Merge pull request #6375 from github/aeisenberg/pack/python

Packaging: Refactor Python into separate library and query packs

.codeqlmanifest.json

@@ -1,27 +1,8 @@
-{
-    "provide": [
-        "*/ql/src/qlpack.yml",
-        "*/ql/lib/qlpack.yml",
-        "*/ql/test/qlpack.yml",
-        "*/ql/examples/qlpack.yml",
-        "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml",
-        "javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml",
-        "javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml",
-        "csharp/ql/campaigns/Solorigate/lib/qlpack.yml",
-        "csharp/ql/campaigns/Solorigate/src/qlpack.yml",
-        "csharp/ql/campaigns/Solorigate/test/qlpack.yml",
-        "misc/legacy-support/*/qlpack.yml",
-        "misc/suite-helpers/qlpack.yml",
-        "ruby/extractor-pack/codeql-extractor.yml",
-        "ruby/ql/consistency-queries/qlpack.yml",
-        "ql/ql/consistency-queries/qlpack.yml",
-        "ql/extractor-pack/codeql-extractor.yml"
-    ],
-    "versionPolicies": {
-      "default": {
-        "requireChangeNotes": true,
-        "committedPrereleaseSuffix": "dev",
-        "committedVersion": "nextPatchRelease"
-      }
-    }
-}
+{ "provide": [ "*/ql/lib/qlpack.yml",
+               "*/ql/src/qlpack.yml",
+               "*/ql/test/qlpack.yml",
+               "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml",
+               "*/ql/examples/qlpack.yml",
+               "*/upgrades/qlpack.yml",
+               "misc/legacy-support/*/qlpack.yml",
+               "misc/suite-helpers/qlpack.yml" ] }

.devcontainer/devcontainer.json

@@ -1,14 +1,9 @@
 {
   "extensions": [
-    "rust-lang.rust",
-    "bungcip.better-toml",
     "github.vscode-codeql",
     "slevesque.vscode-zipexplorer"
   ],
   "settings": {
-    "files.watcherExclude": {
-      "**/target/**": true
-    },
     "codeQL.runningQueries.memory": 2048
   }
 }

.gitattributes

@@ -48,6 +48,3 @@
 *.gif -text
 *.dll -text
 *.pdb -text
-
-java/ql/test/stubs/**/*.java linguist-generated=true
-java/ql/test/experimental/stubs/**/*.java linguist-generated=true

.github/actions/fetch-codeql/action.yml

@@ -1,14 +0,0 @@
-name: Fetch CodeQL
-description: Fetches the latest version of CodeQL
-runs:
-  using: composite
-  steps:
-    - name: Fetch CodeQL
-      shell: bash
-      run: |
-        LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
-        gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
-        unzip -q -d "${RUNNER_TEMP}" codeql-linux64.zip
-        echo "${RUNNER_TEMP}/codeql" >> "${GITHUB_PATH}"
-      env:
-        GITHUB_TOKEN: ${{ github.token }}

.github/dependabot.yml

@@ -1,18 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "cargo"
-    directory: "ruby/node-types"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "cargo"
-    directory: "ruby/generator"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "cargo"
-    directory: "ruby/extractor"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "cargo"
-    directory: "ruby/autobuilder"
-    schedule:
-      interval: "daily"

.github/labeler.yml

@@ -18,14 +18,7 @@ Python:
   - python/**/*
   - change-notes/**/*python*
 
-Ruby:
-  - ruby/**/*
-  - change-notes/**/*ruby*
-
 documentation:
   - "**/*.qhelp"
   - "**/*.md"
   - docs/**/*
-
-"QL-for-QL": 
-  - ql/**/*

.github/workflows/check-change-note.yml

@@ -7,7 +7,6 @@ on:
       - "*/ql/src/**/*.ql"
       - "*/ql/src/**/*.qll"
       - "!**/experimental/**"
-      - "!ql/**"
 
 jobs:
   check-change-note:

.github/workflows/codeql-analysis.yml

@@ -11,8 +11,6 @@ on:
       - 'rc/*'
     paths:
       - 'csharp/**'
-      - '.github/codeql/**'
-      - '.github/workflows/codeql-analysis.yml'
   schedule:
     - cron: '0 9 * * 1'
 
@@ -40,8 +38,8 @@ jobs:
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
-    #- name: Autobuild
-    #  uses: github/codeql-action/autobuild@main
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@main
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -50,8 +48,9 @@ jobs:
     #    and modify them (or add more) to build your code if your project
     #    uses a compiled language
 
-    - run: |
-       dotnet build csharp
+    #- run: |
+    #   make bootstrap
+    #   make release
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@main

.github/workflows/csv-coverage-pr-artifacts.yml

@@ -6,8 +6,6 @@ on:
       - '.github/workflows/csv-coverage-pr-comment.yml'
       - '*/ql/src/**/*.ql'
       - '*/ql/src/**/*.qll'
-      - '*/ql/lib/**/*.ql'
-      - '*/ql/lib/**/*.qll'
       - 'misc/scripts/library-coverage/*.py'
       # input data files
       - '*/documentation/library-coverage/cwe-sink.csv'

.github/workflows/csv-coverage-update.yml

@@ -8,7 +8,7 @@ on:
 jobs:
   update:
     name: Update framework coverage report
-    if: github.repository == 'github/codeql'
+    if: github.event.repository.fork == false
     runs-on: ubuntu-latest
 
     steps:

.github/workflows/post-pr-comment.yml

@@ -1,31 +0,0 @@
-name: Post pull-request comment
-on:
-  workflow_run:
-    workflows: ["Query help preview"]
-    types:
-      - completed
-
-permissions:
-  pull-requests: write
-
-jobs:
-  post_comment:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Download artifact
-        run: gh run download "${WORKFLOW_RUN_ID}" --repo "${GITHUB_REPOSITORY}" --name "comment"
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          WORKFLOW_RUN_ID: ${{ github.event.workflow_run.id }}
-      - run: |
-          PR="$(grep -o '^[0-9]\+$' pr.txt)"
-          PR_HEAD_SHA="$(gh api "/repos/${GITHUB_REPOSITORY}/pulls/${PR}" --jq .head.sha)"
-          # Check that the pull-request head SHA matches the head SHA of the workflow run
-          if [ "${WORKFLOW_RUN_HEAD_SHA}" != "${PR_HEAD_SHA}" ]; then
-            echo "PR head SHA ${PR_HEAD_SHA} does not match workflow_run event SHA ${WORKFLOW_RUN_HEAD_SHA}. Stopping." 1>&2
-            exit 1
-          fi
-          gh pr comment "${PR}" --repo "${GITHUB_REPOSITORY}" -F comment.txt
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          WORKFLOW_RUN_HEAD_SHA: ${{ github.event.workflow_run.head_commit.id }}

.github/workflows/qhelp-pr-preview.yml

@@ -1,63 +0,0 @@
-name: Query help preview
-
-permissions:
-  contents: read
-
-on:
-  pull_request:
-    branches:
-      - main
-      - "rc/*"
-    paths:
-      - "ruby/**/*.qhelp"
-
-jobs:
-  qhelp:
-    runs-on: ubuntu-latest
-    steps:
-      - run: echo "${{  github.event.number }}" > pr.txt
-      - uses: actions/upload-artifact@v2
-        with:
-          name: comment
-          path: pr.txt
-          retention-days: 1
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 2
-          persist-credentials: false
-      - uses: ./.github/actions/fetch-codeql
-      - name: Determine changed files
-        id: changes
-        run: |
-          (git diff -z --name-only --diff-filter=ACMRT HEAD~1 HEAD | grep -z '.qhelp$' | grep -z -v '.inc.qhelp';
-           git diff -z --name-only --diff-filter=ACMRT HEAD~1 HEAD | grep -z '.inc.qhelp$' | xargs --null -rn1 basename | xargs --null -rn1 git grep -z -l) |
-           grep -z '.qhelp$' | grep -z -v '^-' | sort -z -u > "${RUNNER_TEMP}/paths.txt"
-
-      - name: QHelp preview
-        run: |
-          EXIT_CODE=0
-          echo "QHelp previews:" > comment.txt
-          while read -r -d $'\0' path; do
-            if [ ! -f "${path}" ]; then
-               exit 1
-            fi
-            echo "<details> <summary>${path}</summary>"
-            echo
-            codeql generate query-help --format=markdown -- "./${path}" 2> errors.txt || EXIT_CODE="$?"
-            if [ -s errors.txt ]; then
-               echo "# errors/warnings:"
-               echo '```'
-               cat errors.txt
-               cat errors.txt 1>&2
-               echo '```'
-            fi
-            echo "</details>"
-          done < "${RUNNER_TEMP}/paths.txt" >> comment.txt
-          exit "${EXIT_CODE}"
-
-      - if: always()
-        uses: actions/upload-artifact@v2
-        with:
-          name: comment
-          path: comment.txt
-          retention-days: 1

.github/workflows/ql-for-ql-build.yml

@@ -1,192 +0,0 @@
-name: Run QL for QL
-
-on:
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
-
-env:
-  CARGO_TERM_COLOR: always
-
-jobs:
-  queries:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Find codeql
-        id: find-codeql
-        uses: github/codeql-action/init@erik-krogh/ql
-        with:
-          languages: javascript # does not matter
-      - name: Get CodeQL version
-        id: get-codeql-version
-        run: |
-          echo "::set-output name=version::$("${CODEQL}" --version | head -n 1 | rev | cut -d " " -f 1 | rev)"
-        shell: bash
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Cache queries
-        id: cache-queries
-        uses: actions/cache@v2
-        with:
-          path: ${{ runner.temp }}/query-pack.zip
-          key: queries-${{ hashFiles('ql/**/*.ql*') }}-${{ hashFiles('ql/ql/src/ql.dbscheme*') }}-${{ steps.get-codeql-version.outputs.version }}
-      - name: Build query pack
-        if: steps.cache-queries.outputs.cache-hit != 'true'
-        run: |
-          cd ql/ql/src
-          "${CODEQL}" pack create
-          cd .codeql/pack/codeql/ql-all/0.0.0
-          zip "${PACKZIP}" -r .
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-          PACKZIP: ${{ runner.temp }}/query-pack.zip
-      - name: Upload query pack
-        uses: actions/upload-artifact@v2
-        with:
-          name: query-pack-zip
-          path: ${{ runner.temp }}/query-pack.zip
-
-  extractors:
-    strategy:
-      fail-fast: false
-
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-      - name: Cache entire extractor
-        id: cache-extractor
-        uses: actions/cache@v2
-        with:
-          path: |
-            ql/target/release/ql-autobuilder
-            ql/target/release/ql-autobuilder.exe
-            ql/target/release/ql-extractor
-            ql/target/release/ql-extractor.exe
-          key: ${{ runner.os }}-extractor-${{ hashFiles('ql/**/Cargo.lock') }}-${{ hashFiles('ql/**/*.rs') }}
-      - name: Cache cargo
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            ql/target
-          key: ${{ runner.os }}-rust-cargo-${{ hashFiles('ql/**/Cargo.lock') }}
-      - name: Check formatting
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: cd ql; cargo fmt --all -- --check
-      - name: Build
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: cd ql; cargo build --verbose
-      - name: Run tests
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: cd ql; cargo test --verbose
-      - name: Release build
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: cd ql; cargo build --release
-      - name: Generate dbscheme
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: ql/target/release/ql-generator --dbscheme ql/ql/src/ql.dbscheme --library ql/ql/src/codeql_ql/ast/internal/TreeSitter.qll
-      - uses: actions/upload-artifact@v2
-        with:
-          name: extractor-ubuntu-latest
-          path: |
-            ql/target/release/ql-autobuilder
-            ql/target/release/ql-autobuilder.exe
-            ql/target/release/ql-extractor
-            ql/target/release/ql-extractor.exe
-          retention-days: 1
-  package:
-    runs-on: ubuntu-latest
-
-    needs:
-      - extractors
-      - queries
-
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
-        with:
-          name: query-pack-zip
-          path: query-pack-zip
-      - uses: actions/download-artifact@v2
-        with:
-          name: extractor-ubuntu-latest
-          path: linux64
-      - run: |
-          unzip query-pack-zip/*.zip -d pack
-          cp -r ql/codeql-extractor.yml ql/tools ql/ql/src/ql.dbscheme.stats pack/
-          mkdir -p pack/tools/linux64
-          if [[ -f linux64/ql-autobuilder ]]; then
-            cp linux64/ql-autobuilder pack/tools/linux64/autobuilder
-            chmod +x pack/tools/linux64/autobuilder
-          fi
-          if [[ -f linux64/ql-extractor ]]; then
-            cp linux64/ql-extractor pack/tools/linux64/extractor
-            chmod +x pack/tools/linux64/extractor
-          fi
-          cd pack
-          zip -rq ../codeql-ql.zip .
-      - uses: actions/upload-artifact@v2
-        with:
-          name: codeql-ql-pack
-          path: codeql-ql.zip
-          retention-days: 1
-  analyze:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        folder: [cpp, csharp, java, javascript, python, ql, ruby]
-
-    needs:
-      - package
-
-    steps:
-      - name: Download pack
-        uses: actions/download-artifact@v2
-        with:
-          name: codeql-ql-pack
-          path: ${{ runner.temp }}/codeql-ql-pack-artifact
-
-      - name: Prepare pack
-        run: |
-          unzip "${PACK_ARTIFACT}/*.zip" -d "${PACK}"
-        env:
-          PACK_ARTIFACT: ${{ runner.temp }}/codeql-ql-pack-artifact
-          PACK: ${{ runner.temp }}/pack
-      - name: Hack codeql-action options
-        run: |
-          JSON=$(jq -nc --arg pack "${PACK}" '.resolve.queries=["--search-path", $pack] | .resolve.extractor=["--search-path", $pack] | .database.init=["--search-path", $pack]')
-          echo "CODEQL_ACTION_EXTRA_OPTIONS=${JSON}" >> ${GITHUB_ENV}
-        env:
-          PACK: ${{ runner.temp }}/pack
-
-      - name: Checkout repository
-        uses: actions/checkout@v2
-      - name: Create CodeQL config file
-        run: |
-          echo "paths:" > ${CONF}
-          echo "  - ${FOLDER}" >> ${CONF}
-          echo "paths-ignore:" >> ${CONF}
-          echo "  - ql/ql/test" >> ${CONF}
-          echo "Config file: "
-          cat ${CONF}
-        env: 
-          CONF: ./ql-for-ql-config.yml
-          FOLDER: ${{ matrix.folder }}
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@erik-krogh/ql
-        with:
-          languages: ql
-          db-location: ${{ runner.temp }}/db
-          config-file: ./ql-for-ql-config.yml
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@erik-krogh/ql
-        with: 
-          category: "ql-for-ql-${{ matrix.folder }}"
-

.github/workflows/ql-for-ql-dataset_measure.yml

@@ -1,84 +0,0 @@
-name: Collect database stats for QL for QL
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - ql/ql/src/ql.dbscheme
-  pull_request:
-    branches: [main]
-    paths:
-      - ql/ql/src/ql.dbscheme
-  workflow_dispatch:
-
-jobs:
-  measure:
-    env:
-      CODEQL_THREADS: 4 # TODO: remove this once it's set by the CLI
-    strategy:
-      matrix:
-        repo: 
-          - github/codeql
-          - github/codeql-go
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Find codeql
-        id: find-codeql
-        uses: github/codeql-action/init@erik-krogh/ql
-        with:
-          languages: javascript # does not matter
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            ql/target
-          key: ${{ runner.os }}-qltest-cargo-${{ hashFiles('**/Cargo.lock') }}
-      - name: Build Extractor
-        run: cd ql; env "PATH=$PATH:`dirname ${CODEQL}`" ./create-extractor-pack.sh
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Checkout ${{ matrix.repo }}
-        uses: actions/checkout@v2
-        with:
-          repository: ${{ matrix.repo }}
-          path: ${{ github.workspace }}/repo
-      - name: Create database
-        run: |
-          "${CODEQL}" database create \
-            --search-path "ql/extractor-pack" \
-            --threads 4 \
-            --language ql --source-root "${{ github.workspace }}/repo" \
-            "${{ runner.temp }}/database"
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Measure database
-        run: |
-          mkdir -p "stats/${{ matrix.repo }}"
-          "${CODEQL}" dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ql"
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - uses: actions/upload-artifact@v2
-        with:
-          name: measurements
-          path: stats
-          retention-days: 1
-
-  merge:
-    runs-on: ubuntu-latest
-    needs: measure
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
-        with:
-          name: measurements
-          path: stats
-      - run: |
-          python -m pip install --user lxml
-          find stats -name 'stats.xml' -print0 | sort -z | xargs -0 python ql/scripts/merge_stats.py --output ql/ql/src/ql.dbscheme.stats --normalise ql_tokeninfo
-      - uses: actions/upload-artifact@v2
-        with:
-          name: ql.dbscheme.stats
-          path: ql/ql/src/ql.dbscheme.stats

.github/workflows/ql-for-ql-tests.yml

@@ -1,52 +0,0 @@
-name: Run QL for QL Tests
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - "ql/**"
-  pull_request:
-    branches: [main]
-    paths:
-      - "ql/**"
-
-env:
-  CARGO_TERM_COLOR: always
-
-jobs:
-  qltest:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Find codeql
-        id: find-codeql
-        uses: github/codeql-action/init@erik-krogh/ql
-        with:
-          languages: javascript # does not matter
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            ql/target
-          key: ${{ runner.os }}-qltest-cargo-${{ hashFiles('**/Cargo.lock') }}
-      - name: Build extractor
-        run: |
-          cd ql;
-          codeqlpath=$(dirname ${{ steps.find-codeql.outputs.codeql-path }});
-          env "PATH=$PATH:$codeqlpath" ./create-extractor-pack.sh
-      - name: Run QL tests
-        run: | 
-          "${CODEQL}" test run --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --search-path "${{ github.workspace }}/ql/extractor-pack" --consistency-queries ql/ql/consistency-queries ql/ql/test
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Check QL formatting
-        run: | 
-          find ql/ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 "${CODEQL}" query format --check-only
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Check QL compilation
-        run: | 
-          "${CODEQL}" query compile --check-only --threads=4 --warnings=error --search-path "${{ github.workspace }}/ql/extractor-pack" "ql/ql/src" "ql/ql/examples"
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}

.github/workflows/ruby-build.yml

@@ -1,224 +0,0 @@
-name: "Ruby: Build"
-
-on:
-  push:
-    paths:
-      - "ruby/**"
-      - .github/workflows/ruby-build.yml
-    branches:
-      - main
-      - "rc/*"
-  pull_request:
-    paths:
-      - "ruby/**"
-      - .github/workflows/ruby-build.yml
-    branches:
-      - main
-      - "rc/*"
-  workflow_dispatch:
-    inputs:
-      tag:
-        description: "Version tag to create"
-        required: false
-
-env:
-  CARGO_TERM_COLOR: always
-
-defaults:
-  run:
-    working-directory: ruby
-
-jobs:
-  build:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
-
-    runs-on: ${{ matrix.os }}
-
-    steps:
-      - uses: actions/checkout@v2
-      - name: Install GNU tar
-        if: runner.os == 'macOS'
-        run: |
-          brew install gnu-tar
-          echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            ruby/target
-          key: ${{ runner.os }}-rust-cargo-${{ hashFiles('**/Cargo.lock') }}
-      - name: Check formatting
-        run: cargo fmt --all -- --check
-      - name: Build
-        run: cargo build --verbose
-      - name: Run tests
-        run: cargo test --verbose
-      - name: Release build
-        run: cargo build --release
-      - name: Generate dbscheme
-        if: ${{ matrix.os == 'ubuntu-latest' }}
-        run: target/release/ruby-generator --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
-      - uses: actions/upload-artifact@v2
-        if: ${{ matrix.os == 'ubuntu-latest' }}
-        with:
-          name: ruby.dbscheme
-          path: ruby/ql/lib/ruby.dbscheme
-      - uses: actions/upload-artifact@v2
-        if: ${{ matrix.os == 'ubuntu-latest' }}
-        with:
-          name: TreeSitter.qll
-          path: ruby/ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
-      - uses: actions/upload-artifact@v2
-        with:
-          name: extractor-${{ matrix.os }}
-          path: |
-            ruby/target/release/ruby-autobuilder
-            ruby/target/release/ruby-autobuilder.exe
-            ruby/target/release/ruby-extractor
-            ruby/target/release/ruby-extractor.exe
-          retention-days: 1
-  compile-queries:
-    runs-on: ubuntu-latest
-    env:
-      CODEQL_THREADS: 4 # TODO: remove this once it's set by the CLI
-    steps:
-      - uses: actions/checkout@v2
-      - name: Fetch CodeQL
-        run: |
-          LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
-          gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
-          unzip -q codeql-linux64.zip
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-      - name: Build Query Pack
-        run: |
-          codeql/codeql pack create ql/lib --output target/packs
-          codeql/codeql pack install ql/src
-          codeql/codeql pack create ql/src --output target/packs
-          PACK_FOLDER=$(readlink -f target/packs/codeql/ruby-queries/*)
-          codeql/codeql generate query-help --format=sarifv2.1.0 --output="${PACK_FOLDER}/rules.sarif" ql/src
-          (cd ql/src; find queries \( -name '*.qhelp' -o -name '*.rb' -o -name '*.erb' \) -exec bash -c 'mkdir -p "'"${PACK_FOLDER}"'/$(dirname "{}")"' \; -exec cp "{}" "${PACK_FOLDER}/{}" \;)
-      - uses: actions/upload-artifact@v2
-        with:
-          name: codeql-ruby-queries
-          path: |
-            ruby/target/packs/*
-          retention-days: 1
-
-  package:
-    runs-on: ubuntu-latest
-    needs: [build, compile-queries]
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
-        with:
-          name: ruby.dbscheme
-          path: ruby/ruby
-      - uses: actions/download-artifact@v2
-        with:
-          name: extractor-ubuntu-latest
-          path: ruby/linux64
-      - uses: actions/download-artifact@v2
-        with:
-          name: extractor-windows-latest
-          path: ruby/win64
-      - uses: actions/download-artifact@v2
-        with:
-          name: extractor-macos-latest
-          path: ruby/osx64
-      - run: |
-          mkdir -p ruby
-          cp -r codeql-extractor.yml tools ql/lib/ruby.dbscheme.stats ruby/
-          mkdir -p ruby/tools/{linux64,osx64,win64}
-          cp linux64/ruby-autobuilder ruby/tools/linux64/autobuilder
-          cp osx64/ruby-autobuilder ruby/tools/osx64/autobuilder
-          cp win64/ruby-autobuilder.exe ruby/tools/win64/autobuilder.exe
-          cp linux64/ruby-extractor ruby/tools/linux64/extractor
-          cp osx64/ruby-extractor ruby/tools/osx64/extractor
-          cp win64/ruby-extractor.exe ruby/tools/win64/extractor.exe
-          chmod +x ruby/tools/{linux64,osx64}/{autobuilder,extractor}
-          zip -rq codeql-ruby.zip ruby
-      - uses: actions/upload-artifact@v2
-        with:
-          name: codeql-ruby-pack
-          path: ruby/codeql-ruby.zip
-          retention-days: 1
-      - uses: actions/download-artifact@v2
-        with:
-          name: codeql-ruby-queries
-          path: ruby/qlpacks
-      - run: |
-          echo '{
-            "provide": [
-            "ruby/codeql-extractor.yml",
-            "qlpacks/*/*/*/qlpack.yml"
-            ]
-          }' > .codeqlmanifest.json
-          zip -rq codeql-ruby-bundle.zip .codeqlmanifest.json ruby qlpacks
-      - uses: actions/upload-artifact@v2
-        with:
-          name: codeql-ruby-bundle
-          path: ruby/codeql-ruby-bundle.zip
-          retention-days: 1
-
-  test:
-    defaults:
-      run:
-        working-directory: ${{ github.workspace }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
-
-    runs-on: ${{ matrix.os }}
-    needs: [package]
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          repository: Shopify/example-ruby-app
-          ref: 67a0decc5eb550f3a9228eda53925c3afd40dfe9
-      - name: Fetch CodeQL
-        shell: bash
-        run: |
-          LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
-          gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql.zip "$LATEST"
-          unzip -q codeql.zip
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-        working-directory: ${{ runner.temp }}
-      - name: Download Ruby bundle
-        uses: actions/download-artifact@v2
-        with:
-          name: codeql-ruby-bundle
-          path: ${{ runner.temp }}
-      - name: Unzip Ruby bundle
-        shell: bash
-        run: unzip -q -d "${{ runner.temp }}/ruby-bundle" "${{ runner.temp }}/codeql-ruby-bundle.zip"
-      - name: Prepare test files
-        shell: bash
-        run: |
-          echo "import ruby select count(File f)" > "test.ql"
-          echo "| 4 |" > "test.expected"
-          echo 'name: sample-tests
-          version: 0.0.0
-          dependencies:
-            codeql/ruby-all: 0.0.1
-          extractor: ruby
-          tests: .
-          ' > qlpack.yml
-      - name: Run QL test
-        shell: bash
-        run: |
-          "${{ runner.temp }}/codeql/codeql" test run --search-path "${{ runner.temp }}/ruby-bundle" --additional-packs "${{ runner.temp }}/ruby-bundle" .
-      - name: Create database
-        shell: bash
-        run: |
-          "${{ runner.temp }}/codeql/codeql" database create --search-path "${{ runner.temp }}/ruby-bundle" --language ruby --source-root . ../database
-      - name: Analyze database
-        shell: bash
-        run: |
-          "${{ runner.temp }}/codeql/codeql" database analyze --search-path "${{ runner.temp }}/ruby-bundle" --format=sarifv2.1.0 --output=out.sarif ../database ruby-code-scanning.qls

.github/workflows/ruby-dataset-measure.yml

@@ -1,73 +0,0 @@
-name: "Ruby: Collect database stats"
-
-on:
-  push:
-    branches:
-      - main
-      - "rc/*"
-    paths:
-      - ruby/ql/lib/ruby.dbscheme
-      - .github/workflows/ruby-dataset-measure.yml
-  pull_request:
-    branches:
-      - main
-      - "rc/*"
-    paths:
-      - ruby/ql/lib/ruby.dbscheme
-      - .github/workflows/ruby-dataset-measure.yml
-  workflow_dispatch:
-
-jobs:
-  measure:
-    env:
-      CODEQL_THREADS: 4 # TODO: remove this once it's set by the CLI
-    strategy:
-      fail-fast: false
-      matrix:
-        repo: [rails/rails, discourse/discourse, spree/spree, ruby/ruby]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - uses: ./.github/actions/fetch-codeql
-
-      - uses: ./ruby/actions/create-extractor-pack
-
-      - name: Checkout ${{ matrix.repo }}
-        uses: actions/checkout@v2
-        with:
-          repository: ${{ matrix.repo }}
-          path: ${{ github.workspace }}/repo
-      - name: Create database
-        run: |
-          codeql database create \
-            --search-path "${{ github.workspace }}/ruby/extractor-pack" \
-            --threads 4 \
-            --language ruby --source-root "${{ github.workspace }}/repo" \
-            "${{ runner.temp }}/database"
-      - name: Measure database
-        run: |
-          mkdir -p "stats/${{ matrix.repo }}"
-          codeql dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ruby"
-      - uses: actions/upload-artifact@v2
-        with:
-          name: measurements
-          path: stats
-          retention-days: 1
-
-  merge:
-    runs-on: ubuntu-latest
-    needs: measure
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
-        with:
-          name: measurements
-          path: stats
-      - run: |
-          python -m pip install --user lxml
-          find stats -name 'stats.xml' | sort | xargs python ruby/scripts/merge_stats.py --output ruby/ql/lib/ruby.dbscheme.stats --normalise ruby_tokeninfo
-      - uses: actions/upload-artifact@v2
-        with:
-          name: ruby.dbscheme.stats
-          path: ruby/ql/lib/ruby.dbscheme.stats

.github/workflows/ruby-qltest.yml

@@ -1,50 +0,0 @@
-name: "Ruby: Run QL Tests"
-
-on:
-  push:
-    paths:
-      - "ruby/**"
-      - .github/workflows/ruby-qltest.yml
-    branches:
-      - main
-      - "rc/*"
-  pull_request:
-    paths:
-      - "ruby/**"
-      - .github/workflows/ruby-qltest.yml
-    branches:
-      - main
-      - "rc/*"
-
-env:
-  CARGO_TERM_COLOR: always
-
-defaults:
-  run:
-    working-directory: ruby
-
-jobs:
-  qltest:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: ./.github/actions/fetch-codeql
-      - uses: ./ruby/actions/create-extractor-pack
-      - name: Run QL tests
-        run: |
-          codeql test run --search-path "${{ github.workspace }}/ruby/extractor-pack" --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --consistency-queries ql/consistency-queries ql/test
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-      - name: Check QL formatting
-        run: find ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 codeql query format --check-only
-      - name: Check QL compilation
-        run: |
-          codeql query compile --check-only --threads=4 --warnings=error "ql/src" "ql/examples"
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-      - name: Check DB upgrade scripts
-        run: |
-          echo >empty.trap
-          codeql dataset import -S ql/lib/upgrades/initial/ruby.dbscheme testdb empty.trap
-          codeql dataset upgrade testdb --additional-packs ql/lib
-          diff -q testdb/ruby.dbscheme ql/lib/ruby.dbscheme

.github/workflows/sync-files.yml

@@ -1,20 +0,0 @@
-name: Check synchronized files
-
-on:
-  push:
-    branches:
-      - main
-      - 'rc/*'
-  pull_request:
-    branches:
-      - main
-      - 'rc/*'
-
-jobs:
-  sync:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Check synchronized files
-        run: python config/sync-files.py
-

.gitignore

@@ -5,6 +5,7 @@
 
 # query compilation caches
 .cache
+data
 
 # qltest projects and artifacts
 */ql/test/**/*.testproj
@@ -23,10 +24,8 @@
 # It's useful (though not required) to be able to unpack codeql in the ql checkout itself
 /codeql/
 
+# Exclude output directories for compiled packs.
+.codeql/
+
 csharp/extractor/Semmle.Extraction.CSharp.Driver/Properties/launchSettings.json
 
-# Avoid committing cached package components
-.codeql
-
-# Compiled class file
-*.class

CODEOWNERS

@@ -3,7 +3,6 @@
 /java/ @github/codeql-java
 /javascript/ @github/codeql-javascript
 /python/ @github/codeql-python
-/ruby/ @github/codeql-ruby
 
 # Make @xcorail (GitHub Security Lab) a code owner for experimental queries so he gets pinged when we promote a query out of experimental
 /cpp/**/experimental/**/* @github/codeql-c-analysis @xcorail
@@ -11,7 +10,6 @@
 /java/**/experimental/**/* @github/codeql-java @xcorail
 /javascript/**/experimental/**/* @github/codeql-javascript @xcorail
 /python/**/experimental/**/* @github/codeql-python @xcorail
-/ruby/**/experimental/**/* @github/codeql-ruby @xcorail
 
 # Notify members of codeql-go about PRs to the shared data-flow library files
 /java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll @github/codeql-java @github/codeql-go
@@ -19,12 +17,3 @@
 /java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll @github/codeql-java @github/codeql-go
 /java/ql/src/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go
 /java/ql/src/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go
-
-# CodeQL tools and associated docs
-/docs/codeql-cli/ @github/codeql-cli-reviewers
-/docs/codeql-for-visual-studio-code/ @github/codeql-vscode-reviewers
-/docs/ql-language-reference/ @github/codeql-frontend-reviewers
-/docs/query-*-style-guide.md @github/codeql-analysis-reviewers
-
-# QL for QL reviewers
-/ql/ @github/codeql-ql-for-ql-reviewers

CONTRIBUTING.md

@@ -4,9 +4,6 @@ We welcome contributions to our CodeQL libraries and queries. Got an idea for a
 
 There is lots of useful documentation to help you write queries, ranging from information about query file structure to tutorials for specific target languages. For more information on the documentation available, see [CodeQL queries](https://help.semmle.com/QL/learn-ql/writing-queries/writing-queries.html) on [help.semmle.com](https://help.semmle.com).
 
-## Change notes
-
-Any nontrivial user-visible change to a query pack or library pack should have a change note. For details on how to add a change note for your change, see [this guide](docs/change-notes.md).
 
 ## Submitting a new experimental query
 
@@ -14,14 +11,13 @@ If you have an idea for a query that you would like to share with other CodeQL u
 
 1. **Directory structure**
 
-    There are six language-specific query directories in this repository:
+    There are five language-specific query directories in this repository:
 
       * C/C++: `cpp/ql/src`
       * C#: `csharp/ql/src`
       * Java: `java/ql/src`
       * JavaScript: `javascript/ql/src`
       * Python: `python/ql/src`
-      * Ruby: `ruby/ql/src`
 
     Each language-specific directory contains further subdirectories that group queries based on their `@tags` or purpose.
     - Experimental queries and libraries are stored in the `experimental` subdirectory within each language-specific directory in the [CodeQL repository](https://github.com/github/codeql). For example, experimental Java queries and libraries are stored in `java/ql/src/experimental` and any corresponding tests in `java/ql/test/experimental`.

README.md

@@ -1,11 +1,11 @@
 # CodeQL
 
-This open source repository contains the standard CodeQL libraries and queries that power [GitHub Advanced Security](https://github.com/features/security/code) and the other application security products that [GitHub](https://github.com/features/security/) makes available to its customers worldwide. For the queries, libraries, and extractor that power Go analysis, visit the [CodeQL for Go repository](https://github.com/github/codeql-go).
+This open source repository contains the standard CodeQL libraries and queries that power [LGTM](https://lgtm.com) and the other CodeQL products that [GitHub](https://github.com) makes available to its customers worldwide. For the queries, libraries, and extractor that power Go analysis, visit the [CodeQL for Go repository](https://github.com/github/codeql-go).
 
 ## How do I learn CodeQL and run queries?
 
-There is [extensive documentation](https://codeql.github.com/docs/) on getting started with writing CodeQL.
-You can use the [CodeQL for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/) extension or the [interactive query console](https://lgtm.com/help/lgtm/using-query-console) on LGTM.com (Semmle Legacy product) to try out your queries on any open source project that's currently being analyzed.
+There is [extensive documentation](https://help.semmle.com/QL/learn-ql/) on getting started with writing CodeQL.
+You can use the [interactive query console](https://lgtm.com/help/lgtm/using-query-console) on LGTM.com or the [CodeQL for Visual Studio Code](https://help.semmle.com/codeql/codeql-for-vscode.html) extension to try out your queries on any open source project that's currently being analyzed.
 
 ## Contributing
 
@@ -13,7 +13,7 @@ We welcome contributions to our standard library and standard checks. Do you hav
 
 ## License
 
-The code in this repository is licensed under the [MIT License](LICENSE) by [GitHub](https://github.com). The use of CodeQL on open source code is licensed under specific [Terms & Conditions](https://securitylab.github.com/tools/codeql/license/) UNLESS you have a commercial license in place. If you'd like to use CodeQL with a commercial codebase, please [contact us](https://github.com/enterprise/contact) for further help.
+The code in this repository is licensed under the [MIT License](LICENSE) by [GitHub](https://github.com).
 
 ## Visual Studio Code integration
 

config/identical-files.json

@@ -6,8 +6,6 @@
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll",
-    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll",
-    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll",
@@ -25,17 +23,14 @@
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll"
+    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll"
   ],
   "DataFlow Java/C++/C#/Python Common": [
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll"
+    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll"
   ],
   "TaintTracking::Configuration Java/C++/C#/Python": [
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
@@ -53,21 +48,18 @@
     "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll"
+    "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll"
   ],
   "DataFlow Java/C++/C#/Python Consistency checks": [
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll",
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll",
     "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplConsistency.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplConsistency.qll"
+    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll"
   ],
   "DataFlow Java/C# Flow Summaries": [
     "java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll"
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll"
   ],
   "SsaReadPosition Java/C#": [
     "java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll",
@@ -374,10 +366,8 @@
   ],
   "Inline Test Expectations": [
     "cpp/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "csharp/ql/test/TestUtilities/InlineExpectationsTest.qll",
     "java/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "python/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "ruby/ql/test/TestUtilities/InlineExpectationsTest.qll"
+    "python/ql/test/TestUtilities/InlineExpectationsTest.qll"
   ],
   "C++ ExternalAPIs": [
     "cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll",
@@ -439,38 +429,29 @@
     "python/ql/src/Lexical/CommentedOutCodeReferences.inc.qhelp"
   ],
   "IDE Contextual Queries": [
-    "cpp/ql/src/IDEContextual.qll",
-    "csharp/ql/src/IDEContextual.qll",
-    "java/ql/src/IDEContextual.qll",
-    "javascript/ql/src/IDEContextual.qll",
+    "cpp/ql/lib/IDEContextual.qll",
+    "csharp/ql/lib/IDEContextual.qll",
+    "java/ql/lib/IDEContextual.qll",
+    "javascript/ql/lib/IDEContextual.qll",
     "python/ql/src/analysis/IDEContextual.qll"
   ],
   "SSA C#": [
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImplCommon.qll",
     "csharp/ql/lib/semmle/code/csharp/controlflow/internal/pressa/SsaImplCommon.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/basessa/SsaImplCommon.qll",
-    "csharp/ql/lib/semmle/code/cil/internal/SsaImplCommon.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImplCommon.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll"
+    "csharp/ql/lib/semmle/code/cil/internal/SsaImplCommon.qll"
   ],
-  "CryptoAlgorithms Python/JS/Ruby": [
+  "CryptoAlgorithms Python/JS": [
     "javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll",
-    "python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll",
-    "ruby/ql/lib/codeql/ruby/security/CryptoAlgorithms.qll"
-  ],
-  "CryptoAlgorithmNames Python/JS/Ruby": [
-    "javascript/ql/lib/semmle/javascript/security/internal/CryptoAlgorithmNames.qll",
-    "python/ql/lib/semmle/python/concepts/internal/CryptoAlgorithmNames.qll",
-    "ruby/ql/lib/codeql/ruby/security/internal/CryptoAlgorithmNames.qll"
+    "python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll"
   ],
   "SensitiveDataHeuristics Python/JS": [
     "javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
     "python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll"
   ],
-  "ReDoS Util Python/JS/Ruby": [
+  "ReDoS Util Python/JS": [
     "javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll",
-    "python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll",
-    "ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll"
+    "python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll"
   ],
   "ReDoS Exponential Python/JS": [
     "javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll",
@@ -478,28 +459,6 @@
   ],
   "ReDoS Polynomial Python/JS": [
     "javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll",
-    "python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll",
-    "ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll"
-  ],
-  "BadTagFilterQuery Python/JS/Ruby": [
-    "javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll",
-    "python/ql/lib/semmle/python/security/BadTagFilterQuery.qll",
-    "ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll"
-  ],
-  "CFG": [
-    "csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll",
-    "ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll"
-  ],
-  "TypeTracker": [
-    "python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll",
-    "ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll"
-  ],
-  "CodeQL Tutorial": [
-    "cpp/ql/lib/tutorial.qll",
-    "csharp/ql/lib/tutorial.qll",
-    "java/ql/lib/tutorial.qll",
-    "javascript/ql/lib/tutorial.qll",
-    "python/ql/lib/tutorial.qll",
-    "ruby/ql/lib/tutorial.qll"
+    "python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll"
   ]
 }

cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj

@@ -17,7 +17,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Build" Version="16.11.0" />
+    <PackageReference Include="Microsoft.Build" Version="16.9.0" />
   </ItemGroup>
 
   <ItemGroup>

cpp/config/suites/security/cwe-120

@@ -5,11 +5,9 @@
   @name Badly bounded write (CWE-120)
 + semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWrite.ql: /CWE/CWE-120
   @name Potentially overrunning write (CWE-120)
-+ semmlecode-cpp-queries/Security/CWE/CWE-120/VeryLikelyOverrunWrite.ql: /CWE/CWE-120
-  @name Likely overrunning write
 + semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWriteFloat.ql: /CWE/CWE-120
   @name Potentially overrunning write with float to string conversion (CWE-120)
 + semmlecode-cpp-queries/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql: /CWE/CWE-120
   @name Array offset used before range check (CWE-120)
 + semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /CWE/CWE-120
-  @name Potentially unsafe use of strcat (CWE-120)
+    @name Potentially unsafe use of strcat (CWE-120)

cpp/old-change-notes/2021-06-10-cleartext-transmission.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* A new query (`cpp/cleartext-transmission`) has been added. This is similar to the `cpp/cleartext-storage-file`, `cpp/cleartext-storage-buffer` and `cpp/cleartext-storage-database` queries but looks for cases where sensitive information is most likely transmitted over a network.

cpp/old-change-notes/2021-06-22-sql-tainted.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The 'Uncontrolled data in SQL query' (cpp/sql-injection) query now supports the `libpqxx` library.

cpp/old-change-notes/2021-07-13-cleartext-storage-file.md

@@ -1,3 +0,0 @@
-lgtm,codescanning
-* The "Cleartext storage of sensitive information in file" (cpp/cleartext-storage-file) query now uses dataflow to produce additional results.
-* Heuristics in the SensitiveExprs.qll library have been improved, making the "Cleartext storage of sensitive information in file" (cpp/cleartext-storage-file), "Cleartext storage of sensitive information in buffer" (cpp/cleartext-storage-buffer) and "Cleartext storage of sensitive information in an SQLite" (cpp/cleartext-storage-database) queries more accurate.

cpp/old-change-notes/2021-07-20-toctou-race-condition.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Improvements have been made to the `cpp/toctou-race-condition` query, both to find more correct results and fewer false positive results.

cpp/old-change-notes/2021-07-27-uncontrolled-arithmetic.md

@@ -1,2 +0,0 @@
-lgtm
-* Improvements made to the (`cpp/uncontrolled-arithmetic`) query, reducing the frequency of false positive results.

cpp/old-change-notes/2021-07-29-virtual-function-declaration-specifiers.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Virtual function specifiers are now accessible via the new predicates on `Function` (`.isDeclaredVirtual`, `.isOverride`, and `.isFinal`).

cpp/old-change-notes/2021-08-10-has-trailing-return-type.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Added `Function.hasTrailingReturnType` predicate to check whether a function was declared with a trailing return type.

cpp/old-change-notes/2021-08-17-has-c-linkage.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Added `RoutineType.hasCLinkage` predicate to check whether a function type has "C" language linkage.

cpp/old-change-notes/2021-08-23-ctime-weaken-claims.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Lowered the precision of `cpp/potentially-dangerous-function` so it is run but not displayed on LGTM by default and so it's only run and displayed on Code Scanning if a broader suite like `cpp-security-extended` is opted into.

cpp/old-change-notes/2021-08-23-getPrimaryQlClasses.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Added `Element.getPrimaryQlClasses()` predicate, which gets a comma-separated list of the names of the primary CodeQL classes to which this element belongs.

cpp/old-change-notes/2021-08-24-implicit-downcast-from-bitfield.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The query `cpp/implicit-bitfield-downcast` now accounts for C++ reference types, which leads to more true positive results.

cpp/old-change-notes/2021-08-31-range-analysis-upper-bound.md

@@ -1,4 +0,0 @@
-lgtm,codescanning
-* The `SimpleRangeAnalysis` library includes information from the
-  immediate guard for determining the upper bound of a stack
-  variable for improved accuracy.

cpp/old-change-notes/2021-09-13-overflow-static.md

@@ -1,4 +0,0 @@
-lgtm,codescanning
-* The `memberMayBeVarSize` predicate considers more fields to be variable size.
-  As a result, the "Static buffer overflow" query (cpp/static-buffer-overflow)
-  produces fewer false positives.

cpp/old-change-notes/2021-09-27-command-line-injection.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The "Uncontrolled data used in OS command" (`cpp/command-line-injection`) query has been enhanced to reduce false positive results and its `@precision` increased to `high`

cpp/old-change-notes/2021-09-27-overflow-static.md

@@ -1,3 +0,0 @@
-lgtm,codescanning
-* Increase precision to high for the "Static buffer overflow" query
-  (`cpp/static-buffer-overflow`). This means the query is run and displayed by default on Code Scanning and LGTM.

cpp/old-change-notes/2021-10-01-improper-null-termination.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Several improvements made to the `NullTermination.qll` library and the 'Potential improper null termination' (cpp/improper-null-termination). These changes reduce the number of false positive results for this query and related query 'User-controlled data may not be null terminated' (cpp/user-controlled-null-termination-tainted).

cpp/old-change-notes/2021-10-07-cleartext-transmission.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been improved, reducing the number of false positive results when encryption is present.

cpp/old-change-notes/2021-10-07-extraction-errors.md

@@ -1,3 +0,0 @@
-codescanning
-* Problems with extraction that in most cases won't break the analysis in a significant way are now reported as warnings rather than errors.
-* The failed extractor invocations query now has severity `error`.

cpp/ql/examples/qlpack.yml

@@ -1,4 +1,4 @@
 name: codeql/cpp-examples
-version: 0.0.2
+version: 0.0.0
 dependencies:
-  codeql/cpp-all: "*"
+  codeql/cpp-all: ^0.0.1

cpp/ql/lib/CHANGELOG.md

@@ -1,24 +0,0 @@
-## 0.0.8
-
-### Deprecated APIs
-
-* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack.
-
-### Minor Analysis Improvements
-
-* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a
-  more accurate length for integers formatted with `%x`
-
-## 0.0.7
-
-## 0.0.6
-
-## 0.0.5
-
-## 0.0.4
-
-### New Features
-
-* The QL library `semmle.code.cpp.commons.Exclusions` now contains a predicate
-  `isFromSystemMacroDefinition` for identifying code that originates from a
-  macro outside the project being analyzed.

cpp/ql/lib/DefaultOptions.qll

@@ -73,7 +73,7 @@ class Options extends string {
    *   __assume(0);
    * ```
    * (note that in this case if the hint is wrong and the expression is reached at
-   * runtime, the program's behavior is undefined)
+   * runtime, the program's behaviour is undefined)
    */
   predicate exprExits(Expr e) {
     e.(AssumeExpr).getChild(0).(CompileTimeConstantInt).getIntValue() = 0 or

cpp/ql/lib/Documentation/CommentedOutCode.qll

@@ -198,7 +198,7 @@ class CommentBlock extends Comment {
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
-   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+   * [Locations](https://help.semmle.com/QL/learn-ql/ql/locations.html).
    */
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn

cpp/ql/lib/Options.qll

@@ -50,7 +50,7 @@ class CustomOptions extends Options {
    *   __assume(0);
    * ```
    * (note that in this case if the hint is wrong and the expression is reached at
-   * runtime, the program's behavior is undefined)
+   * runtime, the program's behaviour is undefined)
    */
   override predicate exprExits(Expr e) { Options.super.exprExits(e) }
 

cpp/ql/lib/change-notes/released/0.0.4.md

@@ -1,7 +0,0 @@
-## 0.0.4
-
-### New Features
-
-* The QL library `semmle.code.cpp.commons.Exclusions` now contains a predicate
-  `isFromSystemMacroDefinition` for identifying code that originates from a
-  macro outside the project being analyzed.

cpp/ql/lib/change-notes/released/0.0.5.md

@@ -1 +0,0 @@
-## 0.0.5

cpp/ql/lib/change-notes/released/0.0.6.md

@@ -1 +0,0 @@
-## 0.0.6

cpp/ql/lib/change-notes/released/0.0.7.md

@@ -1 +0,0 @@
-## 0.0.7

cpp/ql/lib/change-notes/released/0.0.8.md

@@ -1,10 +0,0 @@
-## 0.0.8
-
-### Deprecated APIs
-
-* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack.
-
-### Minor Analysis Improvements
-
-* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a
-  more accurate length for integers formatted with `%x`

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +0,0 @@
----
-lastReleaseVersion: 0.0.8

cpp/ql/lib/definitions.qll

@@ -24,7 +24,7 @@ class Top extends Element {
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
-   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+   * [Locations](https://help.semmle.com/QL/learn-ql/ql/locations.html).
    */
   pragma[noopt]
   final predicate hasLocationInfo(

cpp/ql/lib/experimental/semmle/code/cpp/models/interfaces/SimpleRangeAnalysisDefinition.qll

@@ -37,7 +37,7 @@ abstract class SimpleRangeAnalysisDefinition extends RangeSsaDefinition {
    * dependencies. Without this information, range analysis might work for
    * simple cases but will go into infinite loops on complex code.
    *
-   * For example, when modeling the definition by reference in a call to an
+   * For example, when modelling the definition by reference in a call to an
    * overloaded `operator=`, written as `v = e`, the definition of `(this, v)`
    * depends on `e`.
    */

cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/InBoundsPointerDeref.qll

@@ -5,7 +5,7 @@
  * `Instruction` level), and then using the array length analysis and the range
  * analysis together to prove that some of these pointer dereferences are safe.
  *
- * The analysis is soundy, i.e. it is sound if no undefined behavior is present
+ * The analysis is soundy, i.e. it is sound if no undefined behaviour is present
  * in the program.
  * Furthermore, it crucially depends on the soundiness of the range analysis and
  * the array length analysis.

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll

@@ -52,8 +52,11 @@ module PrivateCleartextWrite {
 
   class WriteSink extends Sink {
     WriteSink() {
-      this.asExpr() = any(FileWrite f).getASource() or
-      this.asExpr() = any(BufferWrite b).getAChild()
+      exists(FileWrite f, BufferWrite b |
+        this.asExpr() = f.getASource()
+        or
+        this.asExpr() = b.getAChild()
+      )
     }
   }
 }

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateData.qll

@@ -13,25 +13,26 @@ import cpp
 
 /** A string for `match` that identifies strings that look like they represent private data. */
 private string privateNames() {
-  result =
-    [
-      // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
-      // Government identifiers, such as Social Security Numbers
-      "%social%security%number%",
-      // Contact information, such as home addresses and telephone numbers
-      "%postcode%", "%zipcode%",
-      // result = "%telephone%" or
-      // Geographic location - where the user is (or was)
-      "%latitude%", "%longitude%",
-      // Financial data - such as credit card numbers, salary, bank accounts, and debts
-      "%creditcard%", "%salary%", "%bankaccount%",
-      // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
-      // result = "%email%" or
-      // result = "%mobile%" or
-      "%employer%",
-      // Health - medical conditions, insurance status, prescription records
-      "%medical%"
-    ]
+  // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
+  // Government identifiers, such as Social Security Numbers
+  result = "%social%security%number%" or
+  // Contact information, such as home addresses and telephone numbers
+  result = "%postcode%" or
+  result = "%zipcode%" or
+  // result = "%telephone%" or
+  // Geographic location - where the user is (or was)
+  result = "%latitude%" or
+  result = "%longitude%" or
+  // Financial data - such as credit card numbers, salary, bank accounts, and debts
+  result = "%creditcard%" or
+  result = "%salary%" or
+  result = "%bankaccount%" or
+  // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
+  // result = "%email%" or
+  // result = "%mobile%" or
+  result = "%employer%" or
+  // Health - medical conditions, insurance status, prescription records
+  result = "%medical%"
 }
 
 /** An expression that might contain private data. */

cpp/ql/lib/external/ExternalArtifact.qll

@@ -15,7 +15,7 @@ class ExternalData extends @externalDataElement {
    * Gets the path of the file this data was loaded from, with its
    * extension replaced by `.ql`.
    */
-  string getQueryPath() { result = this.getDataPath().regexpReplaceAll("\\.[^.]*$", ".ql") }
+  string getQueryPath() { result = getDataPath().regexpReplaceAll("\\.[^.]*$", ".ql") }
 
   /** Gets the number of fields in this data item. */
   int getNumFields() { result = 1 + max(int i | externalData(this, _, i, _) | i) }
@@ -24,22 +24,22 @@ class ExternalData extends @externalDataElement {
   string getField(int i) { externalData(this, _, i, result) }
 
   /** Gets the integer value of the `i`th field of this data item. */
-  int getFieldAsInt(int i) { result = this.getField(i).toInt() }
+  int getFieldAsInt(int i) { result = getField(i).toInt() }
 
   /** Gets the floating-point value of the `i`th field of this data item. */
-  float getFieldAsFloat(int i) { result = this.getField(i).toFloat() }
+  float getFieldAsFloat(int i) { result = getField(i).toFloat() }
 
   /** Gets the value of the `i`th field of this data item, interpreted as a date. */
-  date getFieldAsDate(int i) { result = this.getField(i).toDate() }
+  date getFieldAsDate(int i) { result = getField(i).toDate() }
 
   /** Gets a textual representation of this data item. */
-  string toString() { result = this.getQueryPath() + ": " + this.buildTupleString(0) }
+  string toString() { result = getQueryPath() + ": " + buildTupleString(0) }
 
   /** Gets a textual representation of this data item, starting with the `n`th field. */
   private string buildTupleString(int n) {
-    n = this.getNumFields() - 1 and result = this.getField(n)
+    n = getNumFields() - 1 and result = getField(n)
     or
-    n < this.getNumFields() - 1 and result = this.getField(n) + "," + this.buildTupleString(n + 1)
+    n < getNumFields() - 1 and result = getField(n) + "," + buildTupleString(n + 1)
   }
 }
 
@@ -53,8 +53,8 @@ class DefectExternalData extends ExternalData {
   }
 
   /** Gets the URL associated with this data item. */
-  string getURL() { result = this.getField(0) }
+  string getURL() { result = getField(0) }
 
   /** Gets the message associated with this data item. */
-  string getMessage() { result = this.getField(1) }
+  string getMessage() { result = getField(1) }
 }

cpp/ql/lib/qlpack.yml

@@ -1,7 +1,5 @@
 name: codeql/cpp-all
-version: 0.0.8
-groups: cpp
+version: 0.0.2
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
 library: true
-upgrades: upgrades

cpp/ql/lib/semmle/code/cpp/Class.qll

@@ -206,7 +206,9 @@ class Class extends UserType {
    * it is callable by a particular caller. For C++11, there's also a question
    * of whether to include members that are defaulted or deleted.
    */
-  deprecated predicate hasCopyConstructor() { this.getAMemberFunction() instanceof CopyConstructor }
+  deprecated predicate hasCopyConstructor() {
+    exists(CopyConstructor cc | cc = this.getAMemberFunction())
+  }
 
   /**
    * Holds if this class has a copy assignment operator that is either
@@ -222,7 +224,7 @@ class Class extends UserType {
    * or deleted.
    */
   deprecated predicate hasCopyAssignmentOperator() {
-    this.getAMemberFunction() instanceof CopyAssignmentOperator
+    exists(CopyAssignmentOperator coa | coa = this.getAMemberFunction())
   }
 
   /**
@@ -235,7 +237,7 @@ class Class extends UserType {
     exists(ClassDerivation cd | cd.getBaseClass() = base |
       result =
         this.accessOfBaseMemberMulti(cd.getDerivedClass(),
-          fieldInBase.accessInDirectDerived(cd.getASpecifier()))
+          fieldInBase.accessInDirectDerived(cd.getASpecifier().(AccessSpecifier)))
     )
   }
 
@@ -259,20 +261,21 @@ class Class extends UserType {
    * includes the case of `base` = `this`.
    */
   AccessSpecifier accessOfBaseMember(Declaration member) {
-    result = this.accessOfBaseMember(member.getDeclaringType(), member.getASpecifier())
+    result =
+      this.accessOfBaseMember(member.getDeclaringType(), member.getASpecifier().(AccessSpecifier))
   }
 
   /**
    * DEPRECATED: name changed to `hasImplicitCopyConstructor` to reflect that
    * `= default` members are no longer included.
    */
-  deprecated predicate hasGeneratedCopyConstructor() { this.hasImplicitCopyConstructor() }
+  deprecated predicate hasGeneratedCopyConstructor() { hasImplicitCopyConstructor() }
 
   /**
    * DEPRECATED: name changed to `hasImplicitCopyAssignmentOperator` to
    * reflect that `= default` members are no longer included.
    */
-  deprecated predicate hasGeneratedCopyAssignmentOperator() { this.hasImplicitCopyConstructor() }
+  deprecated predicate hasGeneratedCopyAssignmentOperator() { hasImplicitCopyConstructor() }
 
   /**
    * Holds if this class, struct or union has an implicitly-declared copy
@@ -316,7 +319,7 @@ class Class extends UserType {
     exists(Type t | t = this.getAFieldSubobjectType().getUnspecifiedType() |
       // Note: Overload resolution is not implemented -- all copy
       // constructors are considered equal.
-      this.cannotAccessCopyConstructorOnAny(t)
+      this.cannotAccessCopyConstructorOnAny(t.(Class))
     )
     or
     // - T has direct or virtual base class that cannot be copied (has deleted,
@@ -389,7 +392,7 @@ class Class extends UserType {
     exists(Type t | t = this.getAFieldSubobjectType().getUnspecifiedType() |
       // Note: Overload resolution is not implemented -- all copy assignment
       // operators are considered equal.
-      this.cannotAccessCopyAssignmentOperatorOnAny(t)
+      this.cannotAccessCopyAssignmentOperatorOnAny(t.(Class))
     )
     or
     exists(Class c | c = this.getADirectOrVirtualBase() |
@@ -484,7 +487,7 @@ class Class extends UserType {
     exists(ClassDerivation cd |
       // Add the offset of the direct base class and the offset of `baseClass`
       // within that direct base class.
-      cd = this.getADerivation() and
+      cd = getADerivation() and
       result = cd.getBaseClass().getANonVirtualBaseClassByteOffset(baseClass) + cd.getByteOffset()
     )
   }
@@ -499,12 +502,12 @@ class Class extends UserType {
    */
   int getABaseClassByteOffset(Class baseClass) {
     // Handle the non-virtual case.
-    result = this.getANonVirtualBaseClassByteOffset(baseClass)
+    result = getANonVirtualBaseClassByteOffset(baseClass)
     or
     exists(Class virtualBaseClass, int virtualBaseOffset, int offsetFromVirtualBase |
       // Look for the base class as a non-virtual base of a direct or indirect
       // virtual base, adding the two offsets.
-      this.getVirtualBaseClassByteOffset(virtualBaseClass) = virtualBaseOffset and
+      getVirtualBaseClassByteOffset(virtualBaseClass) = virtualBaseOffset and
       offsetFromVirtualBase = virtualBaseClass.getANonVirtualBaseClassByteOffset(baseClass) and
       result = virtualBaseOffset + offsetFromVirtualBase
     )
@@ -620,11 +623,11 @@ class Class extends UserType {
    * inherits one).
    */
   predicate isPolymorphic() {
-    exists(MemberFunction f | f.getDeclaringType() = this.getABaseClass*() and f.isVirtual())
+    exists(MemberFunction f | f.getDeclaringType() = getABaseClass*() and f.isVirtual())
   }
 
   override predicate involvesTemplateParameter() {
-    this.getATemplateArgument().(Type).involvesTemplateParameter()
+    getATemplateArgument().(Type).involvesTemplateParameter()
   }
 
   /** Holds if this class, struct or union was declared 'final'. */
@@ -762,7 +765,7 @@ class ClassDerivation extends Locatable, @derivation {
    * };
    * ```
    */
-  Class getBaseClass() { result = this.getBaseType().getUnderlyingType() }
+  Class getBaseClass() { result = getBaseType().getUnderlyingType() }
 
   override string getAPrimaryQlClass() { result = "ClassDerivation" }
 
@@ -815,7 +818,7 @@ class ClassDerivation extends Locatable, @derivation {
   predicate hasSpecifier(string s) { this.getASpecifier().hasName(s) }
 
   /** Holds if the derivation is for a virtual base class. */
-  predicate isVirtual() { this.hasSpecifier("virtual") }
+  predicate isVirtual() { hasSpecifier("virtual") }
 
   /** Gets the location of the derivation. */
   override Location getLocation() { derivations(underlyingElement(this), _, _, _, result) }
@@ -843,7 +846,7 @@ class ClassDerivation extends Locatable, @derivation {
  * ```
  */
 class LocalClass extends Class {
-  LocalClass() { this.isLocal() }
+  LocalClass() { isLocal() }
 
   override string getAPrimaryQlClass() { not this instanceof LocalStruct and result = "LocalClass" }
 
@@ -885,7 +888,7 @@ class NestedClass extends Class {
  * pure virtual function.
  */
 class AbstractClass extends Class {
-  AbstractClass() { this.getAMemberFunction() instanceof PureVirtualFunction }
+  AbstractClass() { exists(PureVirtualFunction f | this.getAMemberFunction() = f) }
 
   override string getAPrimaryQlClass() { result = "AbstractClass" }
 }
@@ -986,9 +989,9 @@ class ClassTemplateSpecialization extends Class {
   TemplateClass getPrimaryTemplate() {
     // Ignoring template arguments, the primary template has the same name
     // as each of its specializations.
-    result.getSimpleName() = this.getSimpleName() and
+    result.getSimpleName() = getSimpleName() and
     // It is in the same namespace as its specializations.
-    result.getNamespace() = this.getNamespace() and
+    result.getNamespace() = getNamespace() and
     // It is distinguished by the fact that each of its template arguments
     // is a distinct template parameter.
     count(TemplateParameter tp | tp = result.getATemplateArgument()) =
@@ -1105,7 +1108,7 @@ deprecated class Interface extends Class {
  * ```
  */
 class VirtualClassDerivation extends ClassDerivation {
-  VirtualClassDerivation() { this.hasSpecifier("virtual") }
+  VirtualClassDerivation() { hasSpecifier("virtual") }
 
   override string getAPrimaryQlClass() { result = "VirtualClassDerivation" }
 }
@@ -1133,7 +1136,7 @@ class VirtualBaseClass extends Class {
   VirtualClassDerivation getAVirtualDerivation() { result.getBaseClass() = this }
 
   /** A class/struct that is derived from this one using virtual inheritance. */
-  Class getAVirtuallyDerivedClass() { result = this.getAVirtualDerivation().getDerivedClass() }
+  Class getAVirtuallyDerivedClass() { result = getAVirtualDerivation().getDerivedClass() }
 }
 
 /**
@@ -1152,7 +1155,7 @@ class ProxyClass extends UserType {
   override string getAPrimaryQlClass() { result = "ProxyClass" }
 
   /** Gets the location of the proxy class. */
-  override Location getLocation() { result = this.getTemplateParameter().getDefinitionLocation() }
+  override Location getLocation() { result = getTemplateParameter().getDefinitionLocation() }
 
   /** Gets the template parameter for which this is the proxy class. */
   TemplateParameter getTemplateParameter() {

cpp/ql/lib/semmle/code/cpp/Declaration.qll

@@ -184,7 +184,7 @@ class Declaration extends Locatable, @declaration {
   predicate hasDefinition() { exists(this.getDefinition()) }
 
   /** DEPRECATED: Use `hasDefinition` instead. */
-  predicate isDefined() { this.hasDefinition() }
+  predicate isDefined() { hasDefinition() }
 
   /** Gets the preferred location of this declaration, if any. */
   override Location getLocation() { none() }
@@ -209,7 +209,7 @@ class Declaration extends Locatable, @declaration {
   predicate isStatic() { this.hasSpecifier("static") }
 
   /** Holds if this declaration is a member of a class/struct/union. */
-  predicate isMember() { this.hasDeclaringType() }
+  predicate isMember() { hasDeclaringType() }
 
   /** Holds if this declaration is a member of a class/struct/union. */
   predicate hasDeclaringType() { exists(this.getDeclaringType()) }
@@ -226,14 +226,14 @@ class Declaration extends Locatable, @declaration {
    * When called on a template, this will return a template parameter type for
    * both typed and non-typed parameters.
    */
-  final Locatable getATemplateArgument() { result = this.getTemplateArgument(_) }
+  final Locatable getATemplateArgument() { result = getTemplateArgument(_) }
 
   /**
    * Gets a template argument used to instantiate this declaration from a template.
    * When called on a template, this will return a non-typed template
    * parameter value.
    */
-  final Locatable getATemplateArgumentKind() { result = this.getTemplateArgumentKind(_) }
+  final Locatable getATemplateArgumentKind() { result = getTemplateArgumentKind(_) }
 
   /**
    * Gets the `i`th template argument used to instantiate this declaration from a
@@ -252,9 +252,9 @@ class Declaration extends Locatable, @declaration {
    * `getTemplateArgument(1)` return `1`.
    */
   final Locatable getTemplateArgument(int index) {
-    if exists(this.getTemplateArgumentValue(index))
-    then result = this.getTemplateArgumentValue(index)
-    else result = this.getTemplateArgumentType(index)
+    if exists(getTemplateArgumentValue(index))
+    then result = getTemplateArgumentValue(index)
+    else result = getTemplateArgumentType(index)
   }
 
   /**
@@ -275,13 +275,14 @@ class Declaration extends Locatable, @declaration {
    * `getTemplateArgumentKind(0)`.
    */
   final Locatable getTemplateArgumentKind(int index) {
-    exists(this.getTemplateArgumentValue(index)) and
-    result = this.getTemplateArgumentType(index)
+    if exists(getTemplateArgumentValue(index))
+    then result = getTemplateArgumentType(index)
+    else none()
   }
 
   /** Gets the number of template arguments for this declaration. */
   final int getNumberOfTemplateArguments() {
-    result = count(int i | exists(this.getTemplateArgument(i)))
+    result = count(int i | exists(getTemplateArgument(i)))
   }
 
   private Type getTemplateArgumentType(int index) {
@@ -327,9 +328,9 @@ class DeclarationEntry extends Locatable, TDeclarationEntry {
    * available), or the name declared by this entry otherwise.
    */
   string getCanonicalName() {
-    if this.getDeclaration().hasDefinition()
-    then result = this.getDeclaration().getDefinition().getName()
-    else result = this.getName()
+    if getDeclaration().hasDefinition()
+    then result = getDeclaration().getDefinition().getName()
+    else result = getName()
   }
 
   /**
@@ -370,18 +371,18 @@ class DeclarationEntry extends Locatable, TDeclarationEntry {
   /**
    * Holds if this declaration entry has a specifier with the given name.
    */
-  predicate hasSpecifier(string specifier) { this.getASpecifier() = specifier }
+  predicate hasSpecifier(string specifier) { getASpecifier() = specifier }
 
   /** Holds if this declaration entry is a definition. */
   predicate isDefinition() { none() } // overridden in subclasses
 
   override string toString() {
-    if this.isDefinition()
-    then result = "definition of " + this.getName()
+    if isDefinition()
+    then result = "definition of " + getName()
     else
-      if this.getName() = this.getCanonicalName()
-      then result = "declaration of " + this.getName()
-      else result = "declaration of " + this.getCanonicalName() + " as " + this.getName()
+      if getName() = getCanonicalName()
+      then result = "declaration of " + getName()
+      else result = "declaration of " + getCanonicalName() + " as " + getName()
   }
 }
 
@@ -490,7 +491,8 @@ class AccessHolder extends Declaration, TAccessHolder {
    */
   pragma[inline]
   predicate canAccessMember(Declaration member, Class derived) {
-    this.couldAccessMember(member.getDeclaringType(), member.getASpecifier(), derived)
+    this.couldAccessMember(member.getDeclaringType(), member.getASpecifier().(AccessSpecifier),
+      derived)
   }
 
   /**
@@ -579,7 +581,7 @@ private class DirectAccessHolder extends Element {
     // transitive closure with a restricted base case.
     this.thisCanAccessClassStep(base, derived)
     or
-    exists(Class between | this.thisCanAccessClassTrans(base, between) |
+    exists(Class between | thisCanAccessClassTrans(base, between) |
       isDirectPublicBaseOf(between, derived) or
       this.thisCanAccessClassStep(between, derived)
     )