Update inline expectations and relearn affected tests

Initial plan
Merge pull request #22065 from github/dependabot/go_modules/go/extractor/extractor-dependencies-9f88df4328
2026-06-26 15:17:06 +02:00 · 2026-06-26 08:07:15 +00:00 · 2026-06-26 07:28:39 +00:00 · 2026-06-26 06:59:52 +01:00 · 2026-06-26 03:03:16 +00:00 · 2026-06-25 23:42:21 +02:00
83 changed files with 136 additions and 96 deletions
--- a/actions/ql/lib/qlpack.yml
+++ b/actions/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.38
+version: 0.4.39-dev
 library: true
 warnOnImplicitThis: true
 dependencies:
--- a/actions/ql/src/qlpack.yml
+++ b/actions/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.30
+version: 0.6.31-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 11.0.0
+version: 11.0.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.6.5
+version: 1.6.6-dev
 groups:
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.69
+version: 1.7.70-dev
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.69
+version: 1.7.70-dev
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 7.0.0
+version: 7.0.1-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.7.5
+version: 1.7.6-dev
 groups:
  - csharp
  - queries
--- a/csharp/ql/test/utils/inline-tests/InlineTests.cs
+++ b/csharp/ql/test/utils/inline-tests/InlineTests.cs
@@ -3,13 +3,13 @@ class C
    void Problems()
    {
        // correct expectation comment, but only for `problem-query`
-        var x = "Alert"; // $ Alert
+        var x = "Alert"; // $ Alert[problem-query]
        // irrelevant expectation comment, will be ignored
        x = "Not an alert"; // $ IrrelevantTag
        // incorrect expectation comment
-        x = "Also not an alert"; // $ Alert
+        x = "Also not an alert"; // $ MISSING: Alert[problem-query]
        // missing expectation comment, but only for `problem-query`
        x = "Alert";
--- a/csharp/ql/test/utils/inline-tests/PathProblemQuery.expected
+++ b/csharp/ql/test/utils/inline-tests/PathProblemQuery.expected
@@ -13,8 +13,6 @@
 | InlineTests.cs:88:13:88:23 | "Alert:0:1" | InlineTests.cs:88:13:88:23 | "Alert:0:1" | InlineTests.cs:87:16:87:21 | "Sink" | This is a problem |
 edges
 testFailures
 | InlineTests.cs:6:26:6:35 | // ... | Missing result: Alert |
 | InlineTests.cs:12:34:12:43 | // ... | Missing result: Alert |
 | InlineTests.cs:37:28:37:38 | // ... | Missing result: Source |
 | InlineTests.cs:38:24:38:32 | // ... | Missing result: Sink |
 | InlineTests.cs:39:33:39:42 | // ... | Missing result: Alert |
--- a/csharp/ql/test/utils/inline-tests/PathProblemQueryRelatedLocs.expected
+++ b/csharp/ql/test/utils/inline-tests/PathProblemQueryRelatedLocs.expected
@@ -3,8 +3,6 @@
 | InlineTests.cs:100:13:100:25 | "Alert:3:2:1" | InlineTests.cs:97:18:97:25 | "Source" | InlineTests.cs:98:16:98:21 | "Sink" | This is a problem with $@ | InlineTests.cs:99:19:99:27 | "Related" | a related location |
 edges
 testFailures
 | InlineTests.cs:6:26:6:35 | // ... | Missing result: Alert |
 | InlineTests.cs:12:34:12:43 | // ... | Missing result: Alert |
 | InlineTests.cs:32:32:32:42 | // ... | Missing result: Source |
 | InlineTests.cs:33:28:33:36 | // ... | Missing result: Sink |
 | InlineTests.cs:34:30:34:39 | // ... | Missing result: Alert |
--- a/csharp/ql/test/utils/inline-tests/ProblemQuery.expected
+++ b/csharp/ql/test/utils/inline-tests/ProblemQuery.expected
@@ -3,7 +3,6 @@
 | InlineTests.cs:15:13:15:19 | "Alert" | This is a problem |
 | InlineTests.cs:18:13:18:19 | "Alert" | This is a problem |
 testFailures
 | InlineTests.cs:12:34:12:43 | // ... | Missing result: Alert |
 | InlineTests.cs:15:13:15:19 | This is a problem | Unexpected result: Alert |
 | InlineTests.cs:34:30:34:39 | // ... | Missing result: Alert |
 | InlineTests.cs:39:33:39:42 | // ... | Missing result: Alert |
--- a/csharp/ql/test/utils/inline-tests/ProblemQueryRelatedLocs.expected
+++ b/csharp/ql/test/utils/inline-tests/ProblemQueryRelatedLocs.expected
@@ -2,8 +2,6 @@
 | InlineTests.cs:22:13:22:21 | "Alert:1" | This is a problem with $@ | InlineTests.cs:21:23:21:31 | "Related" | a related location |
 | InlineTests.cs:26:13:26:21 | "Alert:1" | This is a problem with $@ | InlineTests.cs:25:19:25:27 | "Related" | a related location |
 testFailures
 | InlineTests.cs:6:26:6:35 | // ... | Missing result: Alert |
 | InlineTests.cs:12:34:12:43 | // ... | Missing result: Alert |
 | InlineTests.cs:25:19:25:27 | "Related" | Unexpected result: RelatedLocation |
 | InlineTests.cs:34:30:34:39 | // ... | Missing result: Alert |
 | InlineTests.cs:39:33:39:42 | // ... | Missing result: Alert |
--- a/go/extractor/go.mod
+++ b/go/extractor/go.mod
@@ -10,7 +10,7 @@ toolchain go1.26.4
 //    bazel mod tidy
 require (
 	golang.org/x/mod v0.37.0
-	golang.org/x/tools v0.46.0
+	golang.org/x/tools v0.47.0
 )
 require github.com/stretchr/testify v1.11.1
--- a/go/extractor/go.sum
+++ b/go/extractor/go.sum
@@ -10,8 +10,8 @@ golang.org/x/mod v0.37.0 h1:vF1DjpVEshcIqoEaauuHebaLk1O1forxjxBaVn884JQ=
 golang.org/x/mod v0.37.0/go.mod h1:m8S8VeM9r4dzDwjrKO0a1sZP3YjeMamRRlD+fmR2Q/0=
 golang.org/x/sync v0.21.0 h1:HLII4xRRTtCRkxYp4HNFF0Js/Og6q2i++KXbg0gHCwM=
 golang.org/x/sync v0.21.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
-golang.org/x/tools v0.46.0 h1:7jTurBkPZu4moS/Uy4OQT1M+QBlsj3wejyZwsT8Z7rk=
+golang.org/x/tools v0.47.0 h1:7Kn5x/d1svx/PzryTsqeoZN4TZwqeH5pGWjefhLi/1Q=
-golang.org/x/tools v0.46.0/go.mod h1:FrD85F8l+NWL+9XWBSyVSHO6Ne4jutsfIFba7AWQ5Ys=
+golang.org/x/tools v0.47.0/go.mod h1:dFHnyTvFWY212G+h7ZY4Vsp/K3U4/7W9TyVaAul8uCA=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
--- a/go/ql/consistency-queries/qlpack.yml
+++ b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.52
+version: 1.0.53-dev
 groups:
  - go
  - queries
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 7.2.0
+version: 7.2.1-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.6.5
+version: 1.6.6-dev
 groups:
  - go
  - queries
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 9.2.0
+version: 9.2.1-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.11.5
+version: 1.11.6-dev
 groups:
  - java
  - queries
--- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptThenMac.expected
+++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptThenMac.expected
@@ -30,7 +30,5 @@ nodes
 | BadMacUse.java:152:42:152:51 | ciphertext | semmle.label | ciphertext |
 subpaths
 testFailures
 | BadMacUse.java:50:56:50:66 | // $ Source | Missing result: Source |
 | BadMacUse.java:63:118:63:128 | // $ Source | Missing result: Source |
 | BadMacUse.java:92:31:92:35 | bytes : byte[] | Unexpected result: Source |
 | BadMacUse.java:146:95:146:105 | // $ Source | Missing result: Source |
--- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected
+++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected
@@ -31,7 +31,7 @@ nodes
 | BadMacUse.java:124:42:124:51 | ciphertext | semmle.label | ciphertext |
 subpaths
 testFailures
-| BadMacUse.java:63:118:63:128 | // $ Source | Missing result: Source |
+| BadMacUse.java:50:28:50:53 | doFinal(...) : byte[] | Fixed missing result: Source |
 | BadMacUse.java:92:16:92:36 | doFinal(...) : byte[] | Unexpected result: Source |
 | BadMacUse.java:124:42:124:51 | ciphertext | Unexpected result: Alert |
 | BadMacUse.java:146:95:146:105 | // $ Source | Missing result: Source |
--- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected
+++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected
@@ -45,7 +45,7 @@ nodes
 | BadMacUse.java:152:42:152:51 | ciphertext | semmle.label | ciphertext |
 subpaths
 testFailures
-| BadMacUse.java:50:56:50:66 | // $ Source | Missing result: Source |
+| BadMacUse.java:63:82:63:97 | plaintext : byte[] | Fixed missing result: Source |
 | BadMacUse.java:139:79:139:90 | input : byte[] | Unexpected result: Source |
 | BadMacUse.java:146:95:146:105 | // $ Source | Missing result: Source |
 | BadMacUse.java:152:42:152:51 | ciphertext | Unexpected result: Alert |
--- a/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java
+++ b/java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java
@@ -47,7 +47,7 @@ class BadMacUse {
        SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES");
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.DECRYPT_MODE, encryptionKey, new SecureRandom());
-        byte[] plaintext = cipher.doFinal(ciphertext); // $ Source
+        byte[] plaintext = cipher.doFinal(ciphertext); // $ MISSING: Source
        // Now verify MAC (too late)
        SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256");
@@ -60,7 +60,7 @@ class BadMacUse {
        }
    }
-    public void BadMacOnPlaintext(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] plaintext) throws Exception {// $ Source
+    public void BadMacOnPlaintext(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] plaintext) throws Exception {// $ MISSING: Source
        // Create keys directly from provided byte arrays
        SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES");
        SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256");
--- a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected
+++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected
@@ -126,5 +126,3 @@ nodes
 | InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | semmle.label | iv : byte[] |
 | InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | semmle.label | ivSpec |
 subpaths
 testFailures
 | InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | Unexpected result: Source |
--- a/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java
+++ b/java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java
@@ -39,7 +39,7 @@ public class InsecureIVorNonceSource {
    public byte[] encryptWithStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception {
        byte[] iv = new byte[16];
        for (byte i = 0; i < iv.length; i++) {
-            iv[i] = 1;
+            iv[i] = 1; // $ Source
        }
        IvParameterSpec ivSpec = new IvParameterSpec(iv);
--- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java
+++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java
@@ -40,11 +40,11 @@ public class Test {
     * SAST/CBOM: - Parent: PBKDF2. - Iteration count is only 10, which is far
     * below acceptable security standards. - Flagged as insecure.
     */
-    public void pbkdf2LowIteration(String password, int iterationCount) throws Exception { // $ Source
+    public void pbkdf2LowIteration(String password, int iterationCount) throws Exception { // $ MISSING: Source
        byte[] salt = generateSalt(16);
-        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $ Alert[java/quantum/examples/unknown-kdf-iteration-count]
+        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256);
        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
-        byte[] key = factory.generateSecret(spec).getEncoded();
+        byte[] key = factory.generateSecret(spec).getEncoded(); // $ Alert[java/quantum/examples/unknown-kdf-iteration-count]
    }
    /**
--- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected
+++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected
@@ -1,5 +1 @@
 #select
 | Test.java:47:22:47:49 | KeyDerivation | Key derivation operation with unknown iteration: $@ | Test.java:43:53:43:70 | iterationCount | iterationCount |
 testFailures
 | Test.java:45:94:45:154 | // $ Alert[java/quantum/examples/unknown-kdf-iteration-count] | Missing result: Alert[java/quantum/examples/unknown-kdf-iteration-count] |
 | Test.java:47:22:47:49 | Key derivation operation with unknown iteration: $@ | Unexpected result: Alert |
--- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.expected
+++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.expected
@@ -12,5 +12,3 @@ nodes
 | Test.java:58:30:58:38 | 1_000_000 : Number | semmle.label | 1_000_000 : Number |
 | Test.java:59:72:59:85 | iterationCount | semmle.label | iterationCount |
 subpaths
 testFailures
 | Test.java:43:92:43:102 | // $ Source | Missing result: Source |
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.8.0
+version: 2.8.1-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 2.4.0
+version: 2.4.1-dev
 groups:
  - javascript
  - queries
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 warnOnImplicitThis: true
--- a/python/ql/lib/change-notes/2026-05-19-flask-subclasses.md
+++ b/python/ql/lib/change-notes/2026-05-19-flask-subclasses.md
@@ -0,0 +1,4 @@
 ---
 category: minorAnalysis
 ---
 * `Flask::FlaskApp::instance()` will now also return instances of subclasses defined in the source tree. Previously, these were filtered out. `Flask::FlaskApp::classRef()` has been deprecated in favor of `Flask::FlaskApp::subclassRef()` since it already returned some subclasses.
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 7.2.0
+version: 7.2.1-dev
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/lib/semmle/python/frameworks/Flask.qll
+++ b/python/ql/lib/semmle/python/frameworks/Flask.qll
@@ -71,14 +71,21 @@ module Flask {
   * See https://flask.palletsprojects.com/en/1.1.x/api/#flask.Flask.
   */
  module FlaskApp {
-    /** Gets a reference to the `flask.Flask` class. */
+    /**
-    API::Node classRef() {
+     * Gets a reference to the `flask.Flask` class or any subclass.
-      result = API::moduleImport("flask").getMember("Flask") or
+     *
     * Deprecated: Use `subclassRef()` instead, this predicate always returned some subclasses.
     */
    deprecated API::Node classRef() { result = subclassRef() }
    /** Gets a reference to the `flask.Flask` class or any subclass. */
    API::Node subclassRef() {
      result = API::moduleImport("flask").getMember("Flask").getASubclass*() or
      result = ModelOutput::getATypeNode("flask.Flask~Subclass").getASubclass*()
    }
    /** Gets a reference to an instance of `flask.Flask` (a flask application). */
-    API::Node instance() { result = classRef().getReturn() }
+    API::Node instance() { result = subclassRef().getReturn() }
  }
  /**
@@ -132,7 +139,7 @@ module Flask {
    API::Node classRef() {
      result = API::moduleImport("flask").getMember("Response")
      or
-      result = [FlaskApp::classRef(), FlaskApp::instance()].getMember("response_class")
+      result = [FlaskApp::subclassRef(), FlaskApp::instance()].getMember("response_class")
      or
      result = ModelOutput::getATypeNode("flask.Response~Subclass").getASubclass*()
    }
--- a/python/ql/src/meta/ClassHierarchy/Find.ql
+++ b/python/ql/src/meta/ClassHierarchy/Find.ql
@@ -351,7 +351,7 @@ class DjangoHttpRequest extends FindSubclassesSpec {
 class FlaskClass extends FindSubclassesSpec {
  FlaskClass() { this = "flask.Flask~Subclass" }
-  override API::Node getAlreadyModeledClass() { result = Flask::FlaskApp::classRef() }
+  override API::Node getAlreadyModeledClass() { result = Flask::FlaskApp::subclassRef() }
 }
 class FlaskBlueprint extends FindSubclassesSpec {
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 1.8.5
+version: 1.8.6-dev
 groups:
  - python
  - queries
--- a/python/ql/test/experimental/meta/InlineInstanceTest.qll
+++ b/python/ql/test/experimental/meta/InlineInstanceTest.qll
@@ -0,0 +1,29 @@
 /**
 * Defines an InlineExpectationsTest for class instances, that is,
 * for any API::Node that is an instance of a class (e.g. `Flask`).
 */
 import python
 import semmle.python.ApiGraphs
 import utils.test.InlineExpectationsTest
 private import semmle.python.dataflow.new.internal.PrintNode
 signature API::Node getInstanceSig();
 module MakeInlineInstanceTest<getInstanceSig/0 getInstance> {
  private module InlineInstanceTest implements TestSig {
    string getARelevantTag() { result = "instance" }
    predicate hasActualResult(Location location, string element, string tag, string value) {
      exists(location.getFile().getRelativePath()) and
      exists(API::Node instance | instance = getInstance() |
        location = instance.getLocation() and
        element = prettyNode(instance.asSource()) and
        value = "" and
        tag = "instance"
      )
    }
  }
  import MakeTest<InlineInstanceTest>
 }
--- a/python/ql/test/experimental/meta/inline-taint-test-demo/InlineTaintTest.expected
+++ b/python/ql/test/experimental/meta/inline-taint-test-demo/InlineTaintTest.expected
@@ -3,5 +3,5 @@ argumentToEnsureNotTaintedNotMarkedAsSpurious
 untaintedArgumentToEnsureTaintedNotMarkedAsMissing
 | taint_test.py:32:9:32:25 | taint_test.py:32 | ERROR, you should add `# $ MISSING: tainted` annotation | should_be_tainted |
 | taint_test.py:37:24:37:40 | taint_test.py:37 | ERROR, you should add `# $ MISSING: tainted` annotation | should_be_tainted |
 | taint_test.py:41:24:41:40 | taint_test.py:41 | ERROR, you should add `# $ MISSING: tainted` annotation | should_be_tainted |
 testFailures
 | taint_test.py:41:20:41:21 | ts | Fixed missing result: tainted |
--- a/python/ql/test/experimental/meta/inline-taint-test-demo/taint_test.py
+++ b/python/ql/test/experimental/meta/inline-taint-test-demo/taint_test.py
@@ -38,7 +38,7 @@ def bad_usage():
    # if you try to get around it by adding BOTH annotations, that results in a problem
    # from the default set of inline-test-expectation rules
-    ensure_tainted(ts, should_be_tainted) # $ tainted MISSING: tainted
+    ensure_tainted(ts, should_be_tainted) # $ tainted
    # simulating handling something we _want_ to treat at untainted, but we currently treat as tainted
    should_not_be_tainted = "pretend this is now safe" + ts
--- a/python/ql/test/library-tests/frameworks/flask/InlineInstanceTest.expected
+++ b/python/ql/test/library-tests/frameworks/flask/InlineInstanceTest.expected
--- a/python/ql/test/library-tests/frameworks/flask/InlineInstanceTest.ql
+++ b/python/ql/test/library-tests/frameworks/flask/InlineInstanceTest.ql
@@ -0,0 +1,8 @@
 import python
 import semmle.python.frameworks.Flask
 import semmle.python.ApiGraphs
 import experimental.meta.InlineInstanceTest
 API::Node getInstance() { result = Flask::FlaskApp::instance() }
 import MakeInlineInstanceTest<getInstance/0>
--- a/python/ql/test/library-tests/frameworks/flask/flask_subclass.py
+++ b/python/ql/test/library-tests/frameworks/flask/flask_subclass.py
@@ -0,0 +1,14 @@
 from flask import Flask
 class Sub(Flask):
    def __init__(self, *args, **kwargs):
        Flask.__init__(self, *args, **kwargs)
 app = Sub(__name__) # $ instance
@app.route("/") # $ routeSetup="/"
 def hello(): # $ requestHandler
    return "world" # $ HttpResponse
--- a/python/ql/test/library-tests/frameworks/flask/old_test.py
+++ b/python/ql/test/library-tests/frameworks/flask/old_test.py
@@ -1,7 +1,7 @@
 import flask
 from flask import Flask, request, make_response
-app = Flask(__name__)
+app = Flask(__name__) # $ instance
@app.route("/")  # $ routeSetup="/"
 def hello_world():  # $ requestHandler
--- a/python/ql/test/library-tests/frameworks/flask/response_test.py
+++ b/python/ql/test/library-tests/frameworks/flask/response_test.py
@@ -3,7 +3,7 @@ import json
 from flask import Flask, make_response, jsonify, Response, request, redirect
 from werkzeug.datastructures import Headers
-app = Flask(__name__)
+app = Flask(__name__) # $ instance
@app.route("/html1")  # $ routeSetup="/html1"
--- a/python/ql/test/library-tests/frameworks/flask/routing_test.py
+++ b/python/ql/test/library-tests/frameworks/flask/routing_test.py
@@ -1,7 +1,7 @@
 import flask
 from flask import Flask, make_response
-app = Flask(__name__)
+app = Flask(__name__) # $ instance
 SOME_ROUTE = "/some/route"
--- a/python/ql/test/library-tests/frameworks/flask/save_uploaded_file.py
+++ b/python/ql/test/library-tests/frameworks/flask/save_uploaded_file.py
@@ -1,5 +1,5 @@
 from flask import Flask, request
-app = Flask(__name__)
+app = Flask(__name__) # $ instance
@app.route("/save-uploaded-file")  # $ routeSetup="/save-uploaded-file"
 def test_taint():  # $ requestHandler
--- a/python/ql/test/library-tests/frameworks/flask/taint_test.py
+++ b/python/ql/test/library-tests/frameworks/flask/taint_test.py
@@ -1,5 +1,5 @@
 from flask import Flask, request, render_template_string, stream_template_string
-app = Flask(__name__)
+app = Flask(__name__) # $ instance
@app.route("/test_taint/<name>/<int:number>")  # $ routeSetup="/test_taint/<name>/<int:number>"
 def test_taint(name = "World!", number="0", foo="foo"):  # $ requestHandler routedParameter=name routedParameter=number
--- a/python/ql/test/library-tests/frameworks/flask/template_test.py
+++ b/python/ql/test/library-tests/frameworks/flask/template_test.py
@@ -1,5 +1,5 @@
 from flask import Flask, Response, stream_with_context, render_template_string, stream_template_string
-app = Flask(__name__)
+app = Flask(__name__) # $ instance
@app.route("/a")  # $ routeSetup="/a"
 def a():  # $ requestHandler
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 6.0.0
+version: 6.0.1-dev
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 1.6.5
+version: 1.6.6-dev
 groups:
  - ruby
  - queries
--- a/ruby/ql/test/library-tests/dataflow/string-flow/string-flow.expected
+++ b/ruby/ql/test/library-tests/dataflow/string-flow/string-flow.expected
@@ -28,7 +28,6 @@ nodes
 | string_flow.rb:227:10:227:10 | a | semmle.label | a |
 subpaths
 testFailures
 | string_flow.rb:85:10:85:10 | a | Unexpected result: hasValueFlow=a |
 | string_flow.rb:227:10:227:10 | a | Unexpected result: hasValueFlow=a |
 #select
 | string_flow.rb:3:10:3:22 | call to new | string_flow.rb:2:9:2:18 | call to source | string_flow.rb:3:10:3:22 | call to new | $@ | string_flow.rb:2:9:2:18 | call to source | call to source |
--- a/ruby/ql/test/library-tests/dataflow/string-flow/string_flow.rb
+++ b/ruby/ql/test/library-tests/dataflow/string-flow/string_flow.rb
@@ -82,7 +82,7 @@ end
 def m_clear
    a = source "a"
    a.clear
-    sink a
+    sink a # $ hasValueFlow=a
 end
 # concat and prepend omitted because they clash with the summaries for
--- a/ruby/ql/test/library-tests/frameworks/action_controller/filter_flow.rb
+++ b/ruby/ql/test/library-tests/frameworks/action_controller/filter_flow.rb
@@ -18,7 +18,7 @@ class OneController < ActionController::Base
  end
  def c
-    sink @foo
+    sink @foo # $ hasTaintFlow
  end
 end
--- a/ruby/ql/test/library-tests/frameworks/action_controller/params-flow.expected
+++ b/ruby/ql/test/library-tests/frameworks/action_controller/params-flow.expected
@@ -270,7 +270,6 @@ nodes
 | params_flow.rb:205:10:205:10 | a | semmle.label | a |
 subpaths
 testFailures
 | filter_flow.rb:21:10:21:13 | @foo | Unexpected result: hasTaintFlow |
 | filter_flow.rb:38:10:38:13 | @foo | Unexpected result: hasTaintFlow |
 | filter_flow.rb:55:10:55:13 | @foo | Unexpected result: hasTaintFlow |
 | filter_flow.rb:71:10:71:17 | call to bar | Unexpected result: hasTaintFlow |
--- a/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected
+++ b/ruby/ql/test/library-tests/frameworks/active_support/ActiveSupportDataFlow.expected
@@ -497,7 +497,6 @@ nodes
 | hash_extensions.rb:126:10:126:19 | call to sole | semmle.label | call to sole |
 subpaths
 testFailures
 | hash_extensions.rb:126:10:126:19 | call to sole | Unexpected result: hasValueFlow=b |
 #select
 | active_support.rb:182:10:182:13 | ...[...] | active_support.rb:180:10:180:17 | call to source | active_support.rb:182:10:182:13 | ...[...] | $@ | active_support.rb:180:10:180:17 | call to source | call to source |
 | active_support.rb:188:10:188:13 | ...[...] | active_support.rb:186:10:186:18 | call to source | active_support.rb:188:10:188:13 | ...[...] | $@ | active_support.rb:186:10:186:18 | call to source | call to source |
--- a/ruby/ql/test/library-tests/frameworks/active_support/hash_extensions.rb
+++ b/ruby/ql/test/library-tests/frameworks/active_support/hash_extensions.rb
@@ -123,7 +123,7 @@ def m_sole
    multi = [source("b"), source("c")]
    sink(empty.sole)
    sink(single.sole) # $ hasValueFlow=a
-    sink(multi.sole) # TODO: model that 'sole' does not return if the receiver has multiple elements
+    sink(multi.sole) # $ hasValueFlow=b # TODO: model that 'sole' does not return if the receiver has multiple elements
 end
 m_sole()
--- a/ruby/ql/test/library-tests/frameworks/sinatra/Flow.expected
+++ b/ruby/ql/test/library-tests/frameworks/sinatra/Flow.expected
@@ -23,7 +23,6 @@ nodes
 | views/index.erb:2:10:2:12 | call to foo | semmle.label | call to foo |
 subpaths
 testFailures
 | views/index.erb:2:10:2:12 | call to foo | Unexpected result: hasTaintFlow |
 #select
 | app.rb:95:10:95:14 | @user | app.rb:103:13:103:22 | call to source | app.rb:95:10:95:14 | @user | $@ | app.rb:103:13:103:22 | call to source | call to source |
 | views/index.erb:2:10:2:12 | call to foo | app.rb:75:12:75:17 | call to params | views/index.erb:2:10:2:12 | call to foo | $@ | app.rb:75:12:75:17 | call to params | call to params |
--- a/ruby/ql/test/library-tests/frameworks/sinatra/views/index.erb
+++ b/ruby/ql/test/library-tests/frameworks/sinatra/views/index.erb
@@ -1,2 +1,2 @@
 <%= @foo %>
-<%= sink foo %>
+<%= sink foo # $ hasTaintFlow %>
--- a/ruby/ql/test/query-tests/experimental/improper-memoization/ImproperMemoization.expected
+++ b/ruby/ql/test/query-tests/experimental/improper-memoization/ImproperMemoization.expected
@@ -1,5 +1,4 @@
 testFailures
 | improper_memoization.rb:100:1:104:3 | m14 | Unexpected result: result=BAD |
 #select
 | improper_memoization.rb:50:1:55:3 | m7 | improper_memoization.rb:50:8:50:10 | arg | improper_memoization.rb:51:3:53:5 | ... \|\|= ... |
 | improper_memoization.rb:58:1:63:3 | m8 | improper_memoization.rb:58:8:58:10 | arg | improper_memoization.rb:59:3:61:5 | ... \|\|= ... |
--- a/ruby/ql/test/query-tests/experimental/improper-memoization/improper_memoization.rb
+++ b/ruby/ql/test/query-tests/experimental/improper-memoization/improper_memoization.rb
@@ -101,4 +101,4 @@ def m14(arg)
  @m14 ||= {}
  key = "foo/#{arg}"
  @m14[key] ||= long_running_method(arg)
-end
+end # $ SPURIOUS: result=BAD
--- a/rust/ql/lib/qlpack.yml
+++ b/rust/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/rust-all
-version: 0.2.16
+version: 0.2.17-dev
 groups: rust
 extractor: rust
 dbscheme: rust.dbscheme
--- a/rust/ql/src/qlpack.yml
+++ b/rust/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/rust-queries
-version: 0.1.37
+version: 0.1.38-dev
 groups:
  - rust
  - queries
--- a/shared/concepts/qlpack.yml
+++ b/shared/concepts/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/concepts
-version: 0.0.26
+version: 0.0.27-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/controlflow/qlpack.yml
+++ b/shared/controlflow/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/controlflow
-version: 2.0.36
+version: 2.0.37-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/dataflow/qlpack.yml
+++ b/shared/dataflow/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/dataflow
-version: 2.1.8
+version: 2.1.9-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/mad/qlpack.yml
+++ b/shared/mad/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/mad
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/namebinding/qlpack.yml
+++ b/shared/namebinding/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/namebinding
-version: 0.0.1
+version: 0.0.2-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/quantum/qlpack.yml
+++ b/shared/quantum/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/quantum
-version: 0.0.30
+version: 0.0.31-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/rangeanalysis/qlpack.yml
+++ b/shared/rangeanalysis/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/rangeanalysis
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/regex/qlpack.yml
+++ b/shared/regex/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/regex
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/ssa/qlpack.yml
+++ b/shared/ssa/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ssa
-version: 2.0.28
+version: 2.0.29-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/threat-models/qlpack.yml
+++ b/shared/threat-models/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/threat-models
-version: 1.0.52
+version: 1.0.53-dev
 library: true
 groups: shared
 dataExtensions:
--- a/shared/tutorial/qlpack.yml
+++ b/shared/tutorial/qlpack.yml
@@ -1,7 +1,7 @@
 name: codeql/tutorial
 description: Library for the CodeQL detective tutorials, helping new users learn to
  write CodeQL queries.
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 warnOnImplicitThis: true
--- a/shared/typeflow/qlpack.yml
+++ b/shared/typeflow/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/typeflow
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/typeinference/qlpack.yml
+++ b/shared/typeinference/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/typeinference
-version: 0.0.33
+version: 0.0.34-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/typetracking/qlpack.yml
+++ b/shared/typetracking/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/typetracking
-version: 2.0.36
+version: 2.0.37-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/typos/qlpack.yml
+++ b/shared/typos/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/typos
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 warnOnImplicitThis: true
--- a/shared/util/qlpack.yml
+++ b/shared/util/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/util
-version: 2.0.39
+version: 2.0.40-dev
 groups: shared
 library: true
 dependencies: null
--- a/shared/xml/qlpack.yml
+++ b/shared/xml/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/xml
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 dependencies:
--- a/shared/yaml/qlpack.yml
+++ b/shared/yaml/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/yaml
-version: 1.0.52
+version: 1.0.53-dev
 groups: shared
 library: true
 warnOnImplicitThis: true
--- a/swift/ql/lib/qlpack.yml
+++ b/swift/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/swift-all
-version: 6.7.1
+version: 6.7.2-dev
 groups: swift
 extractor: swift
 dbscheme: swift.dbscheme
--- a/swift/ql/src/qlpack.yml
+++ b/swift/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/swift-queries
-version: 1.3.5
+version: 1.3.6-dev
 groups:
  - swift
  - queries
Author	SHA1	Message	Date
copilot-swe-agent[bot]	2e6bc6612c	Update inline expectations and relearn affected tests	2026-06-26 08:07:15 +00:00
copilot-swe-agent[bot]	5c2614283d	Initial plan	2026-06-26 07:28:39 +00:00
Owen Mansel-Chan	7b800b1dd6	Merge pull request #22065 from github/dependabot/go_modules/go/extractor/extractor-dependencies-9f88df4328 Bump golang.org/x/tools from 0.46.0 to 0.47.0 in /go/extractor in the extractor-dependencies group	2026-06-26 06:59:52 +01:00
dependabot[bot]	3d1b6b64ed	Bump golang.org/x/tools Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools). Updates `golang.org/x/tools` from 0.46.0 to 0.47.0 - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.46.0...v0.47.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-version: 0.47.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: extractor-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-26 03:03:16 +00:00
yoff	5fcaac7cb2	Merge pull request #21869 from yoff/python/support-flask-subclasses Python: Support Flask subclasses	2026-06-25 23:42:21 +02:00
Mario Campos	336df3ccf4	Merge pull request #22060 from github/post-release-prep/codeql-cli-2.26.0 Post-release preparation for codeql-cli-2.26.0	2026-06-25 12:43:54 -05:00
github-actions[bot]	456e33773b	Post-release preparation for codeql-cli-2.26.0	2026-06-25 16:24:06 +00:00
yoff	f7c4e61956	Apply suggestions from code review Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>	2026-06-02 15:12:41 +02:00
yoff	575ece6ae2	Python: Add change note	2026-06-02 13:50:31 +02:00
yoff	f6ed5c19be	Python: fix sub class test	2026-06-02 13:50:31 +02:00
yoff	4298b70f1c	Python: add test for sub class	2026-06-02 13:49:25 +02:00
yoff	e88b8c53f3	Python: Add test for instances	2026-06-02 13:49:24 +02:00
`@@ -1,2 +1,2 @@`
	`<%= @foo %>`	`<%= @foo %>`
	`<%= sink foo %>`	`<%= sink foo # $ hasTaintFlow %>`