(5) }
-}
-
-class EVPCipherInitializerAlgorithmArgument extends Expr {
-  EVPCipherInitializerAlgorithmArgument() {
-    exists(EVP_Cipher_Initializer initCall | this = initCall.getAlgorithmArg())
-  }
-}
-
-class EVPCipherInitializerKeyArgument extends Expr {
-  EVPCipherInitializerKeyArgument() {
-    exists(EVP_Cipher_Initializer initCall | this = initCall.getKeyArg())
-  }
-}
-
-class EVPCipherInitializerIVArgument extends Expr {
-  EVPCipherInitializerIVArgument() {
-    exists(EVP_Cipher_Initializer initCall | this = initCall.getIVArg())
-  }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPCipherOperation.qll

@@ -1,121 +0,0 @@
-private import experimental.quantum.Language
-private import experimental.quantum.OpenSSL.CtxFlow as CTXFlow
-private import EVPCipherInitializer
-private import OpenSSLOperationBase
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
-
-private module AlgGetterToAlgConsumerConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    exists(OpenSSLAlgorithmValueConsumer c | c.getResultNode() = source)
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    exists(EVP_Cipher_Operation c | c.getInitCall().getAlgorithmArg() = sink.asExpr())
-  }
-}
-
-private module AlgGetterToAlgConsumerFlow = DataFlow::Global<AlgGetterToAlgConsumerConfig>;
-
-// import experimental.quantum.OpenSSL.AlgorithmValueConsumers.AlgorithmValueConsumers
-// import OpenSSLOperation
-// class EVPCipherOutput extends CipherOutputArtifact {
-//   EVPCipherOutput() { exists(EVP_Cipher_Operation op | op.getOutputArg() = this) }
-//   override DataFlow::Node getOutputNode() { result.asDefiningArgument() = this }
-// }
-//
-/**
- * see: https://docs.openssl.org/master/man3/EVP_EncryptInit/#synopsis
- * Base configuration for all EVP cipher operations.
- * NOTE: cannot extend instance of OpenSSLOperation, as we need to override
- * elements of OpenSSLOperation (i.e., we are creating an instance)
- */
-abstract class EVP_Cipher_Operation extends OpenSSLOperation, Crypto::KeyOperationInstance {
-  Expr getContextArg() { result = this.(Call).getArgument(0) }
-
-  override Expr getOutputArg() { result = this.(Call).getArgument(1) }
-
-  override Crypto::KeyOperationSubtype getKeyOperationSubtype() {
-    result instanceof Crypto::TEncryptMode and
-    this.(Call).getTarget().getName().toLowerCase().matches("%encrypt%")
-    or
-    result instanceof Crypto::TDecryptMode and
-    this.(Call).getTarget().getName().toLowerCase().matches("%decrypt%")
-    or
-    result = this.getInitCall().getCipherOperationSubtype() and
-    this.(Call).getTarget().getName().toLowerCase().matches("%cipher%")
-  }
-
-  EVP_Cipher_Initializer getInitCall() {
-    CTXFlow::ctxArgFlowsToCtxArg(result.getContextArg(), this.getContextArg())
-  }
-
-  override Crypto::ConsumerInputDataFlowNode getNonceConsumer() {
-    this.getInitCall().getIVArg() = result.asExpr()
-  }
-
-  override Crypto::ConsumerInputDataFlowNode getInputConsumer() { result = this.getInputNode() }
-
-  override Crypto::ConsumerInputDataFlowNode getKeyConsumer() {
-    this.getInitCall().getKeyArg() = result.asExpr()
-  }
-
-  override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { result = this.getOutputNode() }
-
-  override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
-    AlgGetterToAlgConsumerFlow::flow(result.(OpenSSLAlgorithmValueConsumer).getResultNode(),
-      DataFlow::exprNode(this.getInitCall().getAlgorithmArg()))
-  }
-}
-
-class EVP_Cipher_Call extends EVP_Cipher_Operation {
-  EVP_Cipher_Call() { this.(Call).getTarget().getName() = "EVP_Cipher" }
-
-  override Expr getInputArg() { result = this.(Call).getArgument(2) }
-}
-
-// NOTE: not modeled as cipher operations, these are intermediate calls
-class EVP_Cipher_Update_Call extends Call {
-  EVP_Cipher_Update_Call() {
-    this.(Call).getTarget().getName() in [
-        "EVP_EncryptUpdate", "EVP_DecryptUpdate", "EVP_CipherUpdate"
-      ]
-  }
-
-  Expr getInputArg() { result = this.(Call).getArgument(3) }
-
-  DataFlow::Node getInputNode() { result.asExpr() = this.getInputArg() }
-
-  Expr getContextArg() { result = this.(Call).getArgument(0) }
-}
-
-class EVP_Cipher_Final_Call extends EVP_Cipher_Operation {
-  EVP_Cipher_Final_Call() {
-    this.(Call).getTarget().getName() in [
-        "EVP_EncryptFinal_ex", "EVP_DecryptFinal_ex", "EVP_CipherFinal_ex", "EVP_EncryptFinal",
-        "EVP_DecryptFinal", "EVP_CipherFinal"
-      ]
-  }
-
-  EVP_Cipher_Update_Call getUpdateCalls() {
-    CTXFlow::ctxArgFlowsToCtxArg(result.getContextArg(), this.getContextArg())
-  }
-
-  override Expr getInputArg() { result = this.getUpdateCalls().getInputArg() }
-
-  override Crypto::ConsumerInputDataFlowNode getInputConsumer() { result = this.getInputNode() }
-}
-
-class EVP_PKEY_Operation extends EVP_Cipher_Operation {
-  EVP_PKEY_Operation() {
-    this.(Call).getTarget().getName() in ["EVP_PKEY_decrypt", "EVP_PKEY_encrypt"]
-  }
-
-  override Expr getInputArg() { result = this.(Call).getArgument(3) }
-  // TODO: how PKEY is initialized is different that symmetric cipher
-  // Consider making an entirely new class for this and specializing
-  // the get init call
-}
-
-class EVPCipherInputArgument extends Expr {
-  EVPCipherInputArgument() { exists(EVP_Cipher_Operation op | op.getInputArg() = this) }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPHashInitializer.qll

@@ -1,17 +0,0 @@
-import cpp
-
-abstract class EVP_Hash_Initializer extends Call {
-  Expr getContextArg() { result = this.(Call).getArgument(0) }
-
-  abstract Expr getAlgorithmArg();
-}
-
-class EVP_DigestInit_Variant_Calls extends EVP_Hash_Initializer {
-  EVP_DigestInit_Variant_Calls() {
-    this.(Call).getTarget().getName() in [
-        "EVP_DigestInit", "EVP_DigestInit_ex", "EVP_DigestInit_ex2"
-      ]
-  }
-
-  override Expr getAlgorithmArg() { result = this.(Call).getArgument(1) }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPHashOperation.qll

@@ -1,124 +0,0 @@
-/**
- * https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
- */
-
-private import experimental.quantum.Language
-private import experimental.quantum.OpenSSL.CtxFlow as CTXFlow
-private import OpenSSLOperationBase
-private import EVPHashInitializer
-private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
-
-// import EVPHashConsumers
-abstract class EVP_Hash_Operation extends OpenSSLOperation, Crypto::HashOperationInstance {
-  Expr getContextArg() { result = this.(Call).getArgument(0) }
-
-  EVP_Hash_Initializer getInitCall() {
-    CTXFlow::ctxArgFlowsToCtxArg(result.getContextArg(), this.getContextArg())
-  }
-
-  /**
-   * By default, the algorithm value comes from the init call.
-   * There are variants where this isn't true, in which case the
-   * subclass should override this method.
-   */
-  override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
-    AlgGetterToAlgConsumerFlow::flow(result.(OpenSSLAlgorithmValueConsumer).getResultNode(),
-      DataFlow::exprNode(this.getInitCall().getAlgorithmArg()))
-  }
-}
-
-private module AlgGetterToAlgConsumerConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    exists(OpenSSLAlgorithmValueConsumer c | c.getResultNode() = source)
-  }
-
-  predicate isSink(DataFlow::Node sink) {
-    exists(EVP_Hash_Operation c | c.getInitCall().getAlgorithmArg() = sink.asExpr())
-  }
-}
-
-private module AlgGetterToAlgConsumerFlow = DataFlow::Global<AlgGetterToAlgConsumerConfig>;
-
-//https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis
-class EVP_Q_Digest_Operation extends EVP_Hash_Operation {
-  EVP_Q_Digest_Operation() { this.(Call).getTarget().getName() = "EVP_Q_digest" }
-
-  //override Crypto::AlgorithmConsumer getAlgorithmConsumer() {  }
-  override EVP_Hash_Initializer getInitCall() {
-    // This variant of digest does not use an init
-    // and even if it were used, the init would be ignored/undefined
-    none()
-  }
-
-  override Expr getOutputArg() { result = this.(Call).getArgument(5) }
-
-  override Expr getInputArg() { result = this.(Call).getArgument(3) }
-
-  override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { result = this.getOutputNode() }
-
-  override Crypto::ConsumerInputDataFlowNode getInputConsumer() { result = this.getInputNode() }
-
-  override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
-    // The operation is a direct algorithm consumer
-    // NOTE: the operation itself is already modeld as a value consumer, so we can
-    // simply return 'this', see modeled hash algorithm consuers for EVP_Q_Digest
-    this = result
-  }
-}
-
-class EVP_Digest_Operation extends EVP_Hash_Operation {
-  EVP_Digest_Operation() { this.(Call).getTarget().getName() = "EVP_Digest" }
-
-  // There is no context argument for this function
-  override Expr getContextArg() { none() }
-
-  override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() {
-    AlgGetterToAlgConsumerFlow::flow(result.(OpenSSLAlgorithmValueConsumer).getResultNode(),
-      DataFlow::exprNode(this.(Call).getArgument(4)))
-  }
-
-  override EVP_Hash_Initializer getInitCall() {
-    // This variant of digest does not use an init
-    // and even if it were used, the init would be ignored/undefined
-    none()
-  }
-
-  override Expr getOutputArg() { result = this.(Call).getArgument(2) }
-
-  override Expr getInputArg() { result = this.(Call).getArgument(0) }
-
-  override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { result = this.getOutputNode() }
-
-  override Crypto::ConsumerInputDataFlowNode getInputConsumer() { result = this.getInputNode() }
-}
-
-// NOTE: not modeled as hash operations, these are intermediate calls
-class EVP_Digest_Update_Call extends Call {
-  EVP_Digest_Update_Call() { this.(Call).getTarget().getName() in ["EVP_DigestUpdate"] }
-
-  Expr getInputArg() { result = this.(Call).getArgument(1) }
-
-  DataFlow::Node getInputNode() { result.asExpr() = this.getInputArg() }
-
-  Expr getContextArg() { result = this.(Call).getArgument(0) }
-}
-
-class EVP_Digest_Final_Call extends EVP_Hash_Operation {
-  EVP_Digest_Final_Call() {
-    this.(Call).getTarget().getName() in [
-        "EVP_DigestFinal", "EVP_DigestFinal_ex", "EVP_DigestFinalXOF"
-      ]
-  }
-
-  EVP_Digest_Update_Call getUpdateCalls() {
-    CTXFlow::ctxArgFlowsToCtxArg(result.getContextArg(), this.getContextArg())
-  }
-
-  override Expr getInputArg() { result = this.getUpdateCalls().getInputArg() }
-
-  override Crypto::ConsumerInputDataFlowNode getInputConsumer() { result = this.getInputNode() }
-
-  override Expr getOutputArg() { result = this.(Call).getArgument(1) }
-
-  override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { result = this.getOutputNode() }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll

@@ -1,21 +0,0 @@
-private import experimental.quantum.Language
-
-abstract class OpenSSLOperation extends Crypto::OperationInstance instanceof Call {
-  abstract Expr getInputArg();
-
-  /**
-   * Can be an argument of a call or a return value of a function.
-   */
-  abstract Expr getOutputArg();
-
-  DataFlow::Node getInputNode() {
-    // Assumed to be default to asExpr
-    result.asExpr() = this.getInputArg()
-  }
-
-  DataFlow::Node getOutputNode() {
-    if exists(Call c | c.getAnArgument() = this)
-    then result.asDefiningArgument() = this
-    else result.asExpr() = this
-  }
-}

cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperations.qll

@@ -1,4 +0,0 @@
-import OpenSSLOperationBase
-import EVPCipherOperation
-import EVPHashOperation
-import ECKeyGenOperation

cpp/ql/lib/experimental/quantum/OpenSSL/Random.qll

@@ -1,18 +0,0 @@
-import cpp
-private import experimental.quantum.Language
-private import LibraryDetector
-private import semmle.code.cpp.dataflow.new.DataFlow
-
-class OpenSSLRandomNumberGeneratorInstance extends Crypto::RandomNumberGenerationInstance instanceof Call
-{
-  OpenSSLRandomNumberGeneratorInstance() {
-    this.(Call).getTarget().getName() in ["RAND_bytes", "RAND_pseudo_bytes"] and
-    isPossibleOpenSSLFunction(this.(Call).getTarget())
-  }
-
-  override Crypto::DataFlowNode getOutputNode() {
-    result.asDefiningArgument() = this.(Call).getArgument(0)
-  }
-
-  override string getGeneratorName() { result = this.(Call).getTarget().getName() }
-}

cpp/ql/lib/ext/Boost.Asio.model.yml

@@ -1,4 +1,4 @@
-# partial model of the Boost::Asio network library
+  # partial model of the Boost::Asio network library
 extensions:
   - addsTo:
       pack: codeql/cpp-all

cpp/ql/lib/ext/Windows.model.yml

@@ -1,35 +0,0 @@
-# partial model of windows system calls
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: sourceModel
-    data: # namespace, type, subtypes, name, signature, ext, output, kind, provenance
-      # processenv.h
-      - ["", "", False, "GetCommandLineA", "", "", "ReturnValue[*]", "local", "manual"]
-      - ["", "", False, "GetCommandLineW", "", "", "ReturnValue[*]", "local", "manual"]
-      - ["", "", False, "GetEnvironmentStringsA", "", "", "ReturnValue[*]", "local", "manual"]
-      - ["", "", False, "GetEnvironmentStringsW", "", "", "ReturnValue[*]", "local", "manual"]
-      - ["", "", False, "GetEnvironmentVariableA", "", "", "Argument[*1]", "local", "manual"]
-      - ["", "", False, "GetEnvironmentVariableW", "", "", "Argument[*1]", "local", "manual"]
-      # fileapi.h
-      - ["", "", False, "ReadFile", "", "", "Argument[*1]", "local", "manual"]
-      - ["", "", False, "ReadFileEx", "", "", "Argument[*1]", "local", "manual"]
-      # memoryapi.h
-      - ["", "", False, "MapViewOfFile", "", "", "ReturnValue[*]", "local", "manual"]
-      - ["", "", False, "MapViewOfFile2", "", "", "ReturnValue[*]", "local", "manual"]
-      - ["", "", False, "MapViewOfFile3", "", "", "ReturnValue[*]", "local", "manual"]
-      - ["", "", False, "MapViewOfFile3FromApp", "", "", "ReturnValue[*]", "local", "manual"]
-      - ["", "", False, "MapViewOfFileEx", "", "", "ReturnValue[*]", "local", "manual"]
-      - ["", "", False, "MapViewOfFileFromApp", "", "", "ReturnValue[*]", "local", "manual"]
-      - ["", "", False, "MapViewOfFileNuma2", "", "", "ReturnValue[*]", "local", "manual"]
-      # ntifs.h
-      - ["", "", False, "NtReadFile", "", "", "Argument[*5]", "local", "manual"]
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      # shellapi.h
-      - ["", "", False, "CommandLineToArgvA", "", "", "Argument[*0]", "ReturnValue[**]", "taint", "manual"]
-      - ["", "", False, "CommandLineToArgvW", "", "", "Argument[*0]", "ReturnValue[**]", "taint", "manual"]
-      # fileapi.h
-      - ["", "", False, "ReadFileEx", "", "", "Argument[*3].Field[@hEvent]", "Argument[4].Parameter[*2].Field[@hEvent]", "value", "manual"]

cpp/ql/lib/ext/generated/empty.model.yml

@@ -1,5 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: []