Merge pull request #6375 from github/aeisenberg/pack/python

Packaging: Refactor Python into separate library and query packs

.codeqlmanifest.json

@@ -1,25 +1,8 @@
-{
-    "provide": [
-        "*/ql/src/qlpack.yml",
-        "*/ql/lib/qlpack.yml",
-        "*/ql/test/qlpack.yml",
-        "*/ql/examples/qlpack.yml",
-        "*/upgrades/qlpack.yml",
-        "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml",
-        "javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml",
-        "javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml",
-        "misc/legacy-support/*/qlpack.yml",
-        "misc/suite-helpers/qlpack.yml",
-        "ruby/extractor-pack/codeql-extractor.yml",
-        "ruby/ql/consistency-queries/qlpack.yml",
-        "ql/ql/consistency-queries/qlpack.yml",
-        "ql/extractor-pack/codeql-extractor.yml"
-    ],
-    "versionPolicies": {
-      "default": {
-        "requireChangeNotes": true,
-        "committedPrereleaseSuffix": "dev",
-        "committedVersion": "nextPatchRelease"
-      }
-    }
-}
+{ "provide": [ "*/ql/lib/qlpack.yml",
+               "*/ql/src/qlpack.yml",
+               "*/ql/test/qlpack.yml",
+               "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml",
+               "*/ql/examples/qlpack.yml",
+               "*/upgrades/qlpack.yml",
+               "misc/legacy-support/*/qlpack.yml",
+               "misc/suite-helpers/qlpack.yml" ] }

.devcontainer/devcontainer.json

@@ -1,14 +1,9 @@
 {
   "extensions": [
-    "rust-lang.rust",
-    "bungcip.better-toml",
     "github.vscode-codeql",
     "slevesque.vscode-zipexplorer"
   ],
   "settings": {
-    "files.watcherExclude": {
-      "**/target/**": true
-    },
     "codeQL.runningQueries.memory": 2048
   }
 }

.gitattributes

@@ -48,6 +48,3 @@
 *.gif -text
 *.dll -text
 *.pdb -text
-
-java/ql/test/stubs/**/*.java linguist-generated=true
-java/ql/test/experimental/stubs/**/*.java linguist-generated=true

.github/actions/fetch-codeql/action.yml

@@ -1,14 +0,0 @@
-name: Fetch CodeQL
-description: Fetches the latest version of CodeQL
-runs:
-  using: composite
-  steps:
-    - name: Fetch CodeQL
-      shell: bash
-      run: |
-        LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
-        gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
-        unzip -q -d "${RUNNER_TEMP}" codeql-linux64.zip
-        echo "${RUNNER_TEMP}/codeql" >> "${GITHUB_PATH}"
-      env:
-        GITHUB_TOKEN: ${{ github.token }}

.github/dependabot.yml

@@ -1,18 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "cargo"
-    directory: "ruby/node-types"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "cargo"
-    directory: "ruby/generator"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "cargo"
-    directory: "ruby/extractor"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "cargo"
-    directory: "ruby/autobuilder"
-    schedule:
-      interval: "daily"

.github/labeler.yml

@@ -18,14 +18,7 @@ Python:
   - python/**/*
   - change-notes/**/*python*
 
-Ruby:
-  - ruby/**/*
-  - change-notes/**/*ruby*
-
 documentation:
   - "**/*.qhelp"
   - "**/*.md"
   - docs/**/*
-
-"QL-for-QL": 
-  - ql/**/*

.github/workflows/check-change-note.yml

@@ -7,7 +7,6 @@ on:
       - "*/ql/src/**/*.ql"
       - "*/ql/src/**/*.qll"
       - "!**/experimental/**"
-      - "!ql/**"
 
 jobs:
   check-change-note:

.github/workflows/codeql-analysis.yml

@@ -11,8 +11,6 @@ on:
       - 'rc/*'
     paths:
       - 'csharp/**'
-      - '.github/codeql/**'
-      - '.github/workflows/codeql-analysis.yml'
   schedule:
     - cron: '0 9 * * 1'
 
@@ -40,8 +38,8 @@ jobs:
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
-    #- name: Autobuild
-    #  uses: github/codeql-action/autobuild@main
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@main
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -50,8 +48,9 @@ jobs:
     #    and modify them (or add more) to build your code if your project
     #    uses a compiled language
 
-    - run: |
-       dotnet build csharp
+    #- run: |
+    #   make bootstrap
+    #   make release
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@main

.github/workflows/csv-coverage-pr-artifacts.yml

@@ -6,8 +6,6 @@ on:
       - '.github/workflows/csv-coverage-pr-comment.yml'
       - '*/ql/src/**/*.ql'
       - '*/ql/src/**/*.qll'
-      - '*/ql/lib/**/*.ql'
-      - '*/ql/lib/**/*.qll'
       - 'misc/scripts/library-coverage/*.py'
       # input data files
       - '*/documentation/library-coverage/cwe-sink.csv'

.github/workflows/csv-coverage-update.yml

@@ -8,7 +8,7 @@ on:
 jobs:
   update:
     name: Update framework coverage report
-    if: github.repository == 'github/codeql'
+    if: github.event.repository.fork == false
     runs-on: ubuntu-latest
 
     steps:

.github/workflows/post-pr-comment.yml

@@ -1,31 +0,0 @@
-name: Post pull-request comment
-on:
-  workflow_run:
-    workflows: ["Query help preview"]
-    types:
-      - completed
-
-permissions:
-  pull-requests: write
-
-jobs:
-  post_comment:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Download artifact
-        run: gh run download "${WORKFLOW_RUN_ID}" --repo "${GITHUB_REPOSITORY}" --name "comment"
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          WORKFLOW_RUN_ID: ${{ github.event.workflow_run.id }}
-      - run: |
-          PR="$(grep -o '^[0-9]\+$' pr.txt)"
-          PR_HEAD_SHA="$(gh api "/repos/${GITHUB_REPOSITORY}/pulls/${PR}" --jq .head.sha)"
-          # Check that the pull-request head SHA matches the head SHA of the workflow run
-          if [ "${WORKFLOW_RUN_HEAD_SHA}" != "${PR_HEAD_SHA}" ]; then
-            echo "PR head SHA ${PR_HEAD_SHA} does not match workflow_run event SHA ${WORKFLOW_RUN_HEAD_SHA}. Stopping." 1>&2
-            exit 1
-          fi
-          gh pr comment "${PR}" --repo "${GITHUB_REPOSITORY}" -F comment.txt
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          WORKFLOW_RUN_HEAD_SHA: ${{ github.event.workflow_run.head_commit.id }}

.github/workflows/qhelp-pr-preview.yml

@@ -1,63 +0,0 @@
-name: Query help preview
-
-permissions:
-  contents: read
-
-on:
-  pull_request:
-    branches:
-      - main
-      - "rc/*"
-    paths:
-      - "ruby/**/*.qhelp"
-
-jobs:
-  qhelp:
-    runs-on: ubuntu-latest
-    steps:
-      - run: echo "${{  github.event.number }}" > pr.txt
-      - uses: actions/upload-artifact@v2
-        with:
-          name: comment
-          path: pr.txt
-          retention-days: 1
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 2
-          persist-credentials: false
-      - uses: ./.github/actions/fetch-codeql
-      - name: Determine changed files
-        id: changes
-        run: |
-          (git diff -z --name-only --diff-filter=ACMRT HEAD~1 HEAD | grep -z '.qhelp$' | grep -z -v '.inc.qhelp';
-           git diff -z --name-only --diff-filter=ACMRT HEAD~1 HEAD | grep -z '.inc.qhelp$' | xargs --null -rn1 basename | xargs --null -rn1 git grep -z -l) |
-           grep -z '.qhelp$' | grep -z -v '^-' | sort -z -u > "${RUNNER_TEMP}/paths.txt"
-
-      - name: QHelp preview
-        run: |
-          EXIT_CODE=0
-          echo "QHelp previews:" > comment.txt
-          while read -r -d $'\0' path; do
-            if [ ! -f "${path}" ]; then
-               exit 1
-            fi
-            echo "<details> <summary>${path}</summary>"
-            echo
-            codeql generate query-help --format=markdown -- "./${path}" 2> errors.txt || EXIT_CODE="$?"
-            if [ -s errors.txt ]; then
-               echo "# errors/warnings:"
-               echo '```'
-               cat errors.txt
-               cat errors.txt 1>&2
-               echo '```'
-            fi
-            echo "</details>"
-          done < "${RUNNER_TEMP}/paths.txt" >> comment.txt
-          exit "${EXIT_CODE}"
-
-      - if: always()
-        uses: actions/upload-artifact@v2
-        with:
-          name: comment
-          path: comment.txt
-          retention-days: 1

.github/workflows/ql-for-ql-build.yml

@@ -1,192 +0,0 @@
-name: Run QL for QL
-
-on:
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
-
-env:
-  CARGO_TERM_COLOR: always
-
-jobs:
-  queries:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Find codeql
-        id: find-codeql
-        uses: github/codeql-action/init@erik-krogh/ql
-        with:
-          languages: javascript # does not matter
-      - name: Get CodeQL version
-        id: get-codeql-version
-        run: |
-          echo "::set-output name=version::$("${CODEQL}" --version | head -n 1 | rev | cut -d " " -f 1 | rev)"
-        shell: bash
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Cache queries
-        id: cache-queries
-        uses: actions/cache@v2
-        with:
-          path: ${{ runner.temp }}/query-pack.zip
-          key: queries-${{ hashFiles('ql/**/*.ql*') }}-${{ hashFiles('ql/ql/src/ql.dbscheme*') }}-${{ steps.get-codeql-version.outputs.version }}
-      - name: Build query pack
-        if: steps.cache-queries.outputs.cache-hit != 'true'
-        run: |
-          cd ql/ql/src
-          "${CODEQL}" pack create
-          cd .codeql/pack/codeql/ql-all/0.0.0
-          zip "${PACKZIP}" -r .
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-          PACKZIP: ${{ runner.temp }}/query-pack.zip
-      - name: Upload query pack
-        uses: actions/upload-artifact@v2
-        with:
-          name: query-pack-zip
-          path: ${{ runner.temp }}/query-pack.zip
-
-  extractors:
-    strategy:
-      fail-fast: false
-
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-      - name: Cache entire extractor
-        id: cache-extractor
-        uses: actions/cache@v2
-        with:
-          path: |
-            ql/target/release/ql-autobuilder
-            ql/target/release/ql-autobuilder.exe
-            ql/target/release/ql-extractor
-            ql/target/release/ql-extractor.exe
-          key: ${{ runner.os }}-extractor-${{ hashFiles('ql/**/Cargo.lock') }}-${{ hashFiles('ql/**/*.rs') }}
-      - name: Cache cargo
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            ql/target
-          key: ${{ runner.os }}-rust-cargo-${{ hashFiles('ql/**/Cargo.lock') }}
-      - name: Check formatting
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: cd ql; cargo fmt --all -- --check
-      - name: Build
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: cd ql; cargo build --verbose
-      - name: Run tests
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: cd ql; cargo test --verbose
-      - name: Release build
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: cd ql; cargo build --release
-      - name: Generate dbscheme
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: ql/target/release/ql-generator --dbscheme ql/ql/src/ql.dbscheme --library ql/ql/src/codeql_ql/ast/internal/TreeSitter.qll
-      - uses: actions/upload-artifact@v2
-        with:
-          name: extractor-ubuntu-latest
-          path: |
-            ql/target/release/ql-autobuilder
-            ql/target/release/ql-autobuilder.exe
-            ql/target/release/ql-extractor
-            ql/target/release/ql-extractor.exe
-          retention-days: 1
-  package:
-    runs-on: ubuntu-latest
-
-    needs:
-      - extractors
-      - queries
-
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
-        with:
-          name: query-pack-zip
-          path: query-pack-zip
-      - uses: actions/download-artifact@v2
-        with:
-          name: extractor-ubuntu-latest
-          path: linux64
-      - run: |
-          unzip query-pack-zip/*.zip -d pack
-          cp -r ql/codeql-extractor.yml ql/tools ql/ql/src/ql.dbscheme.stats pack/
-          mkdir -p pack/tools/linux64
-          if [[ -f linux64/ql-autobuilder ]]; then
-            cp linux64/ql-autobuilder pack/tools/linux64/autobuilder
-            chmod +x pack/tools/linux64/autobuilder
-          fi
-          if [[ -f linux64/ql-extractor ]]; then
-            cp linux64/ql-extractor pack/tools/linux64/extractor
-            chmod +x pack/tools/linux64/extractor
-          fi
-          cd pack
-          zip -rq ../codeql-ql.zip .
-      - uses: actions/upload-artifact@v2
-        with:
-          name: codeql-ql-pack
-          path: codeql-ql.zip
-          retention-days: 1
-  analyze:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        folder: [cpp, csharp, java, javascript, python, ql, ruby]
-
-    needs:
-      - package
-
-    steps:
-      - name: Download pack
-        uses: actions/download-artifact@v2
-        with:
-          name: codeql-ql-pack
-          path: ${{ runner.temp }}/codeql-ql-pack-artifact
-
-      - name: Prepare pack
-        run: |
-          unzip "${PACK_ARTIFACT}/*.zip" -d "${PACK}"
-        env:
-          PACK_ARTIFACT: ${{ runner.temp }}/codeql-ql-pack-artifact
-          PACK: ${{ runner.temp }}/pack
-      - name: Hack codeql-action options
-        run: |
-          JSON=$(jq -nc --arg pack "${PACK}" '.resolve.queries=["--search-path", $pack] | .resolve.extractor=["--search-path", $pack] | .database.init=["--search-path", $pack]')
-          echo "CODEQL_ACTION_EXTRA_OPTIONS=${JSON}" >> ${GITHUB_ENV}
-        env:
-          PACK: ${{ runner.temp }}/pack
-
-      - name: Checkout repository
-        uses: actions/checkout@v2
-      - name: Create CodeQL config file
-        run: |
-          echo "paths:" > ${CONF}
-          echo "  - ${FOLDER}" >> ${CONF}
-          echo "paths-ignore:" >> ${CONF}
-          echo "  - ql/ql/test" >> ${CONF}
-          echo "Config file: "
-          cat ${CONF}
-        env: 
-          CONF: ./ql-for-ql-config.yml
-          FOLDER: ${{ matrix.folder }}
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@erik-krogh/ql
-        with:
-          languages: ql
-          db-location: ${{ runner.temp }}/db
-          config-file: ./ql-for-ql-config.yml
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@erik-krogh/ql
-        with: 
-          category: "ql-for-ql-${{ matrix.folder }}"
-

.github/workflows/ql-for-ql-dataset_measure.yml

@@ -1,84 +0,0 @@
-name: Collect database stats for QL for QL
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - ql/ql/src/ql.dbscheme
-  pull_request:
-    branches: [main]
-    paths:
-      - ql/ql/src/ql.dbscheme
-  workflow_dispatch:
-
-jobs:
-  measure:
-    env:
-      CODEQL_THREADS: 4 # TODO: remove this once it's set by the CLI
-    strategy:
-      matrix:
-        repo: 
-          - github/codeql
-          - github/codeql-go
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Find codeql
-        id: find-codeql
-        uses: github/codeql-action/init@erik-krogh/ql
-        with:
-          languages: javascript # does not matter
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            ql/target
-          key: ${{ runner.os }}-qltest-cargo-${{ hashFiles('**/Cargo.lock') }}
-      - name: Build Extractor
-        run: cd ql; env "PATH=$PATH:`dirname ${CODEQL}`" ./create-extractor-pack.sh
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Checkout ${{ matrix.repo }}
-        uses: actions/checkout@v2
-        with:
-          repository: ${{ matrix.repo }}
-          path: ${{ github.workspace }}/repo
-      - name: Create database
-        run: |
-          "${CODEQL}" database create \
-            --search-path "ql/extractor-pack" \
-            --threads 4 \
-            --language ql --source-root "${{ github.workspace }}/repo" \
-            "${{ runner.temp }}/database"
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Measure database
-        run: |
-          mkdir -p "stats/${{ matrix.repo }}"
-          "${CODEQL}" dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ql"
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - uses: actions/upload-artifact@v2
-        with:
-          name: measurements
-          path: stats
-          retention-days: 1
-
-  merge:
-    runs-on: ubuntu-latest
-    needs: measure
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
-        with:
-          name: measurements
-          path: stats
-      - run: |
-          python -m pip install --user lxml
-          find stats -name 'stats.xml' -print0 | sort -z | xargs -0 python ql/scripts/merge_stats.py --output ql/ql/src/ql.dbscheme.stats --normalise ql_tokeninfo
-      - uses: actions/upload-artifact@v2
-        with:
-          name: ql.dbscheme.stats
-          path: ql/ql/src/ql.dbscheme.stats

.github/workflows/ql-for-ql-tests.yml

@@ -1,52 +0,0 @@
-name: Run QL for QL Tests
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - "ql/**"
-  pull_request:
-    branches: [main]
-    paths:
-      - "ql/**"
-
-env:
-  CARGO_TERM_COLOR: always
-
-jobs:
-  qltest:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Find codeql
-        id: find-codeql
-        uses: github/codeql-action/init@erik-krogh/ql
-        with:
-          languages: javascript # does not matter
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            ql/target
-          key: ${{ runner.os }}-qltest-cargo-${{ hashFiles('**/Cargo.lock') }}
-      - name: Build extractor
-        run: |
-          cd ql;
-          codeqlpath=$(dirname ${{ steps.find-codeql.outputs.codeql-path }});
-          env "PATH=$PATH:$codeqlpath" ./create-extractor-pack.sh
-      - name: Run QL tests
-        run: | 
-          "${CODEQL}" test run --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --search-path "${{ github.workspace }}/ql/extractor-pack" --consistency-queries ql/ql/consistency-queries ql/ql/test
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Check QL formatting
-        run: | 
-          find ql/ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 "${CODEQL}" query format --check-only
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Check QL compilation
-        run: | 
-          "${CODEQL}" query compile --check-only --threads=4 --warnings=error --search-path "${{ github.workspace }}/ql/extractor-pack" "ql/ql/src" "ql/ql/examples"
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}

.github/workflows/ruby-build.yml

@@ -1,224 +0,0 @@
-name: "Ruby: Build"
-
-on:
-  push:
-    paths:
-      - "ruby/**"
-      - .github/workflows/ruby-build.yml
-    branches:
-      - main
-      - "rc/*"
-  pull_request:
-    paths:
-      - "ruby/**"
-      - .github/workflows/ruby-build.yml
-    branches:
-      - main
-      - "rc/*"
-  workflow_dispatch:
-    inputs:
-      tag:
-        description: "Version tag to create"
-        required: false
-
-env:
-  CARGO_TERM_COLOR: always
-
-defaults:
-  run:
-    working-directory: ruby
-
-jobs:
-  build:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
-
-    runs-on: ${{ matrix.os }}
-
-    steps:
-      - uses: actions/checkout@v2
-      - name: Install GNU tar
-        if: runner.os == 'macOS'
-        run: |
-          brew install gnu-tar
-          echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            ruby/target
-          key: ${{ runner.os }}-rust-cargo-${{ hashFiles('**/Cargo.lock') }}
-      - name: Check formatting
-        run: cargo fmt --all -- --check
-      - name: Build
-        run: cargo build --verbose
-      - name: Run tests
-        run: cargo test --verbose
-      - name: Release build
-        run: cargo build --release
-      - name: Generate dbscheme
-        if: ${{ matrix.os == 'ubuntu-latest' }}
-        run: target/release/ruby-generator --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
-      - uses: actions/upload-artifact@v2
-        if: ${{ matrix.os == 'ubuntu-latest' }}
-        with:
-          name: ruby.dbscheme
-          path: ruby/ql/lib/ruby.dbscheme
-      - uses: actions/upload-artifact@v2
-        if: ${{ matrix.os == 'ubuntu-latest' }}
-        with:
-          name: TreeSitter.qll
-          path: ruby/ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
-      - uses: actions/upload-artifact@v2
-        with:
-          name: extractor-${{ matrix.os }}
-          path: |
-            ruby/target/release/ruby-autobuilder
-            ruby/target/release/ruby-autobuilder.exe
-            ruby/target/release/ruby-extractor
-            ruby/target/release/ruby-extractor.exe
-          retention-days: 1
-  compile-queries:
-    runs-on: ubuntu-latest
-    env:
-      CODEQL_THREADS: 4 # TODO: remove this once it's set by the CLI
-    steps:
-      - uses: actions/checkout@v2
-      - name: Fetch CodeQL
-        run: |
-          LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
-          gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
-          unzip -q codeql-linux64.zip
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-      - name: Build Query Pack
-        run: |
-          codeql/codeql pack create ql/lib --output target/packs
-          codeql/codeql pack install ql/src
-          codeql/codeql pack create ql/src --output target/packs
-          PACK_FOLDER=$(readlink -f target/packs/codeql/ruby-queries/*)
-          codeql/codeql generate query-help --format=sarifv2.1.0 --output="${PACK_FOLDER}/rules.sarif" ql/src
-          (cd ql/src; find queries \( -name '*.qhelp' -o -name '*.rb' -o -name '*.erb' \) -exec bash -c 'mkdir -p "'"${PACK_FOLDER}"'/$(dirname "{}")"' \; -exec cp "{}" "${PACK_FOLDER}/{}" \;)
-      - uses: actions/upload-artifact@v2
-        with:
-          name: codeql-ruby-queries
-          path: |
-            ruby/target/packs/*
-          retention-days: 1
-
-  package:
-    runs-on: ubuntu-latest
-    needs: [build, compile-queries]
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
-        with:
-          name: ruby.dbscheme
-          path: ruby/ruby
-      - uses: actions/download-artifact@v2
-        with:
-          name: extractor-ubuntu-latest
-          path: ruby/linux64
-      - uses: actions/download-artifact@v2
-        with:
-          name: extractor-windows-latest
-          path: ruby/win64
-      - uses: actions/download-artifact@v2
-        with:
-          name: extractor-macos-latest
-          path: ruby/osx64
-      - run: |
-          mkdir -p ruby
-          cp -r codeql-extractor.yml tools ql/lib/ruby.dbscheme.stats ruby/
-          mkdir -p ruby/tools/{linux64,osx64,win64}
-          cp linux64/ruby-autobuilder ruby/tools/linux64/autobuilder
-          cp osx64/ruby-autobuilder ruby/tools/osx64/autobuilder
-          cp win64/ruby-autobuilder.exe ruby/tools/win64/autobuilder.exe
-          cp linux64/ruby-extractor ruby/tools/linux64/extractor
-          cp osx64/ruby-extractor ruby/tools/osx64/extractor
-          cp win64/ruby-extractor.exe ruby/tools/win64/extractor.exe
-          chmod +x ruby/tools/{linux64,osx64}/{autobuilder,extractor}
-          zip -rq codeql-ruby.zip ruby
-      - uses: actions/upload-artifact@v2
-        with:
-          name: codeql-ruby-pack
-          path: ruby/codeql-ruby.zip
-          retention-days: 1
-      - uses: actions/download-artifact@v2
-        with:
-          name: codeql-ruby-queries
-          path: ruby/qlpacks
-      - run: |
-          echo '{
-            "provide": [
-            "ruby/codeql-extractor.yml",
-            "qlpacks/*/*/*/qlpack.yml"
-            ]
-          }' > .codeqlmanifest.json
-          zip -rq codeql-ruby-bundle.zip .codeqlmanifest.json ruby qlpacks
-      - uses: actions/upload-artifact@v2
-        with:
-          name: codeql-ruby-bundle
-          path: ruby/codeql-ruby-bundle.zip
-          retention-days: 1
-
-  test:
-    defaults:
-      run:
-        working-directory: ${{ github.workspace }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
-
-    runs-on: ${{ matrix.os }}
-    needs: [package]
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          repository: Shopify/example-ruby-app
-          ref: 67a0decc5eb550f3a9228eda53925c3afd40dfe9
-      - name: Fetch CodeQL
-        shell: bash
-        run: |
-          LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
-          gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql.zip "$LATEST"
-          unzip -q codeql.zip
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-        working-directory: ${{ runner.temp }}
-      - name: Download Ruby bundle
-        uses: actions/download-artifact@v2
-        with:
-          name: codeql-ruby-bundle
-          path: ${{ runner.temp }}
-      - name: Unzip Ruby bundle
-        shell: bash
-        run: unzip -q -d "${{ runner.temp }}/ruby-bundle" "${{ runner.temp }}/codeql-ruby-bundle.zip"
-      - name: Prepare test files
-        shell: bash
-        run: |
-          echo "import ruby select count(File f)" > "test.ql"
-          echo "| 4 |" > "test.expected"
-          echo 'name: sample-tests
-          version: 0.0.0
-          dependencies:
-            codeql/ruby-all: 0.0.1
-          extractor: ruby
-          tests: .
-          ' > qlpack.yml
-      - name: Run QL test
-        shell: bash
-        run: |
-          "${{ runner.temp }}/codeql/codeql" test run --search-path "${{ runner.temp }}/ruby-bundle" --additional-packs "${{ runner.temp }}/ruby-bundle" .
-      - name: Create database
-        shell: bash
-        run: |
-          "${{ runner.temp }}/codeql/codeql" database create --search-path "${{ runner.temp }}/ruby-bundle" --language ruby --source-root . ../database
-      - name: Analyze database
-        shell: bash
-        run: |
-          "${{ runner.temp }}/codeql/codeql" database analyze --search-path "${{ runner.temp }}/ruby-bundle" --format=sarifv2.1.0 --output=out.sarif ../database ruby-code-scanning.qls

.github/workflows/ruby-dataset-measure.yml

@@ -1,73 +0,0 @@
-name: "Ruby: Collect database stats"
-
-on:
-  push:
-    branches:
-      - main
-      - "rc/*"
-    paths:
-      - ruby/ql/lib/ruby.dbscheme
-      - .github/workflows/ruby-dataset-measure.yml
-  pull_request:
-    branches:
-      - main
-      - "rc/*"
-    paths:
-      - ruby/ql/lib/ruby.dbscheme
-      - .github/workflows/ruby-dataset-measure.yml
-  workflow_dispatch:
-
-jobs:
-  measure:
-    env:
-      CODEQL_THREADS: 4 # TODO: remove this once it's set by the CLI
-    strategy:
-      fail-fast: false
-      matrix:
-        repo: [rails/rails, discourse/discourse, spree/spree, ruby/ruby]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - uses: ./.github/actions/fetch-codeql
-
-      - uses: ./ruby/actions/create-extractor-pack
-
-      - name: Checkout ${{ matrix.repo }}
-        uses: actions/checkout@v2
-        with:
-          repository: ${{ matrix.repo }}
-          path: ${{ github.workspace }}/repo
-      - name: Create database
-        run: |
-          codeql database create \
-            --search-path "${{ github.workspace }}/ruby/extractor-pack" \
-            --threads 4 \
-            --language ruby --source-root "${{ github.workspace }}/repo" \
-            "${{ runner.temp }}/database"
-      - name: Measure database
-        run: |
-          mkdir -p "stats/${{ matrix.repo }}"
-          codeql dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ruby"
-      - uses: actions/upload-artifact@v2
-        with:
-          name: measurements
-          path: stats
-          retention-days: 1
-
-  merge:
-    runs-on: ubuntu-latest
-    needs: measure
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
-        with:
-          name: measurements
-          path: stats
-      - run: |
-          python -m pip install --user lxml
-          find stats -name 'stats.xml' | sort | xargs python ruby/scripts/merge_stats.py --output ruby/ql/lib/ruby.dbscheme.stats --normalise ruby_tokeninfo
-      - uses: actions/upload-artifact@v2
-        with:
-          name: ruby.dbscheme.stats
-          path: ruby/ql/lib/ruby.dbscheme.stats

.github/workflows/ruby-qltest.yml

@@ -1,50 +0,0 @@
-name: "Ruby: Run QL Tests"
-
-on:
-  push:
-    paths:
-      - "ruby/**"
-      - .github/workflows/ruby-qltest.yml
-    branches:
-      - main
-      - "rc/*"
-  pull_request:
-    paths:
-      - "ruby/**"
-      - .github/workflows/ruby-qltest.yml
-    branches:
-      - main
-      - "rc/*"
-
-env:
-  CARGO_TERM_COLOR: always
-
-defaults:
-  run:
-    working-directory: ruby
-
-jobs:
-  qltest:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: ./.github/actions/fetch-codeql
-      - uses: ./ruby/actions/create-extractor-pack
-      - name: Run QL tests
-        run: |
-          codeql test run --search-path "${{ github.workspace }}/ruby/extractor-pack" --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --consistency-queries ql/consistency-queries ql/test
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-      - name: Check QL formatting
-        run: find ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 codeql query format --check-only
-      - name: Check QL compilation
-        run: |
-          codeql query compile --check-only --threads=4 --warnings=error "ql/src" "ql/examples"
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-      - name: Check DB upgrade scripts
-        run: |
-          echo >empty.trap
-          codeql dataset import -S ql/lib/upgrades/initial/ruby.dbscheme testdb empty.trap
-          codeql dataset upgrade testdb --additional-packs ql/lib
-          diff -q testdb/ruby.dbscheme ql/lib/ruby.dbscheme

.github/workflows/sync-files.yml

@@ -1,20 +0,0 @@
-name: Check synchronized files
-
-on:
-  push:
-    branches:
-      - main
-      - 'rc/*'
-  pull_request:
-    branches:
-      - main
-      - 'rc/*'
-
-jobs:
-  sync:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Check synchronized files
-        run: python config/sync-files.py
-

.gitignore

@@ -5,6 +5,7 @@
 
 # query compilation caches
 .cache
+data
 
 # qltest projects and artifacts
 */ql/test/**/*.testproj
@@ -23,10 +24,8 @@
 # It's useful (though not required) to be able to unpack codeql in the ql checkout itself
 /codeql/
 
+# Exclude output directories for compiled packs.
+.codeql/
+
 csharp/extractor/Semmle.Extraction.CSharp.Driver/Properties/launchSettings.json
 
-# Avoid committing cached package components
-.codeql
-
-# Compiled class file
-*.class

CODEOWNERS

@@ -3,7 +3,6 @@
 /java/ @github/codeql-java
 /javascript/ @github/codeql-javascript
 /python/ @github/codeql-python
-/ruby/ @github/codeql-ruby
 
 # Make @xcorail (GitHub Security Lab) a code owner for experimental queries so he gets pinged when we promote a query out of experimental
 /cpp/**/experimental/**/* @github/codeql-c-analysis @xcorail
@@ -11,7 +10,6 @@
 /java/**/experimental/**/* @github/codeql-java @xcorail
 /javascript/**/experimental/**/* @github/codeql-javascript @xcorail
 /python/**/experimental/**/* @github/codeql-python @xcorail
-/ruby/**/experimental/**/* @github/codeql-ruby @xcorail
 
 # Notify members of codeql-go about PRs to the shared data-flow library files
 /java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll @github/codeql-java @github/codeql-go
@@ -19,12 +17,3 @@
 /java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll @github/codeql-java @github/codeql-go
 /java/ql/src/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go
 /java/ql/src/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go
-
-# CodeQL tools and associated docs
-/docs/codeql-cli/ @github/codeql-cli-reviewers
-/docs/codeql-for-visual-studio-code/ @github/codeql-vscode-reviewers
-/docs/ql-language-reference/ @github/codeql-frontend-reviewers
-/docs/query-*-style-guide.md @github/codeql-analysis-reviewers
-
-# QL for QL reviewers
-/ql/ @erik-krogh @tausbn

CONTRIBUTING.md

@@ -11,14 +11,13 @@ If you have an idea for a query that you would like to share with other CodeQL u
 
 1. **Directory structure**
 
-    There are six language-specific query directories in this repository:
+    There are five language-specific query directories in this repository:
 
       * C/C++: `cpp/ql/src`
       * C#: `csharp/ql/src`
       * Java: `java/ql/src`
       * JavaScript: `javascript/ql/src`
       * Python: `python/ql/src`
-      * Ruby: `ruby/ql/src`
 
     Each language-specific directory contains further subdirectories that group queries based on their `@tags` or purpose.
     - Experimental queries and libraries are stored in the `experimental` subdirectory within each language-specific directory in the [CodeQL repository](https://github.com/github/codeql). For example, experimental Java queries and libraries are stored in `java/ql/src/experimental` and any corresponding tests in `java/ql/test/experimental`.

README.md

@@ -4,8 +4,8 @@ This open source repository contains the standard CodeQL libraries and queries t
 
 ## How do I learn CodeQL and run queries?
 
-There is [extensive documentation](https://codeql.github.com/docs/) on getting started with writing CodeQL.
-You can use the [interactive query console](https://lgtm.com/help/lgtm/using-query-console) on LGTM.com or the [CodeQL for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/) extension to try out your queries on any open source project that's currently being analyzed.
+There is [extensive documentation](https://help.semmle.com/QL/learn-ql/) on getting started with writing CodeQL.
+You can use the [interactive query console](https://lgtm.com/help/lgtm/using-query-console) on LGTM.com or the [CodeQL for Visual Studio Code](https://help.semmle.com/codeql/codeql-for-vscode.html) extension to try out your queries on any open source project that's currently being analyzed.
 
 ## Contributing
 

config/identical-files.json

@@ -6,7 +6,6 @@
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll",
-    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll",
@@ -24,17 +23,14 @@
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll"
+    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll"
   ],
   "DataFlow Java/C++/C#/Python Common": [
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll"
+    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll"
   ],
   "TaintTracking::Configuration Java/C++/C#/Python": [
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
@@ -52,21 +48,18 @@
     "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll"
+    "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll"
   ],
   "DataFlow Java/C++/C#/Python Consistency checks": [
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplConsistency.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplConsistency.qll"
+    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll"
   ],
   "DataFlow Java/C# Flow Summaries": [
     "java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll"
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll"
   ],
   "SsaReadPosition Java/C#": [
     "java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll",
@@ -373,10 +366,8 @@
   ],
   "Inline Test Expectations": [
     "cpp/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "csharp/ql/test/TestUtilities/InlineExpectationsTest.qll",
     "java/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "python/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "ruby/ql/test/TestUtilities/InlineExpectationsTest.qll"
+    "python/ql/test/TestUtilities/InlineExpectationsTest.qll"
   ],
   "C++ ExternalAPIs": [
     "cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll",
@@ -438,38 +429,29 @@
     "python/ql/src/Lexical/CommentedOutCodeReferences.inc.qhelp"
   ],
   "IDE Contextual Queries": [
-    "cpp/ql/src/IDEContextual.qll",
-    "csharp/ql/src/IDEContextual.qll",
-    "java/ql/src/IDEContextual.qll",
-    "javascript/ql/src/IDEContextual.qll",
+    "cpp/ql/lib/IDEContextual.qll",
+    "csharp/ql/lib/IDEContextual.qll",
+    "java/ql/lib/IDEContextual.qll",
+    "javascript/ql/lib/IDEContextual.qll",
     "python/ql/src/analysis/IDEContextual.qll"
   ],
   "SSA C#": [
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImplCommon.qll",
     "csharp/ql/lib/semmle/code/csharp/controlflow/internal/pressa/SsaImplCommon.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/basessa/SsaImplCommon.qll",
-    "csharp/ql/lib/semmle/code/cil/internal/SsaImplCommon.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImplCommon.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll"
+    "csharp/ql/lib/semmle/code/cil/internal/SsaImplCommon.qll"
   ],
-  "CryptoAlgorithms Python/JS/Ruby": [
+  "CryptoAlgorithms Python/JS": [
     "javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll",
-    "python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll",
-    "ruby/ql/lib/codeql/ruby/security/CryptoAlgorithms.qll"
-  ],
-  "CryptoAlgorithmNames Python/JS/Ruby": [
-    "javascript/ql/lib/semmle/javascript/security/internal/CryptoAlgorithmNames.qll",
-    "python/ql/lib/semmle/python/concepts/internal/CryptoAlgorithmNames.qll",
-    "ruby/ql/lib/codeql/ruby/security/internal/CryptoAlgorithmNames.qll"
+    "python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll"
   ],
   "SensitiveDataHeuristics Python/JS": [
     "javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
     "python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll"
   ],
-  "ReDoS Util Python/JS/Ruby": [
+  "ReDoS Util Python/JS": [
     "javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll",
-    "python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll",
-    "ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll"
+    "python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll"
   ],
   "ReDoS Exponential Python/JS": [
     "javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll",
@@ -477,28 +459,6 @@
   ],
   "ReDoS Polynomial Python/JS": [
     "javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll",
-    "python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll",
-    "ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll"
-  ],
-  "BadTagFilterQuery Python/JS/Ruby": [
-    "javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll",
-    "python/ql/lib/semmle/python/security/BadTagFilterQuery.qll",
-    "ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll"
-  ],
-  "CFG": [
-    "csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll",
-    "ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll"
-  ],
-  "TypeTracker": [
-    "python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll",
-    "ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll"
-  ],
-  "CodeQL Tutorial": [
-    "cpp/ql/lib/tutorial.qll",
-    "csharp/ql/lib/tutorial.qll",
-    "java/ql/lib/tutorial.qll",
-    "javascript/ql/lib/tutorial.qll",
-    "python/ql/lib/tutorial.qll",
-    "ruby/ql/lib/tutorial.qll"
+    "python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll"
   ]
 }

cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj

@@ -17,7 +17,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Build" Version="16.11.0" />
+    <PackageReference Include="Microsoft.Build" Version="16.9.0" />
   </ItemGroup>
 
   <ItemGroup>

cpp/old-change-notes/2021-06-10-cleartext-transmission.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* A new query (`cpp/cleartext-transmission`) has been added. This is similar to the `cpp/cleartext-storage-file`, `cpp/cleartext-storage-buffer` and `cpp/cleartext-storage-database` queries but looks for cases where sensitive information is most likely transmitted over a network.

cpp/old-change-notes/2021-06-22-sql-tainted.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The 'Uncontrolled data in SQL query' (cpp/sql-injection) query now supports the `libpqxx` library.

cpp/old-change-notes/2021-07-13-cleartext-storage-file.md

@@ -1,3 +0,0 @@
-lgtm,codescanning
-* The "Cleartext storage of sensitive information in file" (cpp/cleartext-storage-file) query now uses dataflow to produce additional results.
-* Heuristics in the SensitiveExprs.qll library have been improved, making the "Cleartext storage of sensitive information in file" (cpp/cleartext-storage-file), "Cleartext storage of sensitive information in buffer" (cpp/cleartext-storage-buffer) and "Cleartext storage of sensitive information in an SQLite" (cpp/cleartext-storage-database) queries more accurate.

cpp/old-change-notes/2021-07-20-toctou-race-condition.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Improvements have been made to the `cpp/toctou-race-condition` query, both to find more correct results and fewer false positive results.

cpp/old-change-notes/2021-07-27-uncontrolled-arithmetic.md

@@ -1,2 +0,0 @@
-lgtm
-* Improvements made to the (`cpp/uncontrolled-arithmetic`) query, reducing the frequency of false positive results.

cpp/old-change-notes/2021-07-29-virtual-function-declaration-specifiers.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Virtual function specifiers are now accessible via the new predicates on `Function` (`.isDeclaredVirtual`, `.isOverride`, and `.isFinal`).

cpp/old-change-notes/2021-08-10-has-trailing-return-type.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Added `Function.hasTrailingReturnType` predicate to check whether a function was declared with a trailing return type.

cpp/old-change-notes/2021-08-17-has-c-linkage.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Added `RoutineType.hasCLinkage` predicate to check whether a function type has "C" language linkage.

cpp/old-change-notes/2021-08-23-ctime-weaken-claims.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Lowered the precision of `cpp/potentially-dangerous-function` so it is run but not displayed on LGTM by default and so it's only run and displayed on Code Scanning if a broader suite like `cpp-security-extended` is opted into.

cpp/old-change-notes/2021-08-23-getPrimaryQlClasses.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Added `Element.getPrimaryQlClasses()` predicate, which gets a comma-separated list of the names of the primary CodeQL classes to which this element belongs.

cpp/old-change-notes/2021-08-24-implicit-downcast-from-bitfield.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The query `cpp/implicit-bitfield-downcast` now accounts for C++ reference types, which leads to more true positive results.

cpp/old-change-notes/2021-08-31-range-analysis-upper-bound.md

@@ -1,4 +0,0 @@
-lgtm,codescanning
-* The `SimpleRangeAnalysis` library includes information from the
-  immediate guard for determining the upper bound of a stack
-  variable for improved accuracy.

cpp/old-change-notes/2021-09-13-overflow-static.md

@@ -1,4 +0,0 @@
-lgtm,codescanning
-* The `memberMayBeVarSize` predicate considers more fields to be variable size.
-  As a result, the "Static buffer overflow" query (cpp/static-buffer-overflow)
-  produces fewer false positives.

cpp/old-change-notes/2021-09-27-command-line-injection.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The "Uncontrolled data used in OS command" (`cpp/command-line-injection`) query has been enhanced to reduce false positive results and its `@precision` increased to `high`

cpp/old-change-notes/2021-09-27-overflow-static.md

@@ -1,3 +0,0 @@
-lgtm,codescanning
-* Increase precision to high for the "Static buffer overflow" query
-  (`cpp/static-buffer-overflow`). This means the query is run and displayed by default on Code Scanning and LGTM.

cpp/old-change-notes/2021-10-01-improper-null-termination.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Several improvements made to the `NullTermination.qll` library and the 'Potential improper null termination' (cpp/improper-null-termination). These changes reduce the number of false positive results for this query and related query 'User-controlled data may not be null terminated' (cpp/user-controlled-null-termination-tainted).

cpp/old-change-notes/2021-10-07-cleartext-transmission.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been improved, reducing the number of false positive results when encryption is present.

cpp/old-change-notes/2021-10-07-extraction-errors.md

@@ -1,3 +0,0 @@
-codescanning
-* Problems with extraction that in most cases won't break the analysis in a significant way are now reported as warnings rather than errors.
-* The failed extractor invocations query now has severity `error`.

cpp/ql/examples/qlpack.lock.yml

@@ -1,4 +0,0 @@
----
-dependencies: {}
-compiled: false
-lockVersion: 1.0.0

cpp/ql/examples/qlpack.yml

@@ -1,4 +1,4 @@
 name: codeql/cpp-examples
-version: 0.0.2
+version: 0.0.0
 dependencies:
-  codeql/cpp-all: "*"
+  codeql/cpp-all: ^0.0.1

cpp/ql/lib/CHANGELOG.md

@@ -1,11 +0,0 @@
-## 0.0.6
-
-## 0.0.5
-
-## 0.0.4
-
-### New Features
-
-* The QL library `semmle.code.cpp.commons.Exclusions` now contains a predicate
-  `isFromSystemMacroDefinition` for identifying code that originates from a
-  macro outside the project being analyzed.

cpp/ql/lib/DefaultOptions.qll

@@ -73,7 +73,7 @@ class Options extends string {
    *   __assume(0);
    * ```
    * (note that in this case if the hint is wrong and the expression is reached at
-   * runtime, the program's behavior is undefined)
+   * runtime, the program's behaviour is undefined)
    */
   predicate exprExits(Expr e) {
     e.(AssumeExpr).getChild(0).(CompileTimeConstantInt).getIntValue() = 0 or

cpp/ql/lib/Documentation/CommentedOutCode.qll

@@ -198,7 +198,7 @@ class CommentBlock extends Comment {
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
-   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+   * [Locations](https://help.semmle.com/QL/learn-ql/ql/locations.html).
    */
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn

cpp/ql/lib/Options.qll

@@ -50,7 +50,7 @@ class CustomOptions extends Options {
    *   __assume(0);
    * ```
    * (note that in this case if the hint is wrong and the expression is reached at
-   * runtime, the program's behavior is undefined)
+   * runtime, the program's behaviour is undefined)
    */
   override predicate exprExits(Expr e) { Options.super.exprExits(e) }
 

cpp/ql/lib/change-notes/released/0.0.4.md

@@ -1,7 +0,0 @@
-## 0.0.4
-
-### New Features
-
-* The QL library `semmle.code.cpp.commons.Exclusions` now contains a predicate
-  `isFromSystemMacroDefinition` for identifying code that originates from a
-  macro outside the project being analyzed.

cpp/ql/lib/change-notes/released/0.0.5.md

@@ -1 +0,0 @@
-## 0.0.5

cpp/ql/lib/change-notes/released/0.0.6.md

@@ -1 +0,0 @@
-## 0.0.6

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +0,0 @@
----
-lastReleaseVersion: 0.0.6

cpp/ql/lib/definitions.qll

@@ -24,7 +24,7 @@ class Top extends Element {
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
-   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+   * [Locations](https://help.semmle.com/QL/learn-ql/ql/locations.html).
    */
   pragma[noopt]
   final predicate hasLocationInfo(

cpp/ql/lib/experimental/semmle/code/cpp/models/interfaces/SimpleRangeAnalysisDefinition.qll

@@ -37,7 +37,7 @@ abstract class SimpleRangeAnalysisDefinition extends RangeSsaDefinition {
    * dependencies. Without this information, range analysis might work for
    * simple cases but will go into infinite loops on complex code.
    *
-   * For example, when modeling the definition by reference in a call to an
+   * For example, when modelling the definition by reference in a call to an
    * overloaded `operator=`, written as `v = e`, the definition of `(this, v)`
    * depends on `e`.
    */

cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/InBoundsPointerDeref.qll

@@ -5,7 +5,7 @@
  * `Instruction` level), and then using the array length analysis and the range
  * analysis together to prove that some of these pointer dereferences are safe.
  *
- * The analysis is soundy, i.e. it is sound if no undefined behavior is present
+ * The analysis is soundy, i.e. it is sound if no undefined behaviour is present
  * in the program.
  * Furthermore, it crucially depends on the soundiness of the range analysis and
  * the array length analysis.

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll

@@ -52,8 +52,11 @@ module PrivateCleartextWrite {
 
   class WriteSink extends Sink {
     WriteSink() {
-      this.asExpr() = any(FileWrite f).getASource() or
-      this.asExpr() = any(BufferWrite b).getAChild()
+      exists(FileWrite f, BufferWrite b |
+        this.asExpr() = f.getASource()
+        or
+        this.asExpr() = b.getAChild()
+      )
     }
   }
 }

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateData.qll

@@ -13,25 +13,26 @@ import cpp
 
 /** A string for `match` that identifies strings that look like they represent private data. */
 private string privateNames() {
-  result =
-    [
-      // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
-      // Government identifiers, such as Social Security Numbers
-      "%social%security%number%",
-      // Contact information, such as home addresses and telephone numbers
-      "%postcode%", "%zipcode%",
-      // result = "%telephone%" or
-      // Geographic location - where the user is (or was)
-      "%latitude%", "%longitude%",
-      // Financial data - such as credit card numbers, salary, bank accounts, and debts
-      "%creditcard%", "%salary%", "%bankaccount%",
-      // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
-      // result = "%email%" or
-      // result = "%mobile%" or
-      "%employer%",
-      // Health - medical conditions, insurance status, prescription records
-      "%medical%"
-    ]
+  // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
+  // Government identifiers, such as Social Security Numbers
+  result = "%social%security%number%" or
+  // Contact information, such as home addresses and telephone numbers
+  result = "%postcode%" or
+  result = "%zipcode%" or
+  // result = "%telephone%" or
+  // Geographic location - where the user is (or was)
+  result = "%latitude%" or
+  result = "%longitude%" or
+  // Financial data - such as credit card numbers, salary, bank accounts, and debts
+  result = "%creditcard%" or
+  result = "%salary%" or
+  result = "%bankaccount%" or
+  // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
+  // result = "%email%" or
+  // result = "%mobile%" or
+  result = "%employer%" or
+  // Health - medical conditions, insurance status, prescription records
+  result = "%medical%"
 }
 
 /** An expression that might contain private data. */

cpp/ql/lib/external/ExternalArtifact.qll

@@ -15,7 +15,7 @@ class ExternalData extends @externalDataElement {
    * Gets the path of the file this data was loaded from, with its
    * extension replaced by `.ql`.
    */
-  string getQueryPath() { result = this.getDataPath().regexpReplaceAll("\\.[^.]*$", ".ql") }
+  string getQueryPath() { result = getDataPath().regexpReplaceAll("\\.[^.]*$", ".ql") }
 
   /** Gets the number of fields in this data item. */
   int getNumFields() { result = 1 + max(int i | externalData(this, _, i, _) | i) }
@@ -24,22 +24,22 @@ class ExternalData extends @externalDataElement {
   string getField(int i) { externalData(this, _, i, result) }
 
   /** Gets the integer value of the `i`th field of this data item. */
-  int getFieldAsInt(int i) { result = this.getField(i).toInt() }
+  int getFieldAsInt(int i) { result = getField(i).toInt() }
 
   /** Gets the floating-point value of the `i`th field of this data item. */
-  float getFieldAsFloat(int i) { result = this.getField(i).toFloat() }
+  float getFieldAsFloat(int i) { result = getField(i).toFloat() }
 
   /** Gets the value of the `i`th field of this data item, interpreted as a date. */
-  date getFieldAsDate(int i) { result = this.getField(i).toDate() }
+  date getFieldAsDate(int i) { result = getField(i).toDate() }
 
   /** Gets a textual representation of this data item. */
-  string toString() { result = this.getQueryPath() + ": " + this.buildTupleString(0) }
+  string toString() { result = getQueryPath() + ": " + buildTupleString(0) }
 
   /** Gets a textual representation of this data item, starting with the `n`th field. */
   private string buildTupleString(int n) {
-    n = this.getNumFields() - 1 and result = this.getField(n)
+    n = getNumFields() - 1 and result = getField(n)
     or
-    n < this.getNumFields() - 1 and result = this.getField(n) + "," + this.buildTupleString(n + 1)
+    n < getNumFields() - 1 and result = getField(n) + "," + buildTupleString(n + 1)
   }
 }
 
@@ -53,8 +53,8 @@ class DefectExternalData extends ExternalData {
   }
 
   /** Gets the URL associated with this data item. */
-  string getURL() { result = this.getField(0) }
+  string getURL() { result = getField(0) }
 
   /** Gets the message associated with this data item. */
-  string getMessage() { result = this.getField(1) }
+  string getMessage() { result = getField(1) }
 }

cpp/ql/lib/qlpack.yml

@@ -1,8 +1,5 @@
 name: codeql/cpp-all
-version: 0.0.6
-groups: cpp
+version: 0.0.2
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
 library: true
-dependencies:
-  codeql/cpp-upgrades: ^0.0.3

cpp/ql/lib/semmle/code/cpp/Class.qll

@@ -237,7 +237,7 @@ class Class extends UserType {
     exists(ClassDerivation cd | cd.getBaseClass() = base |
       result =
         this.accessOfBaseMemberMulti(cd.getDerivedClass(),
-          fieldInBase.accessInDirectDerived(cd.getASpecifier()))
+          fieldInBase.accessInDirectDerived(cd.getASpecifier().(AccessSpecifier)))
     )
   }
 
@@ -261,20 +261,21 @@ class Class extends UserType {
    * includes the case of `base` = `this`.
    */
   AccessSpecifier accessOfBaseMember(Declaration member) {
-    result = this.accessOfBaseMember(member.getDeclaringType(), member.getASpecifier())
+    result =
+      this.accessOfBaseMember(member.getDeclaringType(), member.getASpecifier().(AccessSpecifier))
   }
 
   /**
    * DEPRECATED: name changed to `hasImplicitCopyConstructor` to reflect that
    * `= default` members are no longer included.
    */
-  deprecated predicate hasGeneratedCopyConstructor() { this.hasImplicitCopyConstructor() }
+  deprecated predicate hasGeneratedCopyConstructor() { hasImplicitCopyConstructor() }
 
   /**
    * DEPRECATED: name changed to `hasImplicitCopyAssignmentOperator` to
    * reflect that `= default` members are no longer included.
    */
-  deprecated predicate hasGeneratedCopyAssignmentOperator() { this.hasImplicitCopyConstructor() }
+  deprecated predicate hasGeneratedCopyAssignmentOperator() { hasImplicitCopyConstructor() }
 
   /**
    * Holds if this class, struct or union has an implicitly-declared copy
@@ -318,7 +319,7 @@ class Class extends UserType {
     exists(Type t | t = this.getAFieldSubobjectType().getUnspecifiedType() |
       // Note: Overload resolution is not implemented -- all copy
       // constructors are considered equal.
-      this.cannotAccessCopyConstructorOnAny(t)
+      this.cannotAccessCopyConstructorOnAny(t.(Class))
     )
     or
     // - T has direct or virtual base class that cannot be copied (has deleted,
@@ -391,7 +392,7 @@ class Class extends UserType {
     exists(Type t | t = this.getAFieldSubobjectType().getUnspecifiedType() |
       // Note: Overload resolution is not implemented -- all copy assignment
       // operators are considered equal.
-      this.cannotAccessCopyAssignmentOperatorOnAny(t)
+      this.cannotAccessCopyAssignmentOperatorOnAny(t.(Class))
     )
     or
     exists(Class c | c = this.getADirectOrVirtualBase() |
@@ -486,7 +487,7 @@ class Class extends UserType {
     exists(ClassDerivation cd |
       // Add the offset of the direct base class and the offset of `baseClass`
       // within that direct base class.
-      cd = this.getADerivation() and
+      cd = getADerivation() and
       result = cd.getBaseClass().getANonVirtualBaseClassByteOffset(baseClass) + cd.getByteOffset()
     )
   }
@@ -501,12 +502,12 @@ class Class extends UserType {
    */
   int getABaseClassByteOffset(Class baseClass) {
     // Handle the non-virtual case.
-    result = this.getANonVirtualBaseClassByteOffset(baseClass)
+    result = getANonVirtualBaseClassByteOffset(baseClass)
     or
     exists(Class virtualBaseClass, int virtualBaseOffset, int offsetFromVirtualBase |
       // Look for the base class as a non-virtual base of a direct or indirect
       // virtual base, adding the two offsets.
-      this.getVirtualBaseClassByteOffset(virtualBaseClass) = virtualBaseOffset and
+      getVirtualBaseClassByteOffset(virtualBaseClass) = virtualBaseOffset and
       offsetFromVirtualBase = virtualBaseClass.getANonVirtualBaseClassByteOffset(baseClass) and
       result = virtualBaseOffset + offsetFromVirtualBase
     )
@@ -622,11 +623,11 @@ class Class extends UserType {
    * inherits one).
    */
   predicate isPolymorphic() {
-    exists(MemberFunction f | f.getDeclaringType() = this.getABaseClass*() and f.isVirtual())
+    exists(MemberFunction f | f.getDeclaringType() = getABaseClass*() and f.isVirtual())
   }
 
   override predicate involvesTemplateParameter() {
-    this.getATemplateArgument().(Type).involvesTemplateParameter()
+    getATemplateArgument().(Type).involvesTemplateParameter()
   }
 
   /** Holds if this class, struct or union was declared 'final'. */
@@ -764,7 +765,7 @@ class ClassDerivation extends Locatable, @derivation {
    * };
    * ```
    */
-  Class getBaseClass() { result = this.getBaseType().getUnderlyingType() }
+  Class getBaseClass() { result = getBaseType().getUnderlyingType() }
 
   override string getAPrimaryQlClass() { result = "ClassDerivation" }
 
@@ -817,7 +818,7 @@ class ClassDerivation extends Locatable, @derivation {
   predicate hasSpecifier(string s) { this.getASpecifier().hasName(s) }
 
   /** Holds if the derivation is for a virtual base class. */
-  predicate isVirtual() { this.hasSpecifier("virtual") }
+  predicate isVirtual() { hasSpecifier("virtual") }
 
   /** Gets the location of the derivation. */
   override Location getLocation() { derivations(underlyingElement(this), _, _, _, result) }
@@ -845,7 +846,7 @@ class ClassDerivation extends Locatable, @derivation {
  * ```
  */
 class LocalClass extends Class {
-  LocalClass() { this.isLocal() }
+  LocalClass() { isLocal() }
 
   override string getAPrimaryQlClass() { not this instanceof LocalStruct and result = "LocalClass" }
 
@@ -988,9 +989,9 @@ class ClassTemplateSpecialization extends Class {
   TemplateClass getPrimaryTemplate() {
     // Ignoring template arguments, the primary template has the same name
     // as each of its specializations.
-    result.getSimpleName() = this.getSimpleName() and
+    result.getSimpleName() = getSimpleName() and
     // It is in the same namespace as its specializations.
-    result.getNamespace() = this.getNamespace() and
+    result.getNamespace() = getNamespace() and
     // It is distinguished by the fact that each of its template arguments
     // is a distinct template parameter.
     count(TemplateParameter tp | tp = result.getATemplateArgument()) =
@@ -1107,7 +1108,7 @@ deprecated class Interface extends Class {
  * ```
  */
 class VirtualClassDerivation extends ClassDerivation {
-  VirtualClassDerivation() { this.hasSpecifier("virtual") }
+  VirtualClassDerivation() { hasSpecifier("virtual") }
 
   override string getAPrimaryQlClass() { result = "VirtualClassDerivation" }
 }
@@ -1135,7 +1136,7 @@ class VirtualBaseClass extends Class {
   VirtualClassDerivation getAVirtualDerivation() { result.getBaseClass() = this }
 
   /** A class/struct that is derived from this one using virtual inheritance. */
-  Class getAVirtuallyDerivedClass() { result = this.getAVirtualDerivation().getDerivedClass() }
+  Class getAVirtuallyDerivedClass() { result = getAVirtualDerivation().getDerivedClass() }
 }
 
 /**
@@ -1154,7 +1155,7 @@ class ProxyClass extends UserType {
   override string getAPrimaryQlClass() { result = "ProxyClass" }
 
   /** Gets the location of the proxy class. */
-  override Location getLocation() { result = this.getTemplateParameter().getDefinitionLocation() }
+  override Location getLocation() { result = getTemplateParameter().getDefinitionLocation() }
 
   /** Gets the template parameter for which this is the proxy class. */
   TemplateParameter getTemplateParameter() {

cpp/ql/lib/semmle/code/cpp/Declaration.qll

@@ -184,7 +184,7 @@ class Declaration extends Locatable, @declaration {
   predicate hasDefinition() { exists(this.getDefinition()) }
 
   /** DEPRECATED: Use `hasDefinition` instead. */
-  predicate isDefined() { this.hasDefinition() }
+  predicate isDefined() { hasDefinition() }
 
   /** Gets the preferred location of this declaration, if any. */
   override Location getLocation() { none() }
@@ -209,7 +209,7 @@ class Declaration extends Locatable, @declaration {
   predicate isStatic() { this.hasSpecifier("static") }
 
   /** Holds if this declaration is a member of a class/struct/union. */
-  predicate isMember() { this.hasDeclaringType() }
+  predicate isMember() { hasDeclaringType() }
 
   /** Holds if this declaration is a member of a class/struct/union. */
   predicate hasDeclaringType() { exists(this.getDeclaringType()) }
@@ -226,14 +226,14 @@ class Declaration extends Locatable, @declaration {
    * When called on a template, this will return a template parameter type for
    * both typed and non-typed parameters.
    */
-  final Locatable getATemplateArgument() { result = this.getTemplateArgument(_) }
+  final Locatable getATemplateArgument() { result = getTemplateArgument(_) }
 
   /**
    * Gets a template argument used to instantiate this declaration from a template.
    * When called on a template, this will return a non-typed template
    * parameter value.
    */
-  final Locatable getATemplateArgumentKind() { result = this.getTemplateArgumentKind(_) }
+  final Locatable getATemplateArgumentKind() { result = getTemplateArgumentKind(_) }
 
   /**
    * Gets the `i`th template argument used to instantiate this declaration from a
@@ -252,9 +252,9 @@ class Declaration extends Locatable, @declaration {
    * `getTemplateArgument(1)` return `1`.
    */
   final Locatable getTemplateArgument(int index) {
-    if exists(this.getTemplateArgumentValue(index))
-    then result = this.getTemplateArgumentValue(index)
-    else result = this.getTemplateArgumentType(index)
+    if exists(getTemplateArgumentValue(index))
+    then result = getTemplateArgumentValue(index)
+    else result = getTemplateArgumentType(index)
   }
 
   /**
@@ -275,13 +275,14 @@ class Declaration extends Locatable, @declaration {
    * `getTemplateArgumentKind(0)`.
    */
   final Locatable getTemplateArgumentKind(int index) {
-    exists(this.getTemplateArgumentValue(index)) and
-    result = this.getTemplateArgumentType(index)
+    if exists(getTemplateArgumentValue(index))
+    then result = getTemplateArgumentType(index)
+    else none()
   }
 
   /** Gets the number of template arguments for this declaration. */
   final int getNumberOfTemplateArguments() {
-    result = count(int i | exists(this.getTemplateArgument(i)))
+    result = count(int i | exists(getTemplateArgument(i)))
   }
 
   private Type getTemplateArgumentType(int index) {
@@ -327,9 +328,9 @@ class DeclarationEntry extends Locatable, TDeclarationEntry {
    * available), or the name declared by this entry otherwise.
    */
   string getCanonicalName() {
-    if this.getDeclaration().hasDefinition()
-    then result = this.getDeclaration().getDefinition().getName()
-    else result = this.getName()
+    if getDeclaration().hasDefinition()
+    then result = getDeclaration().getDefinition().getName()
+    else result = getName()
   }
 
   /**
@@ -370,18 +371,18 @@ class DeclarationEntry extends Locatable, TDeclarationEntry {
   /**
    * Holds if this declaration entry has a specifier with the given name.
    */
-  predicate hasSpecifier(string specifier) { this.getASpecifier() = specifier }
+  predicate hasSpecifier(string specifier) { getASpecifier() = specifier }
 
   /** Holds if this declaration entry is a definition. */
   predicate isDefinition() { none() } // overridden in subclasses
 
   override string toString() {
-    if this.isDefinition()
-    then result = "definition of " + this.getName()
+    if isDefinition()
+    then result = "definition of " + getName()
     else
-      if this.getName() = this.getCanonicalName()
-      then result = "declaration of " + this.getName()
-      else result = "declaration of " + this.getCanonicalName() + " as " + this.getName()
+      if getName() = getCanonicalName()
+      then result = "declaration of " + getName()
+      else result = "declaration of " + getCanonicalName() + " as " + getName()
   }
 }
 
@@ -490,7 +491,8 @@ class AccessHolder extends Declaration, TAccessHolder {
    */
   pragma[inline]
   predicate canAccessMember(Declaration member, Class derived) {
-    this.couldAccessMember(member.getDeclaringType(), member.getASpecifier(), derived)
+    this.couldAccessMember(member.getDeclaringType(), member.getASpecifier().(AccessSpecifier),
+      derived)
   }
 
   /**
@@ -579,7 +581,7 @@ private class DirectAccessHolder extends Element {
     // transitive closure with a restricted base case.
     this.thisCanAccessClassStep(base, derived)
     or
-    exists(Class between | this.thisCanAccessClassTrans(base, between) |
+    exists(Class between | thisCanAccessClassTrans(base, between) |
       isDirectPublicBaseOf(between, derived) or
       this.thisCanAccessClassStep(between, derived)
     )

cpp/ql/lib/semmle/code/cpp/Element.qll

@@ -58,11 +58,6 @@ class ElementBase extends @element {
   /** DEPRECATED: use `getAPrimaryQlClass` instead. */
   deprecated string getCanonicalQLClass() { result = this.getAPrimaryQlClass() }
 
-  /**
-   * Gets a comma-separated list of the names of the primary CodeQL classes to which this element belongs.
-   */
-  final string getPrimaryQlClasses() { result = concat(this.getAPrimaryQlClass(), ",") }
-
   /**
    * Gets the name of a primary CodeQL class to which this element belongs.
    *
@@ -206,9 +201,9 @@ class Element extends ElementBase {
   /** Gets the closest `Element` enclosing this one. */
   cached
   Element getEnclosingElement() {
-    result = this.getEnclosingElementPref()
+    result = getEnclosingElementPref()
     or
-    not exists(this.getEnclosingElementPref()) and
+    not exists(getEnclosingElementPref()) and
     (
       this = result.(Class).getAMember()
       or
@@ -281,7 +276,7 @@ private predicate isFromUninstantiatedTemplateRec(Element e, Element template) {
  * ```
  */
 class StaticAssert extends Locatable, @static_assert {
-  override string toString() { result = "static_assert(..., \"" + this.getMessage() + "\")" }
+  override string toString() { result = "static_assert(..., \"" + getMessage() + "\")" }
 
   /**
    * Gets the expression which this static assertion ensures is true.

cpp/ql/lib/semmle/code/cpp/Enum.qll

@@ -85,7 +85,7 @@ class Enum extends UserType, IntegralOrEnumType {
  * ```
  */
 class LocalEnum extends Enum {
-  LocalEnum() { this.isLocal() }
+  LocalEnum() { isLocal() }
 
   override string getAPrimaryQlClass() { result = "LocalEnum" }
 }