Add change note for Spring StringUtils

.codeqlmanifest.json

@@ -1,27 +1,6 @@
-{
-    "provide": [
-        "*/ql/src/qlpack.yml",
-        "*/ql/lib/qlpack.yml",
-        "*/ql/test/qlpack.yml",
-        "*/ql/examples/qlpack.yml",
-        "*/ql/consistency-queries/qlpack.yml",
-        "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml",
-        "javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml",
-        "javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml",
-        "javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml",
-        "csharp/ql/campaigns/Solorigate/lib/qlpack.yml",
-        "csharp/ql/campaigns/Solorigate/src/qlpack.yml",
-        "csharp/ql/campaigns/Solorigate/test/qlpack.yml",
-        "misc/legacy-support/*/qlpack.yml",
-        "misc/suite-helpers/qlpack.yml",
-        "ruby/extractor-pack/codeql-extractor.yml",
-        "ql/extractor-pack/codeql-extractor.yml"
-    ],
-    "versionPolicies": {
-      "default": {
-        "requireChangeNotes": true,
-        "committedPrereleaseSuffix": "dev",
-        "committedVersion": "nextPatchRelease"
-      }
-    }
-}
+{ "provide": [ "*/ql/src/qlpack.yml",
+               "*/ql/test/qlpack.yml",
+               "*/ql/examples/qlpack.yml",
+               "*/upgrades/qlpack.yml",
+               "misc/legacy-support/*/qlpack.yml",
+               "misc/suite-helpers/qlpack.yml" ] }

.devcontainer/devcontainer.json

@@ -1,14 +1,9 @@
 {
   "extensions": [
-    "rust-lang.rust",
-    "bungcip.better-toml",
     "github.vscode-codeql",
     "slevesque.vscode-zipexplorer"
   ],
   "settings": {
-    "files.watcherExclude": {
-      "**/target/**": true
-    },
     "codeQL.runningQueries.memory": 2048
   }
 }

.gitattributes

@@ -48,11 +48,3 @@
 *.gif -text
 *.dll -text
 *.pdb -text
-
-java/ql/test/stubs/**/*.java linguist-generated=true
-java/ql/test/experimental/stubs/**/*.java linguist-generated=true
-
-# Generated test files - these are synced from the standard JavaScript libraries using
-# `javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py`.
-javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.js linguist-generated=true -merge
-javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.ts linguist-generated=true -merge

.github/actions/fetch-codeql/action.yml

@@ -1,14 +0,0 @@
-name: Fetch CodeQL
-description: Fetches the latest version of CodeQL
-runs:
-  using: composite
-  steps:
-    - name: Fetch CodeQL
-      shell: bash
-      run: |
-        LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
-        gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
-        unzip -q -d "${RUNNER_TEMP}" codeql-linux64.zip
-        echo "${RUNNER_TEMP}/codeql" >> "${GITHUB_PATH}"
-      env:
-        GITHUB_TOKEN: ${{ github.token }}

.github/dependabot.yml

@@ -1,18 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "cargo"
-    directory: "ruby/node-types"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "cargo"
-    directory: "ruby/generator"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "cargo"
-    directory: "ruby/extractor"
-    schedule:
-      interval: "daily"
-  - package-ecosystem: "cargo"
-    directory: "ruby/autobuilder"
-    schedule:
-      interval: "daily"

.github/labeler.yml

@@ -18,14 +18,7 @@ Python:
   - python/**/*
   - change-notes/**/*python*
 
-Ruby:
-  - ruby/**/*
-  - change-notes/**/*ruby*
-
 documentation:
   - "**/*.qhelp"
   - "**/*.md"
   - docs/**/*
-
-"QL-for-QL": 
-  - ql/**/*

.github/workflows/check-change-note.yml

@@ -7,7 +7,6 @@ on:
       - "*/ql/src/**/*.ql"
       - "*/ql/src/**/*.qll"
       - "!**/experimental/**"
-      - "!ql/**"
 
 jobs:
   check-change-note:
@@ -20,5 +19,5 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq 'any(.[].filename ; test("/change-notes/.*[.]md$"))' |
-          grep true -c
+          gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate |
+          jq 'any(.[].filename ; test("/change-notes/.*[.]md$"))' --exit-status

.github/workflows/close-stale.yml

@@ -1,30 +0,0 @@
-name: Mark stale issues
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "30 1 * * *"
-
-jobs:
-  stale:
-    if: github.repository == 'github/codeql'
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/stale@v3
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        stale-issue-message: 'This issue is stale because it has been open 14 days with no activity. Comment or remove the `Stale` label in order to avoid having this issue closed in 7 days.'
-        close-issue-message: 'This issue was closed because it has been inactive for 7 days.'
-        days-before-stale: 14
-        days-before-close: 7
-        only-labels: awaiting-response
-
-        # do not mark PRs as stale
-        days-before-pr-stale: -1
-        days-before-pr-close: -1
-
-        # Uncomment for dry-run
-        # debug-only: true
-        # operations-per-run: 1000

.github/workflows/codeql-analysis.yml

@@ -11,8 +11,6 @@ on:
       - 'rc/*'
     paths:
       - 'csharp/**'
-      - '.github/codeql/**'
-      - '.github/workflows/codeql-analysis.yml'
   schedule:
     - cron: '0 9 * * 1'
 
@@ -21,23 +19,13 @@ jobs:
 
     runs-on: ubuntu-latest
 
-    permissions:
-      contents: read
-      security-events: write
-      pull-requests: read
-
     steps:
-    - name: Setup dotnet
-      uses: actions/setup-dotnet@v1
-      with:
-        dotnet-version: 6.0.101
-
     - name: Checkout repository
       uses: actions/checkout@v2
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@main
+      uses: github/codeql-action/init@v1
       # Override language selection by uncommenting this and choosing your languages
       with:
         languages: csharp
@@ -45,8 +33,8 @@ jobs:
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
-    #- name: Autobuild
-    #  uses: github/codeql-action/autobuild@main
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -55,8 +43,9 @@ jobs:
     #    and modify them (or add more) to build your code if your project
     #    uses a compiled language
 
-    - run: |
-       dotnet build csharp /p:UseSharedCompilation=false
+    #- run: |
+    #   make bootstrap
+    #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@main
+      uses: github/codeql-action/analyze@v1

.github/workflows/csv-coverage-metrics.yml

@@ -1,43 +0,0 @@
-name: "Publish framework coverage as metrics"
-
-on:
-  schedule:
-    - cron: '5 0 * * *'
-  push:
-    branches:
-      - main
-  workflow_dispatch:
-  pull_request:
-    branches:
-      - main
-    paths:
-      - ".github/workflows/csv-coverage-metrics.yml"
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
-      - name: Setup CodeQL
-        uses: ./.github/actions/fetch-codeql
-      - name: Create empty database
-        run: |
-          DATABASE="${{ runner.temp }}/java-database"
-          PROJECT="${{ runner.temp }}/java-project"
-          mkdir -p "$PROJECT/src/tmp/empty"
-          echo "class Empty {}" >> "$PROJECT/src/tmp/empty/Empty.java"
-          codeql database create "$DATABASE" --language=java --source-root="$PROJECT" --command 'javac src/tmp/empty/Empty.java'
-      - name: Capture coverage information
-        run: |
-          DATABASE="${{ runner.temp }}/java-database"
-          codeql database analyze --format=sarif-latest --output=metrics.sarif -- "$DATABASE" ./java/ql/src/Metrics/Summaries/FrameworkCoverage.ql
-      - uses: actions/upload-artifact@v2
-        with:
-          name: metrics.sarif
-          path: metrics.sarif
-          retention-days: 20
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v1
-        with:
-          sarif_file: metrics.sarif

.github/workflows/csv-coverage-pr-artifacts.yml

@@ -1,99 +0,0 @@
-name: Check framework coverage changes
-
-on:
-  pull_request:
-    paths:
-      - '.github/workflows/csv-coverage-pr-comment.yml'
-      - '*/ql/src/**/*.ql'
-      - '*/ql/src/**/*.qll'
-      - '*/ql/lib/**/*.ql'
-      - '*/ql/lib/**/*.qll'
-      - 'misc/scripts/library-coverage/*.py'
-      # input data files
-      - '*/documentation/library-coverage/cwe-sink.csv'
-      - '*/documentation/library-coverage/frameworks.csv'
-    branches:
-      - main
-      - 'rc/*'
-
-jobs:
-  generate:
-    name: Generate framework coverage artifacts
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Dump GitHub context
-      env:
-        GITHUB_CONTEXT: ${{ toJSON(github.event) }}
-      run: echo "$GITHUB_CONTEXT"
-    - name: Clone self (github/codeql) - MERGE
-      uses: actions/checkout@v2
-      with:
-        path: merge
-    - name: Clone self (github/codeql) - BASE
-      uses: actions/checkout@v2
-      with:
-        fetch-depth: 2
-        path: base
-    - run: |
-        git checkout HEAD^1
-        git log -1 --format='%H'
-      working-directory: base
-    - name: Set up Python 3.8
-      uses: actions/setup-python@v2
-      with:
-        python-version: 3.8
-    - name: Download CodeQL CLI
-      env:
-         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-         gh release download --repo "github/codeql-cli-binaries" --pattern "codeql-linux64.zip"
-    - name: Unzip CodeQL CLI
-      run: unzip -d codeql-cli codeql-linux64.zip
-    - name: Generate CSV files on merge commit of the PR
-      run: |
-        echo "Running generator on merge"
-        PATH="$PATH:codeql-cli/codeql" python merge/misc/scripts/library-coverage/generate-report.py ci merge merge
-        mkdir out_merge
-        cp framework-coverage-*.csv out_merge/
-        cp framework-coverage-*.rst out_merge/
-    - name: Generate CSV files on base commit of the PR
-      run: |
-        echo "Running generator on base"
-        PATH="$PATH:codeql-cli/codeql" python base/misc/scripts/library-coverage/generate-report.py ci base base
-        mkdir out_base
-        cp framework-coverage-*.csv out_base/
-        cp framework-coverage-*.rst out_base/
-    - name: Generate diff of coverage reports
-      run: |
-        python base/misc/scripts/library-coverage/compare-folders.py out_base out_merge comparison.md
-    - name: Upload CSV package list
-      uses: actions/upload-artifact@v2
-      with:
-        name: csv-framework-coverage-merge
-        path: |
-          out_merge/framework-coverage-*.csv
-          out_merge/framework-coverage-*.rst
-    - name: Upload CSV package list
-      uses: actions/upload-artifact@v2
-      with:
-        name: csv-framework-coverage-base
-        path: |
-          out_base/framework-coverage-*.csv
-          out_base/framework-coverage-*.rst
-    - name: Upload comparison results
-      uses: actions/upload-artifact@v2
-      with:
-        name: comparison
-        path: |
-          comparison.md
-    - name: Save PR number
-      run: |
-        mkdir -p pr
-        echo ${{ github.event.pull_request.number }} > pr/NR
-    - name: Upload PR number
-      uses: actions/upload-artifact@v2
-      with:
-        name: pr
-        path: pr/

.github/workflows/csv-coverage-pr-comment.yml

@@ -1,34 +0,0 @@
-name: Comment on PR with framework coverage changes
-
-on:
-  workflow_run:
-    workflows: ["Check framework coverage changes"]
-    types:
-      - completed
-
-jobs:
-  check:
-    name: Check framework coverage differences and comment
-    runs-on: ubuntu-latest
-    if: >
-      ${{ github.event.workflow_run.event == 'pull_request' &&
-      github.event.workflow_run.conclusion == 'success' }}
-
-    steps:
-    - name: Dump GitHub context
-      env:
-        GITHUB_CONTEXT: ${{ toJSON(github.event) }}
-      run: echo "$GITHUB_CONTEXT"
-    - name: Clone self (github/codeql)
-      uses: actions/checkout@v2
-    - name: Set up Python 3.8
-      uses: actions/setup-python@v2
-      with:
-        python-version: 3.8
-
-    - name: Check coverage difference file and comment
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        RUN_ID: ${{ github.event.workflow_run.id }}
-      run: |
-        python misc/scripts/library-coverage/comment-pr.py "$GITHUB_REPOSITORY" "$RUN_ID"

.github/workflows/csv-coverage-timeseries.yml

@@ -1,42 +0,0 @@
-name: Build framework coverage timeseries reports
-
-on:
-  workflow_dispatch:
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Clone self (github/codeql)
-      uses: actions/checkout@v2
-      with:
-        path: script
-    - name: Clone self (github/codeql) for analysis
-      uses: actions/checkout@v2
-      with:
-        path: codeqlModels
-        fetch-depth: 0
-    - name: Set up Python 3.8
-      uses: actions/setup-python@v2
-      with:
-        python-version: 3.8
-    - name: Download CodeQL CLI
-      env:
-         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-         gh release download --repo "github/codeql-cli-binaries" --pattern "codeql-linux64.zip"
-    - name: Unzip CodeQL CLI
-      run: unzip -d codeql-cli codeql-linux64.zip
-    - name: Build modeled package list
-      run: |
-        CLI=$(realpath "codeql-cli/codeql")
-        echo $CLI
-        PATH="$PATH:$CLI" python script/misc/scripts/library-coverage/generate-timeseries.py codeqlModels
-    - name: Upload timeseries CSV
-      uses: actions/upload-artifact@v2
-      with:
-        name: framework-coverage-timeseries
-        path: framework-coverage-timeseries-*.csv
-

.github/workflows/csv-coverage-update.yml

@@ -1,44 +0,0 @@
-name: Update framework coverage reports
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 0 * * *"
-
-jobs:
-  update:
-    name: Update framework coverage report
-    if: github.repository == 'github/codeql'
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Dump GitHub context
-      env:
-        GITHUB_CONTEXT: ${{ toJSON(github.event) }}
-      run: echo "$GITHUB_CONTEXT"
-    - name: Clone self (github/codeql)
-      uses: actions/checkout@v2
-      with:
-        path: ql
-        fetch-depth: 0
-    - name: Set up Python 3.8
-      uses: actions/setup-python@v2
-      with:
-        python-version: 3.8
-    - name: Download CodeQL CLI
-      env:
-         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-         gh release download --repo "github/codeql-cli-binaries" --pattern "codeql-linux64.zip"
-    - name: Unzip CodeQL CLI
-      run: unzip -d codeql-cli codeql-linux64.zip
-
-    - name: Generate coverage files
-      run: |
-        PATH="$PATH:codeql-cli/codeql" python ql/misc/scripts/library-coverage/generate-report.py ci ql ql
-
-    - name: Create pull request with changes
-      env:
-         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-        python ql/misc/scripts/library-coverage/create-pr.py ql "$GITHUB_REPOSITORY"

.github/workflows/csv-coverage.yml

@@ -1,49 +0,0 @@
-name: Build framework coverage reports
-
-on:
-  workflow_dispatch:
-    inputs:
-      qlModelShaOverride:
-        description: 'github/codeql repo SHA used for looking up the CSV models'
-        required: false
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Clone self (github/codeql)
-      uses: actions/checkout@v2
-      with:
-        path: script
-    - name: Clone self (github/codeql) for analysis
-      uses: actions/checkout@v2
-      with:
-        path: codeqlModels
-        ref: ${{ github.event.inputs.qlModelShaOverride || github.ref }}
-    - name: Set up Python 3.8
-      uses: actions/setup-python@v2
-      with:
-        python-version: 3.8
-    - name: Download CodeQL CLI
-      env:
-         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-         gh release download --repo "github/codeql-cli-binaries" --pattern "codeql-linux64.zip"
-    - name: Unzip CodeQL CLI
-      run: unzip -d codeql-cli codeql-linux64.zip
-    - name: Build modeled package list
-      run: |
-        PATH="$PATH:codeql-cli/codeql" python script/misc/scripts/library-coverage/generate-report.py ci codeqlModels script
-    - name: Upload CSV package list
-      uses: actions/upload-artifact@v2
-      with:
-        name: framework-coverage-csv
-        path: framework-coverage-*.csv
-    - name: Upload RST package list
-      uses: actions/upload-artifact@v2
-      with:
-        name: framework-coverage-rst
-        path: framework-coverage-*.rst
-

.github/workflows/js-ml-tests.yml

@@ -1,67 +0,0 @@
-name: JS ML-powered queries tests
-
-on:
-  push:
-    paths:
-      - "javascript/ql/experimental/adaptivethreatmodeling/**"
-      - .github/workflows/js-ml-tests.yml
-    branches:
-      - main
-      - "rc/*"
-  pull_request:
-    paths:
-      - "javascript/ql/experimental/adaptivethreatmodeling/**"
-      - .github/workflows/js-ml-tests.yml
-
-defaults:
-  run:
-    working-directory: javascript/ql/experimental/adaptivethreatmodeling
-
-jobs:
-  qlformat:
-    name: Check QL formatting
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - uses: ./.github/actions/fetch-codeql
-
-      - name: Check QL formatting
-        run: |
-          find . "(" -name "*.ql" -or -name "*.qll" ")" -print0 | \
-            xargs -0 codeql query format --check-only
-
-  qlcompile:
-    name: Check QL compilation
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - uses: ./.github/actions/fetch-codeql
-
-      - name: Check QL compilation
-        run: |
-          codeql query compile \
-            --check-only \
-            --ram 5120 \
-            --additional-packs "${{ github.workspace }}" \
-            --threads=0 \
-            -- \
-            lib modelbuilding src
-
-  qltest:
-    name: Run QL tests
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - uses: ./.github/actions/fetch-codeql
-
-      - name: Run QL tests
-        run: |
-          codeql test run \
-            --threads=0 \
-            --ram 5120 \
-            --additional-packs "${{ github.workspace }}" \
-            -- \
-            test

.github/workflows/mad_modelDiff.yml

@@ -1,103 +0,0 @@
-name: Models as Data - Diff
-
-on:
-  workflow_dispatch:
-    inputs:
-      projects:
-        description: "The projects to generate models for"
-        required: true
-        default: '["netty/netty"]'
-  pull_request:
-    branches:
-      - main
-    paths:
-      - "java/ql/src/utils/model-generator/**/*.*"
-      - ".github/workflows/mad_modelDiff.yml"
-
-permissions:
-  contents: read
-
-jobs:
-  model-diff:
-    name: Model Difference
-    runs-on: ubuntu-latest
-    if: github.repository == 'github/codeql'
-    strategy:
-      matrix:
-        slug: ${{fromJson(github.event.inputs.projects || '["apache/commons-codec", "apache/commons-io", "apache/commons-beanutils", "apache/commons-logging", "apache/commons-fileupload", "apache/commons-lang", "apache/commons-validator", "apache/commons-csv", "apache/dubbo"]' )}}
-    steps:
-      - name: Clone github/codeql from PR
-        uses: actions/checkout@v2
-        if: github.event.pull_request
-        with:
-          path: codeql-pr
-      - name: Clone github/codeql from main
-        uses: actions/checkout@v2
-        with:
-          path: codeql-main
-          ref: main
-      - uses: ./codeql-main/.github/actions/fetch-codeql
-      - name: Download database
-        env:
-          SLUG: ${{ matrix.slug }}
-        run: |
-          set -x
-          mkdir lib-dbs
-          SHORTNAME=${SLUG//[^a-zA-Z0-9_]/}
-          projectId=`curl -s https://lgtm.com/api/v1.0/projects/g/${SLUG} | jq .id`
-          curl -L "https://lgtm.com/api/v1.0/snapshots/$projectId/java" -o "$SHORTNAME.zip"
-          unzip -q -d "${SHORTNAME}-db" "${SHORTNAME}.zip"
-          mkdir "lib-dbs/$SHORTNAME/"
-          mv "${SHORTNAME}-db/"$(ls -1 "${SHORTNAME}"-db)/* "lib-dbs/${SHORTNAME}/"
-      - name: Generate Models (PR and main)
-        run: |
-          set -x
-          mkdir tmp-models
-          MODELS=`pwd`/tmp-models
-          DATABASES=`pwd`/lib-dbs
-
-          analyzeDatabaseWithCheckout() {
-            QL_VARIANT=$1
-            DATABASE=$2
-            cd codeql-$QL_VARIANT
-            SHORTNAME=`basename $DATABASE`
-            python java/ql/src/utils/model-generator/GenerateFlowModel.py $DATABASE $MODELS/${SHORTNAME}.qll
-            mv $MODELS/${SHORTNAME}.qll $MODELS/${SHORTNAME}Generated_${QL_VARIANT}.qll
-            cd ..
-          }
-
-          for d in $DATABASES/*/ ; do
-            ls -1 "$d"
-
-            analyzeDatabaseWithCheckout "main" $d
-            if [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]
-            then
-              analyzeDatabaseWithCheckout "pr" $d
-            fi
-          done
-      - name: Install diff2html
-        if: github.event.pull_request
-        run: |
-          npm install -g diff2html-cli
-      - name: Generate Model Diff
-        if: github.event.pull_request
-        run: |
-          set -x
-          MODELS=`pwd`/tmp-models
-          ls -1 tmp-models/
-          for m in $MODELS/*_main.qll ; do
-            t="${m/main/"pr"}"
-            basename=`basename $m`
-            name="diff_${basename/_main.qll/""}"
-            (diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true
-          done
-      - uses: actions/upload-artifact@v2
-        with:
-          name: models
-          path: tmp-models/*.qll
-          retention-days: 20
-      - uses: actions/upload-artifact@v2
-        with:
-          name: diffs
-          path: tmp-models/*.html
-          retention-days: 20

.github/workflows/mad_regenerate-models.yml

@@ -1,62 +0,0 @@
-name: Regenerate framework models
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "30 2 * * *"
-  pull_request:
-    branches:
-      - main
-    paths:
-      - ".github/workflows/mad_regenerate-models.yml"
-
-jobs:
-  regenerate-models:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        # placeholder required for each axis, excluded below, replaced by the actual combinations (see include)
-        slug: ["placeholder"]
-        ref: ["placeholder"]
-        include:
-          - slug: "apache/commons-io"
-            ref: "8985de8fe74f6622a419b37a6eed0dbc484dc128"
-        exclude:
-          - slug: "placeholder"
-            ref: "placeholder"
-    steps:
-      - name: Clone self (github/codeql)
-        uses: actions/checkout@v2
-      - name: Setup CodeQL binaries
-        uses: ./.github/actions/fetch-codeql
-      - name: Clone repositories
-        uses: actions/checkout@v2
-        with:
-          path: repos/${{ matrix.ref }}
-          ref: ${{ matrix.ref }}
-          repository: ${{ matrix.slug }}
-      - name: Build database
-        env:
-          SLUG: ${{ matrix.slug }}
-          REF: ${{ matrix.ref }}
-        run: |
-          mkdir dbs
-          cd repos/${REF}
-          SHORTNAME=${SLUG//[^a-zA-Z0-9_]/}
-          codeql database create --language=java ../../dbs/${SHORTNAME}
-      - name: Regenerate models in-place
-        env:
-          SLUG: ${{ matrix.slug }}
-        run: |
-          SHORTNAME=${SLUG//[^a-zA-Z0-9_]/}
-          java/ql/src/utils/model-generator/RegenerateModels.py "${SLUG}" dbs/${SHORTNAME}
-      - name: Stage changes
-        run: |
-          find java -name "*.qll" -print0 | xargs -0 git add
-          git status
-          git diff --cached > models.patch
-      - uses: actions/upload-artifact@v2
-        with:
-          name: patch
-          path: models.patch
-          retention-days: 7

.github/workflows/post-pr-comment.yml

@@ -1,31 +0,0 @@
-name: Post pull-request comment
-on:
-  workflow_run:
-    workflows: ["Query help preview"]
-    types:
-      - completed
-
-permissions:
-  pull-requests: write
-
-jobs:
-  post_comment:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Download artifact
-        run: gh run download "${WORKFLOW_RUN_ID}" --repo "${GITHUB_REPOSITORY}" --name "comment"
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          WORKFLOW_RUN_ID: ${{ github.event.workflow_run.id }}
-      - run: |
-          PR="$(grep -o '^[0-9]\+$' pr.txt)"
-          PR_HEAD_SHA="$(gh api "/repos/${GITHUB_REPOSITORY}/pulls/${PR}" --jq .head.sha)"
-          # Check that the pull-request head SHA matches the head SHA of the workflow run
-          if [ "${WORKFLOW_RUN_HEAD_SHA}" != "${PR_HEAD_SHA}" ]; then
-            echo "PR head SHA ${PR_HEAD_SHA} does not match workflow_run event SHA ${WORKFLOW_RUN_HEAD_SHA}. Stopping." 1>&2
-            exit 1
-          fi
-          gh pr comment "${PR}" --repo "${GITHUB_REPOSITORY}" -F comment.txt
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          WORKFLOW_RUN_HEAD_SHA: ${{ github.event.workflow_run.head_commit.id }}

.github/workflows/qhelp-pr-preview.yml

@@ -1,63 +0,0 @@
-name: Query help preview
-
-permissions:
-  contents: read
-
-on:
-  pull_request:
-    branches:
-      - main
-      - "rc/*"
-    paths:
-      - "ruby/**/*.qhelp"
-
-jobs:
-  qhelp:
-    runs-on: ubuntu-latest
-    steps:
-      - run: echo "${{  github.event.number }}" > pr.txt
-      - uses: actions/upload-artifact@v2
-        with:
-          name: comment
-          path: pr.txt
-          retention-days: 1
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 2
-          persist-credentials: false
-      - uses: ./.github/actions/fetch-codeql
-      - name: Determine changed files
-        id: changes
-        run: |
-          (git diff -z --name-only --diff-filter=ACMRT HEAD~1 HEAD | grep -z '.qhelp$' | grep -z -v '.inc.qhelp';
-           git diff -z --name-only --diff-filter=ACMRT HEAD~1 HEAD | grep -z '.inc.qhelp$' | xargs --null -rn1 basename | xargs --null -rn1 git grep -z -l) |
-           grep -z '.qhelp$' | grep -z -v '^-' | sort -z -u > "${RUNNER_TEMP}/paths.txt"
-
-      - name: QHelp preview
-        run: |
-          EXIT_CODE=0
-          echo "QHelp previews:" > comment.txt
-          while read -r -d $'\0' path; do
-            if [ ! -f "${path}" ]; then
-               exit 1
-            fi
-            echo "<details> <summary>${path}</summary>"
-            echo
-            codeql generate query-help --format=markdown -- "./${path}" 2> errors.txt || EXIT_CODE="$?"
-            if [ -s errors.txt ]; then
-               echo "# errors/warnings:"
-               echo '```'
-               cat errors.txt
-               cat errors.txt 1>&2
-               echo '```'
-            fi
-            echo "</details>"
-          done < "${RUNNER_TEMP}/paths.txt" >> comment.txt
-          exit "${EXIT_CODE}"
-
-      - if: always()
-        uses: actions/upload-artifact@v2
-        with:
-          name: comment
-          path: comment.txt
-          retention-days: 1

.github/workflows/ql-for-ql-build.yml

@@ -1,199 +0,0 @@
-name: Run QL for QL
-
-on:
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
-
-env:
-  CARGO_TERM_COLOR: always
-
-jobs:
-  queries:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Find codeql
-        id: find-codeql
-        uses: github/codeql-action/init@erik-krogh/ql
-        with:
-          languages: javascript # does not matter
-      - name: Get CodeQL version
-        id: get-codeql-version
-        run: |
-          echo "::set-output name=version::$("${CODEQL}" --version | head -n 1 | rev | cut -d " " -f 1 | rev)"
-        shell: bash
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Cache queries
-        id: cache-queries
-        uses: actions/cache@v2
-        with:
-          path: ${{ runner.temp }}/query-pack.zip
-          key: queries-${{ hashFiles('ql/**/*.ql*') }}-${{ hashFiles('ql/ql/src/ql.dbscheme*') }}-${{ steps.get-codeql-version.outputs.version }}
-      - name: Build query pack
-        if: steps.cache-queries.outputs.cache-hit != 'true'
-        run: |
-          cd ql/ql/src
-          "${CODEQL}" pack create
-          cd .codeql/pack/codeql/ql-all/0.0.0
-          zip "${PACKZIP}" -r .
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-          PACKZIP: ${{ runner.temp }}/query-pack.zip
-      - name: Upload query pack
-        uses: actions/upload-artifact@v2
-        with:
-          name: query-pack-zip
-          path: ${{ runner.temp }}/query-pack.zip
-
-  extractors:
-    strategy:
-      fail-fast: false
-
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-      - name: Cache entire extractor
-        id: cache-extractor
-        uses: actions/cache@v2
-        with:
-          path: |
-            ql/target/release/ql-autobuilder
-            ql/target/release/ql-autobuilder.exe
-            ql/target/release/ql-extractor
-            ql/target/release/ql-extractor.exe
-          key: ${{ runner.os }}-extractor-${{ hashFiles('ql/**/Cargo.lock') }}-${{ hashFiles('ql/**/*.rs') }}
-      - name: Cache cargo
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            ql/target
-          key: ${{ runner.os }}-rust-cargo-${{ hashFiles('ql/**/Cargo.lock') }}
-      - name: Check formatting
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: cd ql; cargo fmt --all -- --check
-      - name: Build
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: cd ql; cargo build --verbose
-      - name: Run tests
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: cd ql; cargo test --verbose
-      - name: Release build
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: cd ql; cargo build --release
-      - name: Generate dbscheme
-        if: steps.cache-extractor.outputs.cache-hit != 'true'
-        run: ql/target/release/ql-generator --dbscheme ql/ql/src/ql.dbscheme --library ql/ql/src/codeql_ql/ast/internal/TreeSitter.qll
-      - uses: actions/upload-artifact@v2
-        with:
-          name: extractor-ubuntu-latest
-          path: |
-            ql/target/release/ql-autobuilder
-            ql/target/release/ql-autobuilder.exe
-            ql/target/release/ql-extractor
-            ql/target/release/ql-extractor.exe
-          retention-days: 1
-  package:
-    runs-on: ubuntu-latest
-
-    needs:
-      - extractors
-      - queries
-
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
-        with:
-          name: query-pack-zip
-          path: query-pack-zip
-      - uses: actions/download-artifact@v2
-        with:
-          name: extractor-ubuntu-latest
-          path: linux64
-      - run: |
-          unzip query-pack-zip/*.zip -d pack
-          cp -r ql/codeql-extractor.yml ql/tools ql/ql/src/ql.dbscheme.stats pack/
-          mkdir -p pack/tools/linux64
-          if [[ -f linux64/ql-autobuilder ]]; then
-            cp linux64/ql-autobuilder pack/tools/linux64/autobuilder
-            chmod +x pack/tools/linux64/autobuilder
-          fi
-          if [[ -f linux64/ql-extractor ]]; then
-            cp linux64/ql-extractor pack/tools/linux64/extractor
-            chmod +x pack/tools/linux64/extractor
-          fi
-          cd pack
-          zip -rq ../codeql-ql.zip .
-      - uses: actions/upload-artifact@v2
-        with:
-          name: codeql-ql-pack
-          path: codeql-ql.zip
-          retention-days: 1
-  analyze:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        folder: [cpp, csharp, java, javascript, python, ql, ruby]
-
-    needs:
-      - package
-
-    steps:
-      - name: Download pack
-        uses: actions/download-artifact@v2
-        with:
-          name: codeql-ql-pack
-          path: ${{ runner.temp }}/codeql-ql-pack-artifact
-
-      - name: Prepare pack
-        run: |
-          unzip "${PACK_ARTIFACT}/*.zip" -d "${PACK}"
-        env:
-          PACK_ARTIFACT: ${{ runner.temp }}/codeql-ql-pack-artifact
-          PACK: ${{ runner.temp }}/pack
-      - name: Hack codeql-action options
-        run: |
-          JSON=$(jq -nc --arg pack "${PACK}" '.resolve.queries=["--search-path", $pack] | .resolve.extractor=["--search-path", $pack] | .database.init=["--search-path", $pack]')
-          echo "CODEQL_ACTION_EXTRA_OPTIONS=${JSON}" >> ${GITHUB_ENV}
-        env:
-          PACK: ${{ runner.temp }}/pack
-
-      - name: Checkout repository
-        uses: actions/checkout@v2
-      - name: Create CodeQL config file
-        run: |
-          echo "paths:" > ${CONF}
-          echo "  - ${FOLDER}" >> ${CONF}
-          echo "paths-ignore:" >> ${CONF}
-          echo "  - ql/ql/test" >> ${CONF}
-          echo "Config file: "
-          cat ${CONF}
-        env: 
-          CONF: ./ql-for-ql-config.yml
-          FOLDER: ${{ matrix.folder }}
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@erik-krogh/ql
-        with:
-          languages: ql
-          db-location: ${{ runner.temp }}/db
-          config-file: ./ql-for-ql-config.yml
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@erik-krogh/ql
-        with: 
-          category: "ql-for-ql-${{ matrix.folder }}"
-      - name: Copy sarif file to CWD
-        run: cp ../results/ql.sarif ./${{ matrix.folder }}.sarif
-      - name: Sarif as artifact
-        uses: actions/upload-artifact@v2
-        with:
-          name: ${{ matrix.folder }}.sarif
-          path: ${{ matrix.folder }}.sarif
-

.github/workflows/ql-for-ql-dataset_measure.yml

@@ -1,84 +0,0 @@
-name: Collect database stats for QL for QL
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - ql/ql/src/ql.dbscheme
-  pull_request:
-    branches: [main]
-    paths:
-      - ql/ql/src/ql.dbscheme
-  workflow_dispatch:
-
-jobs:
-  measure:
-    env:
-      CODEQL_THREADS: 4 # TODO: remove this once it's set by the CLI
-    strategy:
-      matrix:
-        repo:
-          - github/codeql
-          - github/codeql-go
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Find codeql
-        id: find-codeql
-        uses: github/codeql-action/init@erik-krogh/ql
-        with:
-          languages: javascript # does not matter
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            ql/target
-          key: ${{ runner.os }}-qltest-cargo-${{ hashFiles('ql/**/Cargo.lock') }}
-      - name: Build Extractor
-        run: cd ql; env "PATH=$PATH:`dirname ${CODEQL}`" ./create-extractor-pack.sh
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Checkout ${{ matrix.repo }}
-        uses: actions/checkout@v2
-        with:
-          repository: ${{ matrix.repo }}
-          path: ${{ github.workspace }}/repo
-      - name: Create database
-        run: |
-          "${CODEQL}" database create \
-            --search-path "ql/extractor-pack" \
-            --threads 4 \
-            --language ql --source-root "${{ github.workspace }}/repo" \
-            "${{ runner.temp }}/database"
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Measure database
-        run: |
-          mkdir -p "stats/${{ matrix.repo }}"
-          "${CODEQL}" dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ql"
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - uses: actions/upload-artifact@v2
-        with:
-          name: measurements
-          path: stats
-          retention-days: 1
-
-  merge:
-    runs-on: ubuntu-latest
-    needs: measure
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
-        with:
-          name: measurements
-          path: stats
-      - run: |
-          python -m pip install --user lxml
-          find stats -name 'stats.xml' -print0 | sort -z | xargs -0 python ql/scripts/merge_stats.py --output ql/ql/src/ql.dbscheme.stats --normalise ql_tokeninfo
-      - uses: actions/upload-artifact@v2
-        with:
-          name: ql.dbscheme.stats
-          path: ql/ql/src/ql.dbscheme.stats

.github/workflows/ql-for-ql-tests.yml

@@ -1,52 +0,0 @@
-name: Run QL for QL Tests
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - "ql/**"
-  pull_request:
-    branches: [main]
-    paths:
-      - "ql/**"
-
-env:
-  CARGO_TERM_COLOR: always
-
-jobs:
-  qltest:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Find codeql
-        id: find-codeql
-        uses: github/codeql-action/init@erik-krogh/ql
-        with:
-          languages: javascript # does not matter
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            ql/target
-          key: ${{ runner.os }}-qltest-cargo-${{ hashFiles('ql/**/Cargo.lock') }}
-      - name: Build extractor
-        run: |
-          cd ql;
-          codeqlpath=$(dirname ${{ steps.find-codeql.outputs.codeql-path }});
-          env "PATH=$PATH:$codeqlpath" ./create-extractor-pack.sh
-      - name: Run QL tests
-        run: |
-          "${CODEQL}" test run --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --search-path "${{ github.workspace }}/ql/extractor-pack" --consistency-queries ql/ql/consistency-queries ql/ql/test
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Check QL formatting
-        run: |
-          find ql/ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 "${CODEQL}" query format --check-only
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - name: Check QL compilation
-        run: |
-          "${CODEQL}" query compile --check-only --threads=4 --warnings=error --search-path "${{ github.workspace }}/ql/extractor-pack" "ql/ql/src" "ql/ql/examples"
-        env:
-          CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}

.github/workflows/ruby-build.yml

@@ -1,224 +0,0 @@
-name: "Ruby: Build"
-
-on:
-  push:
-    paths:
-      - "ruby/**"
-      - .github/workflows/ruby-build.yml
-    branches:
-      - main
-      - "rc/*"
-  pull_request:
-    paths:
-      - "ruby/**"
-      - .github/workflows/ruby-build.yml
-    branches:
-      - main
-      - "rc/*"
-  workflow_dispatch:
-    inputs:
-      tag:
-        description: "Version tag to create"
-        required: false
-
-env:
-  CARGO_TERM_COLOR: always
-
-defaults:
-  run:
-    working-directory: ruby
-
-jobs:
-  build:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
-
-    runs-on: ${{ matrix.os }}
-
-    steps:
-      - uses: actions/checkout@v2
-      - name: Install GNU tar
-        if: runner.os == 'macOS'
-        run: |
-          brew install gnu-tar
-          echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            ruby/target
-          key: ${{ runner.os }}-ruby-rust-cargo-${{ hashFiles('ruby/rust-toolchain.toml', 'ruby/**/Cargo.lock') }}
-      - name: Check formatting
-        run: cargo fmt --all -- --check
-      - name: Build
-        run: cargo build --verbose
-      - name: Run tests
-        run: cargo test --verbose
-      - name: Release build
-        run: cargo build --release
-      - name: Generate dbscheme
-        if: ${{ matrix.os == 'ubuntu-latest' }}
-        run: target/release/ruby-generator --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
-      - uses: actions/upload-artifact@v2
-        if: ${{ matrix.os == 'ubuntu-latest' }}
-        with:
-          name: ruby.dbscheme
-          path: ruby/ql/lib/ruby.dbscheme
-      - uses: actions/upload-artifact@v2
-        if: ${{ matrix.os == 'ubuntu-latest' }}
-        with:
-          name: TreeSitter.qll
-          path: ruby/ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
-      - uses: actions/upload-artifact@v2
-        with:
-          name: extractor-${{ matrix.os }}
-          path: |
-            ruby/target/release/ruby-autobuilder
-            ruby/target/release/ruby-autobuilder.exe
-            ruby/target/release/ruby-extractor
-            ruby/target/release/ruby-extractor.exe
-          retention-days: 1
-  compile-queries:
-    runs-on: ubuntu-latest
-    env:
-      CODEQL_THREADS: 4 # TODO: remove this once it's set by the CLI
-    steps:
-      - uses: actions/checkout@v2
-      - name: Fetch CodeQL
-        run: |
-          LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
-          gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
-          unzip -q codeql-linux64.zip
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-      - name: Build Query Pack
-        run: |
-          codeql/codeql pack create ql/lib --output target/packs
-          codeql/codeql pack install ql/src
-          codeql/codeql pack create ql/src --output target/packs
-          PACK_FOLDER=$(readlink -f target/packs/codeql/ruby-queries/*)
-          codeql/codeql generate query-help --format=sarifv2.1.0 --output="${PACK_FOLDER}/rules.sarif" ql/src
-          (cd ql/src; find queries \( -name '*.qhelp' -o -name '*.rb' -o -name '*.erb' \) -exec bash -c 'mkdir -p "'"${PACK_FOLDER}"'/$(dirname "{}")"' \; -exec cp "{}" "${PACK_FOLDER}/{}" \;)
-      - uses: actions/upload-artifact@v2
-        with:
-          name: codeql-ruby-queries
-          path: |
-            ruby/target/packs/*
-          retention-days: 1
-
-  package:
-    runs-on: ubuntu-latest
-    needs: [build, compile-queries]
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
-        with:
-          name: ruby.dbscheme
-          path: ruby/ruby
-      - uses: actions/download-artifact@v2
-        with:
-          name: extractor-ubuntu-latest
-          path: ruby/linux64
-      - uses: actions/download-artifact@v2
-        with:
-          name: extractor-windows-latest
-          path: ruby/win64
-      - uses: actions/download-artifact@v2
-        with:
-          name: extractor-macos-latest
-          path: ruby/osx64
-      - run: |
-          mkdir -p ruby
-          cp -r codeql-extractor.yml tools ql/lib/ruby.dbscheme.stats ruby/
-          mkdir -p ruby/tools/{linux64,osx64,win64}
-          cp linux64/ruby-autobuilder ruby/tools/linux64/autobuilder
-          cp osx64/ruby-autobuilder ruby/tools/osx64/autobuilder
-          cp win64/ruby-autobuilder.exe ruby/tools/win64/autobuilder.exe
-          cp linux64/ruby-extractor ruby/tools/linux64/extractor
-          cp osx64/ruby-extractor ruby/tools/osx64/extractor
-          cp win64/ruby-extractor.exe ruby/tools/win64/extractor.exe
-          chmod +x ruby/tools/{linux64,osx64}/{autobuilder,extractor}
-          zip -rq codeql-ruby.zip ruby
-      - uses: actions/upload-artifact@v2
-        with:
-          name: codeql-ruby-pack
-          path: ruby/codeql-ruby.zip
-          retention-days: 1
-      - uses: actions/download-artifact@v2
-        with:
-          name: codeql-ruby-queries
-          path: ruby/qlpacks
-      - run: |
-          echo '{
-            "provide": [
-            "ruby/codeql-extractor.yml",
-            "qlpacks/*/*/*/qlpack.yml"
-            ]
-          }' > .codeqlmanifest.json
-          zip -rq codeql-ruby-bundle.zip .codeqlmanifest.json ruby qlpacks
-      - uses: actions/upload-artifact@v2
-        with:
-          name: codeql-ruby-bundle
-          path: ruby/codeql-ruby-bundle.zip
-          retention-days: 1
-
-  test:
-    defaults:
-      run:
-        working-directory: ${{ github.workspace }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
-
-    runs-on: ${{ matrix.os }}
-    needs: [package]
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          repository: Shopify/example-ruby-app
-          ref: 67a0decc5eb550f3a9228eda53925c3afd40dfe9
-      - name: Fetch CodeQL
-        shell: bash
-        run: |
-          LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
-          gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql.zip "$LATEST"
-          unzip -q codeql.zip
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-        working-directory: ${{ runner.temp }}
-      - name: Download Ruby bundle
-        uses: actions/download-artifact@v2
-        with:
-          name: codeql-ruby-bundle
-          path: ${{ runner.temp }}
-      - name: Unzip Ruby bundle
-        shell: bash
-        run: unzip -q -d "${{ runner.temp }}/ruby-bundle" "${{ runner.temp }}/codeql-ruby-bundle.zip"
-      - name: Prepare test files
-        shell: bash
-        run: |
-          echo "import ruby select count(File f)" > "test.ql"
-          echo "| 4 |" > "test.expected"
-          echo 'name: sample-tests
-          version: 0.0.0
-          dependencies:
-            codeql/ruby-all: 0.0.1
-          extractor: ruby
-          tests: .
-          ' > qlpack.yml
-      - name: Run QL test
-        shell: bash
-        run: |
-          "${{ runner.temp }}/codeql/codeql" test run --search-path "${{ runner.temp }}/ruby-bundle" --additional-packs "${{ runner.temp }}/ruby-bundle" .
-      - name: Create database
-        shell: bash
-        run: |
-          "${{ runner.temp }}/codeql/codeql" database create --search-path "${{ runner.temp }}/ruby-bundle" --language ruby --source-root . ../database
-      - name: Analyze database
-        shell: bash
-        run: |
-          "${{ runner.temp }}/codeql/codeql" database analyze --search-path "${{ runner.temp }}/ruby-bundle" --format=sarifv2.1.0 --output=out.sarif ../database ruby-code-scanning.qls

.github/workflows/ruby-dataset-measure.yml

@@ -1,73 +0,0 @@
-name: "Ruby: Collect database stats"
-
-on:
-  push:
-    branches:
-      - main
-      - "rc/*"
-    paths:
-      - ruby/ql/lib/ruby.dbscheme
-      - .github/workflows/ruby-dataset-measure.yml
-  pull_request:
-    branches:
-      - main
-      - "rc/*"
-    paths:
-      - ruby/ql/lib/ruby.dbscheme
-      - .github/workflows/ruby-dataset-measure.yml
-  workflow_dispatch:
-
-jobs:
-  measure:
-    env:
-      CODEQL_THREADS: 4 # TODO: remove this once it's set by the CLI
-    strategy:
-      fail-fast: false
-      matrix:
-        repo: [rails/rails, discourse/discourse, spree/spree, ruby/ruby]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - uses: ./.github/actions/fetch-codeql
-
-      - uses: ./ruby/actions/create-extractor-pack
-
-      - name: Checkout ${{ matrix.repo }}
-        uses: actions/checkout@v2
-        with:
-          repository: ${{ matrix.repo }}
-          path: ${{ github.workspace }}/repo
-      - name: Create database
-        run: |
-          codeql database create \
-            --search-path "${{ github.workspace }}/ruby/extractor-pack" \
-            --threads 4 \
-            --language ruby --source-root "${{ github.workspace }}/repo" \
-            "${{ runner.temp }}/database"
-      - name: Measure database
-        run: |
-          mkdir -p "stats/${{ matrix.repo }}"
-          codeql dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ruby"
-      - uses: actions/upload-artifact@v2
-        with:
-          name: measurements
-          path: stats
-          retention-days: 1
-
-  merge:
-    runs-on: ubuntu-latest
-    needs: measure
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/download-artifact@v2
-        with:
-          name: measurements
-          path: stats
-      - run: |
-          python -m pip install --user lxml
-          find stats -name 'stats.xml' | sort | xargs python ruby/scripts/merge_stats.py --output ruby/ql/lib/ruby.dbscheme.stats --normalise ruby_tokeninfo
-      - uses: actions/upload-artifact@v2
-        with:
-          name: ruby.dbscheme.stats
-          path: ruby/ql/lib/ruby.dbscheme.stats

.github/workflows/ruby-qltest.yml

@@ -1,76 +0,0 @@
-name: "Ruby: Run QL Tests"
-
-on:
-  push:
-    paths:
-      - "ruby/**"
-      - .github/workflows/ruby-qltest.yml
-    branches:
-      - main
-      - "rc/*"
-  pull_request:
-    paths:
-      - "ruby/**"
-      - .github/workflows/ruby-qltest.yml
-    branches:
-      - main
-      - "rc/*"
-
-env:
-  CARGO_TERM_COLOR: always
-
-defaults:
-  run:
-    working-directory: ruby
-
-jobs:
-  qlformat:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: ./.github/actions/fetch-codeql
-      - name: Check QL formatting
-        run: find ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 codeql query format --check-only
-  qlcompile:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: ./.github/actions/fetch-codeql
-      - name: Check QL compilation
-        run: |
-          codeql query compile --check-only --threads=0 --ram 5000 --warnings=error "ql/src" "ql/examples"
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-  qlupgrade:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: ./.github/actions/fetch-codeql
-      - name: Check DB upgrade scripts
-        run: |
-          echo >empty.trap
-          codeql dataset import -S ql/lib/upgrades/initial/ruby.dbscheme testdb empty.trap
-          codeql dataset upgrade testdb --additional-packs ql/lib
-          diff -q testdb/ruby.dbscheme ql/lib/ruby.dbscheme
-      - name: Check DB downgrade scripts
-        run: |
-          echo >empty.trap
-          rm -rf testdb; codeql dataset import -S ql/lib/ruby.dbscheme testdb empty.trap
-          codeql resolve upgrades --format=lines --allow-downgrades --additional-packs downgrades \
-           --dbscheme=ql/lib/ruby.dbscheme --target-dbscheme=downgrades/initial/ruby.dbscheme |
-           xargs codeql execute upgrades testdb
-          diff -q testdb/ruby.dbscheme downgrades/initial/ruby.dbscheme
-  qltest:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        slice: ["1/2", "2/2"]
-    steps:
-      - uses: actions/checkout@v2
-      - uses: ./.github/actions/fetch-codeql
-      - uses: ./ruby/actions/create-extractor-pack
-      - name: Run QL tests
-        run: |
-          codeql test run --threads=0 --ram 5000 --slice ${{ matrix.slice }} --search-path "${{ github.workspace }}/ruby/extractor-pack" --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --consistency-queries ql/consistency-queries ql/test
-        env:
-          GITHUB_TOKEN: ${{ github.token }}

.github/workflows/sync-files.yml

@@ -1,20 +0,0 @@
-name: Check synchronized files
-
-on:
-  push:
-    branches:
-      - main
-      - 'rc/*'
-  pull_request:
-    branches:
-      - main
-      - 'rc/*'
-
-jobs:
-  sync:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Check synchronized files
-        run: python config/sync-files.py
-

.gitignore

@@ -24,9 +24,3 @@
 /codeql/
 
 csharp/extractor/Semmle.Extraction.CSharp.Driver/Properties/launchSettings.json
-
-# Avoid committing cached package components
-.codeql
-
-# Compiled class file
-*.class

CODEOWNERS

@@ -3,7 +3,6 @@
 /java/ @github/codeql-java
 /javascript/ @github/codeql-javascript
 /python/ @github/codeql-python
-/ruby/ @github/codeql-ruby
 
 # Make @xcorail (GitHub Security Lab) a code owner for experimental queries so he gets pinged when we promote a query out of experimental
 /cpp/**/experimental/**/* @github/codeql-c-analysis @xcorail
@@ -11,10 +10,6 @@
 /java/**/experimental/**/* @github/codeql-java @xcorail
 /javascript/**/experimental/**/* @github/codeql-javascript @xcorail
 /python/**/experimental/**/* @github/codeql-python @xcorail
-/ruby/**/experimental/**/* @github/codeql-ruby @xcorail
-
-# ML-powered queries
-/javascript/ql/experimental/adaptivethreatmodeling/ @github/codeql-ml-powered-queries-reviewers
 
 # Notify members of codeql-go about PRs to the shared data-flow library files
 /java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll @github/codeql-java @github/codeql-go
@@ -22,12 +17,3 @@
 /java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll @github/codeql-java @github/codeql-go
 /java/ql/src/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go
 /java/ql/src/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go
-
-# CodeQL tools and associated docs
-/docs/codeql-cli/ @github/codeql-cli-reviewers
-/docs/codeql-for-visual-studio-code/ @github/codeql-vscode-reviewers
-/docs/ql-language-reference/ @github/codeql-frontend-reviewers
-/docs/query-*-style-guide.md @github/codeql-analysis-reviewers
-
-# QL for QL reviewers
-/ql/ @github/codeql-ql-for-ql-reviewers

CONTRIBUTING.md

@@ -4,9 +4,6 @@ We welcome contributions to our CodeQL libraries and queries. Got an idea for a
 
 There is lots of useful documentation to help you write queries, ranging from information about query file structure to tutorials for specific target languages. For more information on the documentation available, see [CodeQL queries](https://help.semmle.com/QL/learn-ql/writing-queries/writing-queries.html) on [help.semmle.com](https://help.semmle.com).
 
-## Change notes
-
-Any nontrivial user-visible change to a query pack or library pack should have a change note. For details on how to add a change note for your change, see [this guide](docs/change-notes.md).
 
 ## Submitting a new experimental query
 
@@ -14,14 +11,13 @@ If you have an idea for a query that you would like to share with other CodeQL u
 
 1. **Directory structure**
 
-    There are six language-specific query directories in this repository:
+    There are five language-specific query directories in this repository:
 
       * C/C++: `cpp/ql/src`
       * C#: `csharp/ql/src`
       * Java: `java/ql/src`
       * JavaScript: `javascript/ql/src`
       * Python: `python/ql/src`
-      * Ruby: `ruby/ql/src`
 
     Each language-specific directory contains further subdirectories that group queries based on their `@tags` or purpose.
     - Experimental queries and libraries are stored in the `experimental` subdirectory within each language-specific directory in the [CodeQL repository](https://github.com/github/codeql). For example, experimental Java queries and libraries are stored in `java/ql/src/experimental` and any corresponding tests in `java/ql/test/experimental`.

README.md

@@ -1,11 +1,11 @@
 # CodeQL
 
-This open source repository contains the standard CodeQL libraries and queries that power [GitHub Advanced Security](https://github.com/features/security/code) and the other application security products that [GitHub](https://github.com/features/security/) makes available to its customers worldwide. For the queries, libraries, and extractor that power Go analysis, visit the [CodeQL for Go repository](https://github.com/github/codeql-go).
+This open source repository contains the standard CodeQL libraries and queries that power [LGTM](https://lgtm.com) and the other CodeQL products that [GitHub](https://github.com) makes available to its customers worldwide. For the queries, libraries, and extractor that power Go analysis, visit the [CodeQL for Go repository](https://github.com/github/codeql-go).
 
 ## How do I learn CodeQL and run queries?
 
-There is [extensive documentation](https://codeql.github.com/docs/) on getting started with writing CodeQL.
-You can use the [CodeQL for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/) extension or the [interactive query console](https://lgtm.com/help/lgtm/using-query-console) on LGTM.com (Semmle Legacy product) to try out your queries on any open source project that's currently being analyzed.
+There is [extensive documentation](https://help.semmle.com/QL/learn-ql/) on getting started with writing CodeQL.
+You can use the [interactive query console](https://lgtm.com/help/lgtm/using-query-console) on LGTM.com or the [CodeQL for Visual Studio Code](https://help.semmle.com/codeql/codeql-for-vscode.html) extension to try out your queries on any open source project that's currently being analyzed.
 
 ## Contributing
 
@@ -13,7 +13,7 @@ We welcome contributions to our standard library and standard checks. Do you hav
 
 ## License
 
-The code in this repository is licensed under the [MIT License](LICENSE) by [GitHub](https://github.com). The use of CodeQL on open source code is licensed under specific [Terms & Conditions](https://securitylab.github.com/tools/codeql/license/) UNLESS you have a commercial license in place. If you'd like to use CodeQL with a commercial codebase, please [contact us](https://github.com/enterprise/contact) for further help.
+The code in this repository is licensed under the [MIT License](LICENSE) by [GitHub](https://github.com).
 
 ## Visual Studio Code integration
 

config/identical-files.json

@@ -1,340 +1,323 @@
 {
   "DataFlow Java/C++/C#/Python": [
-    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll",
-    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll",
-    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll",
-    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll",
-    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll",
-    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll",
-    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll",
-    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForOnActivityResult.qll",
-    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll",
-    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll",
-    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll",
-    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll",
-    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll"
+    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll",
+    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll",
+    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll",
+    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll",
+    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll",
+    "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll",
+    "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll",
+    "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll",
+    "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll",
+    "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll",
+    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl.qll",
+    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
+    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
+    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl4.qll"
   ],
   "DataFlow Java/C++/C#/Python Common": [
-    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll",
-    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll"
+    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll",
+    "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll",
+    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll"
   ],
   "TaintTracking::Configuration Java/C++/C#/Python": [
-    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
-    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll",
-    "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
-    "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll"
+    "cpp/ql/src/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
+    "cpp/ql/src/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll",
+    "java/ql/src/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
+    "java/ql/src/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
+    "python/ql/src/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll",
+    "python/ql/src/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll",
+    "python/ql/src/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll",
+    "python/ql/src/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll"
   ],
   "DataFlow Java/C++/C#/Python Consistency checks": [
-    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll",
-    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplConsistency.qll",
-    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplConsistency.qll"
-  ],
-  "DataFlow Java/C# Flow Summaries": [
-    "java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll"
+    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll",
+    "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImplConsistency.qll",
+    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll"
   ],
   "SsaReadPosition Java/C#": [
-    "java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll"
+    "java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll"
   ],
   "Sign Java/C#": [
-    "java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/Sign.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/Sign.qll"
+    "java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/Sign.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/rangeanalysis/Sign.qll"
   ],
   "SignAnalysis Java/C#": [
-    "java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll"
+    "java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll"
   ],
   "Bound Java/C#": [
-    "java/ql/lib/semmle/code/java/dataflow/Bound.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll"
+    "java/ql/src/semmle/code/java/dataflow/Bound.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/Bound.qll"
   ],
   "ModulusAnalysis Java/C#": [
-    "java/ql/lib/semmle/code/java/dataflow/ModulusAnalysis.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/ModulusAnalysis.qll"
+    "java/ql/src/semmle/code/java/dataflow/ModulusAnalysis.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/ModulusAnalysis.qll"
   ],
   "C++ SubBasicBlocks": [
-    "cpp/ql/lib/semmle/code/cpp/controlflow/SubBasicBlocks.qll",
-    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/SubBasicBlocks.qll"
+    "cpp/ql/src/semmle/code/cpp/controlflow/SubBasicBlocks.qll",
+    "cpp/ql/src/semmle/code/cpp/dataflow/internal/SubBasicBlocks.qll"
   ],
   "IR Instruction": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll",
     "csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll"
   ],
   "IR IRBlock": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRBlock.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll",
     "csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll"
   ],
   "IR IRVariable": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRVariable.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll",
     "csharp/ql/src/experimental/ir/implementation/raw/IRVariable.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRVariable.qll"
   ],
   "IR IRFunction": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRFunction.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRFunction.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRFunction.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRFunction.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRFunction.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRFunction.qll",
     "csharp/ql/src/experimental/ir/implementation/raw/IRFunction.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRFunction.qll"
   ],
   "IR Operand": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Operand.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Operand.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll",
     "csharp/ql/src/experimental/ir/implementation/raw/Operand.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Operand.qll"
   ],
   "IR IRType": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/IRType.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/IRType.qll",
     "csharp/ql/src/experimental/ir/implementation/IRType.qll"
   ],
   "IR IRConfiguration": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/IRConfiguration.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/IRConfiguration.qll",
     "csharp/ql/src/experimental/ir/implementation/IRConfiguration.qll"
   ],
   "IR UseSoundEscapeAnalysis": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/UseSoundEscapeAnalysis.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/UseSoundEscapeAnalysis.qll",
     "csharp/ql/src/experimental/ir/implementation/UseSoundEscapeAnalysis.qll"
   ],
   "IR IRFunctionBase": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll",
     "csharp/ql/src/experimental/ir/implementation/internal/IRFunctionBase.qll"
   ],
   "IR Operand Tag": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/OperandTag.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/internal/OperandTag.qll",
     "csharp/ql/src/experimental/ir/implementation/internal/OperandTag.qll"
   ],
   "IR TInstruction": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/internal/TInstruction.qll",
     "csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll"
   ],
   "IR TIRVariable": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TIRVariable.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/internal/TIRVariable.qll",
     "csharp/ql/src/experimental/ir/implementation/internal/TIRVariable.qll"
   ],
   "IR IR": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IR.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IR.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IR.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IR.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IR.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IR.qll",
     "csharp/ql/src/experimental/ir/implementation/raw/IR.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IR.qll"
   ],
   "IR IRConsistency": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRConsistency.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRConsistency.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRConsistency.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRConsistency.qll",
     "csharp/ql/src/experimental/ir/implementation/raw/IRConsistency.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRConsistency.qll"
   ],
   "IR PrintIR": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/PrintIR.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll",
     "csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/PrintIR.qll"
   ],
   "IR IntegerConstant": [
-    "cpp/ql/lib/semmle/code/cpp/ir/internal/IntegerConstant.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/internal/IntegerConstant.qll",
     "csharp/ql/src/experimental/ir/internal/IntegerConstant.qll"
   ],
   "IR IntegerInteval": [
-    "cpp/ql/lib/semmle/code/cpp/ir/internal/IntegerInterval.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/internal/IntegerInterval.qll",
     "csharp/ql/src/experimental/ir/internal/IntegerInterval.qll"
   ],
   "IR IntegerPartial": [
-    "cpp/ql/lib/semmle/code/cpp/ir/internal/IntegerPartial.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/internal/IntegerPartial.qll",
     "csharp/ql/src/experimental/ir/internal/IntegerPartial.qll"
   ],
   "IR Overlap": [
-    "cpp/ql/lib/semmle/code/cpp/ir/internal/Overlap.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/internal/Overlap.qll",
     "csharp/ql/src/experimental/ir/internal/Overlap.qll"
   ],
   "IR EdgeKind": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/EdgeKind.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/EdgeKind.qll",
     "csharp/ql/src/experimental/ir/implementation/EdgeKind.qll"
   ],
   "IR MemoryAccessKind": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/MemoryAccessKind.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/MemoryAccessKind.qll",
     "csharp/ql/src/experimental/ir/implementation/MemoryAccessKind.qll"
   ],
   "IR TempVariableTag": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/TempVariableTag.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/TempVariableTag.qll",
     "csharp/ql/src/experimental/ir/implementation/TempVariableTag.qll"
   ],
   "IR Opcode": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/Opcode.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/Opcode.qll",
     "csharp/ql/src/experimental/ir/implementation/Opcode.qll"
   ],
   "IR SSAConsistency": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConsistency.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConsistency.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConsistency.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConsistency.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConsistency.qll"
   ],
   "C++ IR InstructionImports": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/InstructionImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/InstructionImports.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/InstructionImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/InstructionImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/InstructionImports.qll"
   ],
   "C++ IR IRImports": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRImports.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRImports.qll"
   ],
   "C++ IR IRBlockImports": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRBlockImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRBlockImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRBlockImports.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRBlockImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRBlockImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRBlockImports.qll"
   ],
   "C++ IR IRFunctionImports": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRFunctionImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRFunctionImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRFunctionImports.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRFunctionImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRFunctionImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRFunctionImports.qll"
   ],
   "C++ IR IRVariableImports": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRVariableImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRVariableImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRVariableImports.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRVariableImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRVariableImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRVariableImports.qll"
   ],
   "C++ IR OperandImports": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/OperandImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/OperandImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/OperandImports.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/OperandImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/OperandImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/OperandImports.qll"
   ],
   "C++ IR PrintIRImports": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/PrintIRImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintIRImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintIRImports.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/PrintIRImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintIRImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintIRImports.qll"
   ],
   "C++ SSA SSAConstructionImports": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstructionImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstructionImports.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstructionImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstructionImports.qll"
   ],
   "SSA AliasAnalysis": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysis.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysis.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll"
   ],
-  "SSA PrintAliasAnalysis": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintAliasAnalysis.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintAliasAnalysis.qll"
-  ],
   "C++ SSA AliasAnalysisImports": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysisImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysisImports.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysisImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysisImports.qll"
   ],
   "C++ IR ValueNumberingImports": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingImports.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingImports.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingImports.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingImports.qll"
   ],
   "IR SSA SimpleSSA": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll"
   ],
   "IR AliasConfiguration (unaliased_ssa)": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll"
   ],
   "IR SSA SSAConstruction": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll"
   ],
   "IR SSA PrintSSA": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintSSA.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintSSA.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintSSA.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintSSA.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/PrintSSA.qll"
   ],
   "IR ValueNumberInternal": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingInternal.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingInternal.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingInternal.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingInternal.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingInternal.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingInternal.qll",
     "csharp/ql/src/experimental/ir/implementation/raw/gvn/internal/ValueNumberingInternal.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingInternal.qll"
   ],
   "C++ IR ValueNumber": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll",
     "csharp/ql/src/experimental/ir/implementation/raw/gvn/ValueNumbering.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll"
   ],
   "C++ IR PrintValueNumbering": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/PrintValueNumbering.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/PrintValueNumbering.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/PrintValueNumbering.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/gvn/PrintValueNumbering.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/PrintValueNumbering.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/PrintValueNumbering.qll",
     "csharp/ql/src/experimental/ir/implementation/raw/gvn/PrintValueNumbering.qll",
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/PrintValueNumbering.qll"
   ],
   "C++ IR ConstantAnalysis": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/constant/ConstantAnalysis.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/constant/ConstantAnalysis.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/constant/ConstantAnalysis.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/constant/ConstantAnalysis.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/constant/ConstantAnalysis.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/constant/ConstantAnalysis.qll"
   ],
   "C++ IR PrintConstantAnalysis": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/constant/PrintConstantAnalysis.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/constant/PrintConstantAnalysis.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/constant/PrintConstantAnalysis.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/constant/PrintConstantAnalysis.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/constant/PrintConstantAnalysis.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/constant/PrintConstantAnalysis.qll"
   ],
   "C++ IR ReachableBlock": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/reachability/ReachableBlock.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/ReachableBlock.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/reachability/ReachableBlock.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/ReachableBlock.qll"
   ],
   "C++ IR PrintReachableBlock": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/reachability/PrintReachableBlock.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/PrintReachableBlock.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/reachability/PrintReachableBlock.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/PrintReachableBlock.qll"
   ],
   "C++ IR Dominance": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/reachability/Dominance.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/Dominance.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/reachability/Dominance.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/Dominance.qll"
   ],
   "C++ IR PrintDominance": [
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/reachability/PrintDominance.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/PrintDominance.qll"
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/reachability/PrintDominance.qll",
+    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/PrintDominance.qll"
   ],
   "C# IR InstructionImports": [
     "csharp/ql/src/experimental/ir/implementation/raw/internal/InstructionImports.qll",
@@ -369,15 +352,13 @@
     "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingImports.qll"
   ],
   "C# ControlFlowReachability": [
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/ControlFlowReachability.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/ControlFlowReachability.qll"
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/ControlFlowReachability.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/rangeanalysis/ControlFlowReachability.qll"
   ],
   "Inline Test Expectations": [
     "cpp/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "csharp/ql/test/TestUtilities/InlineExpectationsTest.qll",
     "java/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "python/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "ruby/ql/test/TestUtilities/InlineExpectationsTest.qll"
+    "python/ql/test/TestUtilities/InlineExpectationsTest.qll"
   ],
   "C++ ExternalAPIs": [
     "cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll",
@@ -388,11 +369,11 @@
     "cpp/ql/src/Security/CWE/CWE-020/ir/SafeExternalAPIFunction.qll"
   ],
   "XML": [
-    "cpp/ql/lib/semmle/code/cpp/XML.qll",
-    "csharp/ql/lib/semmle/code/csharp/XML.qll",
-    "java/ql/lib/semmle/code/xml/XML.qll",
-    "javascript/ql/lib/semmle/javascript/XML.qll",
-    "python/ql/lib/semmle/python/xml/XML.qll"
+    "cpp/ql/src/semmle/code/cpp/XML.qll",
+    "csharp/ql/src/semmle/code/csharp/XML.qll",
+    "java/ql/src/semmle/code/xml/XML.qll",
+    "javascript/ql/src/semmle/javascript/XML.qll",
+    "python/ql/src/semmle/python/xml/XML.qll"
   ],
   "DuplicationProblems.inc.qhelp": [
     "cpp/ql/src/Metrics/Files/DuplicationProblems.inc.qhelp",
@@ -446,60 +427,13 @@
     "python/ql/src/analysis/IDEContextual.qll"
   ],
   "SSA C#": [
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImplCommon.qll",
-    "csharp/ql/lib/semmle/code/csharp/controlflow/internal/pressa/SsaImplCommon.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/basessa/SsaImplCommon.qll",
-    "csharp/ql/lib/semmle/code/cil/internal/SsaImplCommon.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImplCommon.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll"
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/SsaImplCommon.qll",
+    "csharp/ql/src/semmle/code/csharp/controlflow/internal/pressa/SsaImplCommon.qll",
+    "csharp/ql/src/semmle/code/csharp/dataflow/internal/basessa/SsaImplCommon.qll",
+    "csharp/ql/src/semmle/code/cil/internal/SsaImplCommon.qll"
   ],
-  "CryptoAlgorithms Python/JS/Ruby": [
-    "javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll",
-    "python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll",
-    "ruby/ql/lib/codeql/ruby/security/CryptoAlgorithms.qll"
-  ],
-  "CryptoAlgorithmNames Python/JS/Ruby": [
-    "javascript/ql/lib/semmle/javascript/security/internal/CryptoAlgorithmNames.qll",
-    "python/ql/lib/semmle/python/concepts/internal/CryptoAlgorithmNames.qll",
-    "ruby/ql/lib/codeql/ruby/security/internal/CryptoAlgorithmNames.qll"
-  ],
-  "SensitiveDataHeuristics Python/JS": [
-    "javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
-    "python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll"
-  ],
-  "ReDoS Util Python/JS/Ruby": [
-    "javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll",
-    "python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll",
-    "ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll"
-  ],
-  "ReDoS Exponential Python/JS": [
-    "javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll",
-    "python/ql/lib/semmle/python/security/performance/ExponentialBackTracking.qll"
-  ],
-  "ReDoS Polynomial Python/JS": [
-    "javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll",
-    "python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll",
-    "ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll"
-  ],
-  "BadTagFilterQuery Python/JS/Ruby": [
-    "javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll",
-    "python/ql/lib/semmle/python/security/BadTagFilterQuery.qll",
-    "ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll"
-  ],
-  "CFG": [
-    "csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll",
-    "ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll"
-  ],
-  "TypeTracker": [
-    "python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll",
-    "ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll"
-  ],
-  "CodeQL Tutorial": [
-    "cpp/ql/lib/tutorial.qll",
-    "csharp/ql/lib/tutorial.qll",
-    "java/ql/lib/tutorial.qll",
-    "javascript/ql/lib/tutorial.qll",
-    "python/ql/lib/tutorial.qll",
-    "ruby/ql/lib/tutorial.qll"
+  "CryptoAlgorithms Python/JS": [
+    "javascript/ql/src/semmle/javascript/security/CryptoAlgorithms.qll",
+    "python/ql/src/semmle/crypto/Crypto.qll"
   ]
-}
+}

cpp/autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net5.0</TargetFramework>
     <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
     <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
     <Nullable>enable</Nullable>

cpp/autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net5.0</TargetFramework>
     <AssemblyName>Semmle.Autobuild.Cpp</AssemblyName>
     <RootNamespace>Semmle.Autobuild.Cpp</RootNamespace>
     <ApplicationIcon />
@@ -17,7 +17,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Build" Version="16.11.0" />
+    <PackageReference Include="Microsoft.Build" Version="16.9.0" />
   </ItemGroup>
 
   <ItemGroup>

cpp/config/suites/security/cwe-120

@@ -5,11 +5,9 @@
   @name Badly bounded write (CWE-120)
 + semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWrite.ql: /CWE/CWE-120
   @name Potentially overrunning write (CWE-120)
-+ semmlecode-cpp-queries/Security/CWE/CWE-120/VeryLikelyOverrunWrite.ql: /CWE/CWE-120
-  @name Likely overrunning write
 + semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWriteFloat.ql: /CWE/CWE-120
   @name Potentially overrunning write with float to string conversion (CWE-120)
 + semmlecode-cpp-queries/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql: /CWE/CWE-120
   @name Array offset used before range check (CWE-120)
 + semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /CWE/CWE-120
-  @name Potentially unsafe use of strcat (CWE-120)
+    @name Potentially unsafe use of strcat (CWE-120)

cpp/old-change-notes/2021-03-11-overflow-abs.md

@@ -1,2 +0,0 @@
-lgtm
-* The `cpp/tainted-arithmetic`, `cpp/arithmetic-with-extreme-values`, and `cpp/uncontrolled-arithmetic` queries now recognize more functions as returning the absolute value of their input. As a result, they produce fewer false positives.

cpp/old-change-notes/2021-04-06-assign-where-compare-meant.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The 'Assignment where comparison was intended' (cpp/assign-where-compare-meant) query has been improved to flag fewer benign assignments in conditionals.

cpp/old-change-notes/2021-04-09-unsigned-difference-expression-compared-zero.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The 'Unsigned difference expression compared to zero' (cpp/unsigned-difference-expression-compared-zero) query has been improved to produce fewer false positive results.

cpp/old-change-notes/2021-04-13-arithmetic-queries.md

@@ -1,2 +0,0 @@
-lgtm
-* The queries cpp/tainted-arithmetic, cpp/uncontrolled-arithmetic, and cpp/arithmetic-with-extreme-values have been improved to produce fewer false positives.

cpp/old-change-notes/2021-04-21-return-stack-allocated-object.md

@@ -1,2 +0,0 @@
-codescanning
-* The 'Pointer to stack object used as return value' (cpp/return-stack-allocated-object) query has been deprecated, and any uses should be replaced with `Returning stack-allocated memory` (cpp/return-stack-allocated-memory).

cpp/old-change-notes/2021-04-26-more-sound-expr-might-overflow.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The `exprMightOverflowPositively` and `exprMightOverflowNegatively` predicates from the `SimpleRangeAnalysis` library now recognize more expressions that might overflow.

cpp/old-change-notes/2021-05-10-comparison-with-wider-type.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The 'Comparison with wider type' (cpp/comparison-with-wider-type) query has been improved to produce fewer false positives.

cpp/old-change-notes/2021-05-12-uncontrolled-arithmetic.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The query "Uncontrolled arithmetic" (`cpp/uncontrolled-arithmetic`) has been improved to produce fewer false positives.

cpp/old-change-notes/2021-05-14-uncontrolled-allocation-size.md

@@ -1,2 +0,0 @@
-lgtm
-* The "Tainted allocation size" query (cpp/uncontrolled-allocation-size) has been improved to produce fewer false positives.

cpp/old-change-notes/2021-05-18-static-buffer-overflow.md

@@ -1,2 +0,0 @@
-lgtm
-* The "Static buffer overflow" query (cpp/static-buffer-overflow) has been improved to produce fewer false positives.

cpp/old-change-notes/2021-05-19-weak-cryptographic-algorithm.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The "Use of a broken or risky cryptographic algorithm" (`cpp/weak-cryptographic-algorithm`) query has been enhanced to reduce false positive results, and (rarely) find more true positive results.

cpp/old-change-notes/2021-05-20-incorrect-allocation-error-handling.md

@@ -1,2 +0,0 @@
-lgtm
-* A new query (`cpp/incorrect-allocation-error-handling`) has been added. The query finds incorrect error-handling of calls to `operator new`. This query was originally [submitted as an experimental query by @ihsinme](https://github.com/github/codeql/pull/5010).

cpp/old-change-notes/2021-05-20-ref-qualifiers.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* lvalue/rvalue ref qualifiers are now accessible via the new predicates on `MemberFunction`(`.isLValueRefQualified`, `.isRValueRefQualified`, and `isRefQualified`).

cpp/old-change-notes/2021-05-21-unsafe-strncat.md

@@ -1,2 +0,0 @@
-lgtm
-* The "Potentially unsafe call to strncat" query (cpp/unsafe-strncat) query has been improved to detect more cases of unsafe calls to `strncat`.

cpp/old-change-notes/2021-06-10-cleartext-transmission.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* A new query (`cpp/cleartext-transmission`) has been added. This is similar to the `cpp/cleartext-storage-file`, `cpp/cleartext-storage-buffer` and `cpp/cleartext-storage-database` queries but looks for cases where sensitive information is most likely transmitted over a network.

cpp/old-change-notes/2021-06-10-std-types.md

@@ -1,4 +0,0 @@
-lgtm,codescanning
-* Added definitions for types found in `cstdint`. Added types `FixedWidthIntegralType`, `MinimumWidthIntegralType`, `FastestMinimumWidthIntegralType`, and `MaximumWidthIntegralType` to describe types such as `int8_t`, `int_least8_t`, `int_fast8_t`, and `intmax_t` respectively. 
-* Changed definition of `Intmax_t` and `Uintmax_t` to be part of the new type structure. 
-* Added a type `FixedWidthEnumType` which describes enums based on a fixed-width integer type. For instance, `enum e: uint8_t = { a, b };`.

cpp/old-change-notes/2021-06-21-weak-cryptographic-algorithm.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The "Use of a broken or risky cryptographic algorithm" (`cpp/weak-cryptographic-algorithm`) query has been further improved to reduce false positives and its `@precision` increased to `high`.

cpp/old-change-notes/2021-06-22-sql-tainted.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The 'Uncontrolled data in SQL query' (cpp/sql-injection) query now supports the `libpqxx` library.

cpp/old-change-notes/2021-06-24-dataflow-implicit-reads.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The DataFlow libraries have been augmented with support for `Configuration`-specific in-place read steps at, for example, sinks and custom taint steps. This means that it is now possible to specify sinks that accept flow with non-empty access paths.

cpp/old-change-notes/2021-06-24-uncontrolled-arithmetic.md

@@ -1,2 +0,0 @@
-lgtm
-* The 'Uncontrolled data in arithmetic expression' (cpp/uncontrolled-arithmetic) query now recognizes more sources of randomness.

cpp/old-change-notes/2021-06-30-wrong-type-format-argument.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The 'Wrong type of arguments to formatting function' (cpp/wrong-type-format-argument) query is now more accepting of the string and character formatting differences between Microsoft and non-Microsoft platforms.  There are now fewer false positive results.

cpp/old-change-notes/2021-07-13-cleartext-storage-file.md

@@ -1,3 +0,0 @@
-lgtm,codescanning
-* The "Cleartext storage of sensitive information in file" (cpp/cleartext-storage-file) query now uses dataflow to produce additional results.
-* Heuristics in the SensitiveExprs.qll library have been improved, making the "Cleartext storage of sensitive information in file" (cpp/cleartext-storage-file), "Cleartext storage of sensitive information in buffer" (cpp/cleartext-storage-buffer) and "Cleartext storage of sensitive information in an SQLite" (cpp/cleartext-storage-database) queries more accurate.

cpp/old-change-notes/2021-07-20-toctou-race-condition.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Improvements have been made to the `cpp/toctou-race-condition` query, both to find more correct results and fewer false positive results.

cpp/old-change-notes/2021-07-27-uncontrolled-arithmetic.md

@@ -1,2 +0,0 @@
-lgtm
-* Improvements made to the (`cpp/uncontrolled-arithmetic`) query, reducing the frequency of false positive results.

cpp/old-change-notes/2021-07-29-virtual-function-declaration-specifiers.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Virtual function specifiers are now accessible via the new predicates on `Function` (`.isDeclaredVirtual`, `.isOverride`, and `.isFinal`).

cpp/old-change-notes/2021-08-10-has-trailing-return-type.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Added `Function.hasTrailingReturnType` predicate to check whether a function was declared with a trailing return type.

cpp/old-change-notes/2021-08-17-has-c-linkage.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Added `RoutineType.hasCLinkage` predicate to check whether a function type has "C" language linkage.

cpp/old-change-notes/2021-08-23-ctime-weaken-claims.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Lowered the precision of `cpp/potentially-dangerous-function` so it is run but not displayed on LGTM by default and so it's only run and displayed on Code Scanning if a broader suite like `cpp-security-extended` is opted into.

cpp/old-change-notes/2021-08-23-getPrimaryQlClasses.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Added `Element.getPrimaryQlClasses()` predicate, which gets a comma-separated list of the names of the primary CodeQL classes to which this element belongs.

cpp/old-change-notes/2021-08-24-implicit-downcast-from-bitfield.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The query `cpp/implicit-bitfield-downcast` now accounts for C++ reference types, which leads to more true positive results.

cpp/old-change-notes/2021-08-31-range-analysis-upper-bound.md

@@ -1,4 +0,0 @@
-lgtm,codescanning
-* The `SimpleRangeAnalysis` library includes information from the
-  immediate guard for determining the upper bound of a stack
-  variable for improved accuracy.

cpp/old-change-notes/2021-09-13-overflow-static.md

@@ -1,4 +0,0 @@
-lgtm,codescanning
-* The `memberMayBeVarSize` predicate considers more fields to be variable size.
-  As a result, the "Static buffer overflow" query (cpp/static-buffer-overflow)
-  produces fewer false positives.

cpp/old-change-notes/2021-09-27-command-line-injection.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The "Uncontrolled data used in OS command" (`cpp/command-line-injection`) query has been enhanced to reduce false positive results and its `@precision` increased to `high`

cpp/old-change-notes/2021-09-27-overflow-static.md

@@ -1,3 +0,0 @@
-lgtm,codescanning
-* Increase precision to high for the "Static buffer overflow" query
-  (`cpp/static-buffer-overflow`). This means the query is run and displayed by default on Code Scanning and LGTM.

cpp/old-change-notes/2021-10-01-improper-null-termination.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Several improvements made to the `NullTermination.qll` library and the 'Potential improper null termination' (cpp/improper-null-termination). These changes reduce the number of false positive results for this query and related query 'User-controlled data may not be null terminated' (cpp/user-controlled-null-termination-tainted).

cpp/old-change-notes/2021-10-07-cleartext-transmission.md

@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The "Cleartext transmission of sensitive information" (`cpp/cleartext-transmission`) query has been improved, reducing the number of false positive results when encryption is present.

cpp/old-change-notes/2021-10-07-extraction-errors.md

@@ -1,3 +0,0 @@
-codescanning
-* Problems with extraction that in most cases won't break the analysis in a significant way are now reported as warnings rather than errors.
-* The failed extractor invocations query now has severity `error`.

cpp/ql/examples/qlpack.lock.yml

@@ -1,4 +0,0 @@
----
-dependencies: {}
-compiled: false
-lockVersion: 1.0.0

cpp/ql/examples/qlpack.yml

@@ -1,6 +1,3 @@
-name: codeql/cpp-examples
-groups: 
-  - cpp
-  - examples
-dependencies:
-  codeql/cpp-all: "*"
+name: codeql-cpp-examples
+version: 0.0.0
+libraryPathDependencies: codeql-cpp

cpp/ql/lib/CHANGELOG.md

@@ -1,26 +0,0 @@
-## 0.0.9
-
-## 0.0.8
-
-### Deprecated APIs
-
-* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack.
-
-### Minor Analysis Improvements
-
-* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a
-  more accurate length for integers formatted with `%x`
-
-## 0.0.7
-
-## 0.0.6
-
-## 0.0.5
-
-## 0.0.4
-
-### New Features
-
-* The QL library `semmle.code.cpp.commons.Exclusions` now contains a predicate
-  `isFromSystemMacroDefinition` for identifying code that originates from a
-  macro outside the project being analyzed.

cpp/ql/lib/change-notes/released/0.0.4.md

@@ -1,7 +0,0 @@
-## 0.0.4
-
-### New Features
-
-* The QL library `semmle.code.cpp.commons.Exclusions` now contains a predicate
-  `isFromSystemMacroDefinition` for identifying code that originates from a
-  macro outside the project being analyzed.

cpp/ql/lib/change-notes/released/0.0.5.md

@@ -1 +0,0 @@
-## 0.0.5

cpp/ql/lib/change-notes/released/0.0.6.md

@@ -1 +0,0 @@
-## 0.0.6

cpp/ql/lib/change-notes/released/0.0.7.md

@@ -1 +0,0 @@
-## 0.0.7

cpp/ql/lib/change-notes/released/0.0.8.md

@@ -1,10 +0,0 @@
-## 0.0.8
-
-### Deprecated APIs
-
-* The `codeql/cpp-upgrades` CodeQL pack has been removed. All upgrades scripts have been merged into the `codeql/cpp-all` CodeQL pack.
-
-### Minor Analysis Improvements
-
-* `FormatLiteral::getMaxConvertedLength` now uses range analysis to provide a
-  more accurate length for integers formatted with `%x`

cpp/ql/lib/change-notes/released/0.0.9.md

@@ -1,2 +0,0 @@
-## 0.0.9
-

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +0,0 @@
----
-lastReleaseVersion: 0.0.9

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateData.qll

@@ -1,52 +0,0 @@
-/**
- * Provides classes and predicates for identifying private data and functions for security.
- *
- * 'Private' data in general is anything that would compromise user privacy if exposed. This
- * library tries to guess where private data may either be stored in a variable or produced by a
- * function.
- *
- * This library is not concerned with credentials. See `SensitiveActions` for expressions related
- * to credentials.
- */
-
-import cpp
-
-/** A string for `match` that identifies strings that look like they represent private data. */
-private string privateNames() {
-  result =
-    [
-      // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
-      // Government identifiers, such as Social Security Numbers
-      "%social%security%number%",
-      // Contact information, such as home addresses and telephone numbers
-      "%postcode%", "%zipcode%",
-      // result = "%telephone%" or
-      // Geographic location - where the user is (or was)
-      "%latitude%", "%longitude%",
-      // Financial data - such as credit card numbers, salary, bank accounts, and debts
-      "%creditcard%", "%salary%", "%bankaccount%",
-      // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
-      // result = "%email%" or
-      // result = "%mobile%" or
-      "%employer%",
-      // Health - medical conditions, insurance status, prescription records
-      "%medical%"
-    ]
-}
-
-/** An expression that might contain private data. */
-abstract class PrivateDataExpr extends Expr { }
-
-/** A functiond call that might produce private data. */
-class PrivateFunctionCall extends PrivateDataExpr, FunctionCall {
-  PrivateFunctionCall() {
-    exists(string s | this.getTarget().getName().toLowerCase() = s | s.matches(privateNames()))
-  }
-}
-
-/** An access to a variable that might contain private data. */
-class PrivateVariableAccess extends PrivateDataExpr, VariableAccess {
-  PrivateVariableAccess() {
-    exists(string s | this.getTarget().getName().toLowerCase() = s | s.matches(privateNames()))
-  }
-}

cpp/ql/lib/external/ExternalArtifact.qll

@@ -1,60 +0,0 @@
-/**
- * Provides classes for working with external data.
- */
-
-import cpp
-
-/**
- * An external data item.
- */
-class ExternalData extends @externalDataElement {
-  /** Gets the path of the file this data was loaded from. */
-  string getDataPath() { externalData(this, result, _, _) }
-
-  /**
-   * Gets the path of the file this data was loaded from, with its
-   * extension replaced by `.ql`.
-   */
-  string getQueryPath() { result = this.getDataPath().regexpReplaceAll("\\.[^.]*$", ".ql") }
-
-  /** Gets the number of fields in this data item. */
-  int getNumFields() { result = 1 + max(int i | externalData(this, _, i, _) | i) }
-
-  /** Gets the value of the `i`th field of this data item. */
-  string getField(int i) { externalData(this, _, i, result) }
-
-  /** Gets the integer value of the `i`th field of this data item. */
-  int getFieldAsInt(int i) { result = this.getField(i).toInt() }
-
-  /** Gets the floating-point value of the `i`th field of this data item. */
-  float getFieldAsFloat(int i) { result = this.getField(i).toFloat() }
-
-  /** Gets the value of the `i`th field of this data item, interpreted as a date. */
-  date getFieldAsDate(int i) { result = this.getField(i).toDate() }
-
-  /** Gets a textual representation of this data item. */
-  string toString() { result = this.getQueryPath() + ": " + this.buildTupleString(0) }
-
-  /** Gets a textual representation of this data item, starting with the `n`th field. */
-  private string buildTupleString(int n) {
-    n = this.getNumFields() - 1 and result = this.getField(n)
-    or
-    n < this.getNumFields() - 1 and result = this.getField(n) + "," + this.buildTupleString(n + 1)
-  }
-}
-
-/**
- * External data with a location, and a message, as produced by tools that used to produce QLDs.
- */
-class DefectExternalData extends ExternalData {
-  DefectExternalData() {
-    this.getField(0).regexpMatch("\\w+://.*:[0-9]+:[0-9]+:[0-9]+:[0-9]+$") and
-    this.getNumFields() = 2
-  }
-
-  /** Gets the URL associated with this data item. */
-  string getURL() { result = this.getField(0) }
-
-  /** Gets the message associated with this data item. */
-  string getMessage() { result = this.getField(1) }
-}

cpp/ql/lib/qlpack.lock.yml

@@ -1,4 +0,0 @@
----
-dependencies: {}
-compiled: false
-lockVersion: 1.0.0

cpp/ql/lib/qlpack.yml

@@ -1,7 +0,0 @@
-name: codeql/cpp-all
-version: 0.0.9
-groups: cpp
-dbscheme: semmlecode.cpp.dbscheme
-extractor: cpp
-library: true
-upgrades: upgrades

cpp/ql/lib/semmle/code/cpp/Declaration.qll

@@ -1,719 +0,0 @@
-/**
- * Provides classes for working with C and C++ declarations.
- */
-
-import semmle.code.cpp.Element
-import semmle.code.cpp.Specifier
-import semmle.code.cpp.Namespace
-private import semmle.code.cpp.internal.QualifiedName as Q
-
-/**
- * A C/C++ declaration: for example, a variable declaration, a type
- * declaration, or a function declaration.
- *
- * This file defines two closely related classes: `Declaration` and
- * `DeclarationEntry`. Some declarations do not correspond to a unique
- * location in the source code. For example, a global variable might
- * be declared in multiple source files:
- * ```
- *   extern int myglobal;
- * ```
- * and defined in one:
- * ```
- *   int myglobal;
- * ```
- * Each of these declarations (including the definition) is given its own
- * distinct `DeclarationEntry`, but they all share the same `Declaration`.
- *
- * Some derived class of `Declaration` do not have a corresponding
- * `DeclarationEntry`, because they always have a unique source location.
- * `EnumConstant` and `FriendDecl` are both examples of this.
- */
-class Declaration extends Locatable, @declaration {
-  /**
-   * Gets the innermost namespace which contains this declaration.
-   *
-   * The result will either be `GlobalNamespace`, or the tightest lexically
-   * enclosing namespace block. In particular, note that for declarations
-   * within structures, the namespace of the declaration is the same as the
-   * namespace of the structure.
-   */
-  Namespace getNamespace() {
-    result = underlyingElement(this).(Q::Declaration).getNamespace()
-    or
-    exists(Parameter p | p = this and result = p.getFunction().getNamespace())
-    or
-    exists(LocalVariable v | v = this and result = v.getFunction().getNamespace())
-  }
-
-  /**
-   * Gets the name of the declaration, fully qualified with its
-   * namespace and declaring type.
-   *
-   * For performance, prefer the multi-argument `hasQualifiedName` or
-   * `hasGlobalName` predicates since they don't construct so many intermediate
-   * strings. For debugging, the `semmle.code.cpp.Print` module produces more
-   * detailed output but are also more expensive to compute.
-   *
-   * Example: `getQualifiedName() =
-   * "namespace1::namespace2::TemplateClass1<int>::Class2::memberName"`.
-   */
-  string getQualifiedName() { result = underlyingElement(this).(Q::Declaration).getQualifiedName() }
-
-  /**
-   * DEPRECATED: Prefer `hasGlobalName` or the 2-argument or 3-argument
-   * `hasQualifiedName` predicates. To get the exact same results as this
-   * predicate in all edge cases, use `getQualifiedName()`.
-   *
-   * Holds if this declaration has the fully-qualified name `qualifiedName`.
-   * See `getQualifiedName`.
-   */
-  predicate hasQualifiedName(string qualifiedName) { this.getQualifiedName() = qualifiedName }
-
-  /**
-   * Holds if this declaration has a fully-qualified name with a name-space
-   * component of `namespaceQualifier`, a declaring type of `typeQualifier`,
-   * and a base name of `baseName`. Template parameters and arguments are
-   * stripped from all components. Missing components are `""`.
-   *
-   * Example: `hasQualifiedName("namespace1::namespace2",
-   * "TemplateClass1::Class2", "memberName")`.
-   *
-   * Example (the class `std::vector`): `hasQualifiedName("std", "", "vector")`
-   * or `hasQualifiedName("std", "vector")`.
-   *
-   * Example (the `size` member function of class `std::vector`):
-   * `hasQualifiedName("std", "vector", "size")`.
-   */
-  predicate hasQualifiedName(string namespaceQualifier, string typeQualifier, string baseName) {
-    underlyingElement(this)
-        .(Q::Declaration)
-        .hasQualifiedName(namespaceQualifier, typeQualifier, baseName)
-  }
-
-  /**
-   * Holds if this declaration has a fully-qualified name with a name-space
-   * component of `namespaceQualifier`, no declaring type, and a base name of
-   * `baseName`.
-   *
-   * See the 3-argument `hasQualifiedName` for examples.
-   */
-  predicate hasQualifiedName(string namespaceQualifier, string baseName) {
-    this.hasQualifiedName(namespaceQualifier, "", baseName)
-  }
-
-  /**
-   * Gets a description of this `Declaration` for display purposes.
-   */
-  string getDescription() { result = this.getName() }
-
-  final override string toString() { result = this.getDescription() }
-
-  /**
-   * Gets the name of this declaration.
-   *
-   * This name doesn't include a namespace or any argument types, so
-   * for example both functions `::open()` and `::std::ifstream::open(...)`
-   * have the same name. The name of a template _class_ includes a string
-   * representation of its parameters, and the names of its instantiations
-   * include string representations of their arguments. Template _functions_
-   * and their instantiations do not include template parameters or arguments.
-   *
-   * To get the name including the namespace, use `hasQualifiedName`.
-   *
-   * To test whether this declaration has a particular name in the global
-   * namespace, use `hasGlobalName`.
-   */
-  string getName() { none() } // overridden in subclasses
-
-  /** Holds if this declaration has the given name. */
-  predicate hasName(string name) { name = this.getName() }
-
-  /** Holds if this declaration has the given name in the global namespace. */
-  predicate hasGlobalName(string name) { this.hasQualifiedName("", "", name) }
-
-  /** Holds if this declaration has the given name in the global namespace or the `std` namespace. */
-  predicate hasGlobalOrStdName(string name) {
-    this.hasGlobalName(name)
-    or
-    this.hasQualifiedName("std", "", name)
-  }
-
-  /**
-   * Holds if this declaration has the given name in the global namespace,
-   * the `std` namespace or the `bsl` namespace.
-   * We treat `std` and `bsl` as the same in some of our models.
-   */
-  predicate hasGlobalOrStdOrBslName(string name) {
-    this.hasGlobalName(name)
-    or
-    this.hasQualifiedName("std", "", name)
-    or
-    this.hasQualifiedName("bsl", "", name)
-  }
-
-  /** Gets a specifier of this declaration. */
-  Specifier getASpecifier() { none() } // overridden in subclasses
-
-  /** Holds if this declaration has a specifier with the given name. */
-  predicate hasSpecifier(string name) { this.getASpecifier().hasName(name) }
-
-  /**
-   * Gets a declaration entry corresponding to this declaration. See the
-   * comment above this class for an explanation of the relationship
-   * between `Declaration` and `DeclarationEntry`.
-   */
-  DeclarationEntry getADeclarationEntry() { none() }
-
-  /**
-   * Gets the location of a declaration entry corresponding to this
-   * declaration.
-   */
-  Location getADeclarationLocation() { none() } // overridden in subclasses
-
-  /**
-   * Gets the declaration entry corresponding to this declaration that is a
-   * definition, if any.
-   */
-  DeclarationEntry getDefinition() { none() }
-
-  /** Gets the location of the definition, if any. */
-  Location getDefinitionLocation() { none() } // overridden in subclasses
-
-  /** Holds if the declaration has a definition. */
-  predicate hasDefinition() { exists(this.getDefinition()) }
-
-  /** DEPRECATED: Use `hasDefinition` instead. */
-  predicate isDefined() { this.hasDefinition() }
-
-  /** Gets the preferred location of this declaration, if any. */
-  override Location getLocation() { none() }
-
-  /** Gets a file where this element occurs. */
-  File getAFile() { result = this.getADeclarationLocation().getFile() }
-
-  /** Holds if this declaration is a top-level declaration. */
-  predicate isTopLevel() {
-    not (
-      this.isMember() or
-      this instanceof EnumConstant or
-      this instanceof Parameter or
-      this instanceof ProxyClass or
-      this instanceof LocalVariable or
-      this instanceof TemplateParameter or
-      this.(UserType).isLocal()
-    )
-  }
-
-  /** Holds if this declaration is static. */
-  predicate isStatic() { this.hasSpecifier("static") }
-
-  /** Holds if this declaration is a member of a class/struct/union. */
-  predicate isMember() { this.hasDeclaringType() }
-
-  /** Holds if this declaration is a member of a class/struct/union. */
-  predicate hasDeclaringType() { exists(this.getDeclaringType()) }
-
-  /**
-   * Gets the class where this member is declared, if it is a member.
-   * For templates, both the template itself and all instantiations of
-   * the template are considered to have the same declaring class.
-   */
-  Class getDeclaringType() { this = result.getAMember() }
-
-  /**
-   * Gets a template argument used to instantiate this declaration from a template.
-   * When called on a template, this will return a template parameter type for
-   * both typed and non-typed parameters.
-   */
-  final Locatable getATemplateArgument() { result = this.getTemplateArgument(_) }
-
-  /**
-   * Gets a template argument used to instantiate this declaration from a template.
-   * When called on a template, this will return a non-typed template
-   * parameter value.
-   */
-  final Locatable getATemplateArgumentKind() { result = this.getTemplateArgumentKind(_) }
-
-  /**
-   * Gets the `i`th template argument used to instantiate this declaration from a
-   * template.
-   *
-   * For example:
-   *
-   * `template<typename T, T X> class Foo;`
-   *
-   * Will have `getTemplateArgument(0)` return `T`, and
-   * `getTemplateArgument(1)` return `X`.
-   *
-   * `Foo<int, 1> bar;`
-   *
-   * Will have `getTemplateArgument())` return `int`, and
-   * `getTemplateArgument(1)` return `1`.
-   */
-  final Locatable getTemplateArgument(int index) {
-    if exists(this.getTemplateArgumentValue(index))
-    then result = this.getTemplateArgumentValue(index)
-    else result = this.getTemplateArgumentType(index)
-  }
-
-  /**
-   * Gets the `i`th template argument value used to instantiate this declaration
-   * from a template. When called on a template, this will return the `i`th template
-   * parameter value if it exists.
-   *
-   * For example:
-   *
-   * `template<typename T, T X> class Foo;`
-   *
-   * Will have `getTemplateArgumentKind(1)` return `T`, and no result for
-   * `getTemplateArgumentKind(0)`.
-   *
-   * `Foo<int, 10> bar;
-   *
-   * Will have `getTemplateArgumentKind(1)` return `int`, and no result for
-   * `getTemplateArgumentKind(0)`.
-   */
-  final Locatable getTemplateArgumentKind(int index) {
-    exists(this.getTemplateArgumentValue(index)) and
-    result = this.getTemplateArgumentType(index)
-  }
-
-  /** Gets the number of template arguments for this declaration. */
-  final int getNumberOfTemplateArguments() {
-    result = count(int i | exists(this.getTemplateArgument(i)))
-  }
-
-  private Type getTemplateArgumentType(int index) {
-    class_template_argument(underlyingElement(this), index, unresolveElement(result))
-    or
-    function_template_argument(underlyingElement(this), index, unresolveElement(result))
-    or
-    variable_template_argument(underlyingElement(this), index, unresolveElement(result))
-  }
-
-  private Expr getTemplateArgumentValue(int index) {
-    class_template_argument_value(underlyingElement(this), index, unresolveElement(result))
-    or
-    function_template_argument_value(underlyingElement(this), index, unresolveElement(result))
-    or
-    variable_template_argument_value(underlyingElement(this), index, unresolveElement(result))
-  }
-}
-
-private class TDeclarationEntry = @var_decl or @type_decl or @fun_decl;
-
-/**
- * A C/C++ declaration entry. For example the following code contains five
- * declaration entries:
- * ```
- * extern int myGlobal;
- * int myVariable;
- * typedef char MyChar;
- * void myFunction();
- * void myFunction() {
- *   // ...
- * }
- * ```
- * See the comment above `Declaration` for an explanation of the relationship
- * between `Declaration` and `DeclarationEntry`.
- */
-class DeclarationEntry extends Locatable, TDeclarationEntry {
-  /** Gets a specifier associated with this declaration entry. */
-  string getASpecifier() { none() } // overridden in subclasses
-
-  /**
-   * Gets the name associated with the corresponding definition (where
-   * available), or the name declared by this entry otherwise.
-   */
-  string getCanonicalName() {
-    if this.getDeclaration().hasDefinition()
-    then result = this.getDeclaration().getDefinition().getName()
-    else result = this.getName()
-  }
-
-  /**
-   * Gets the declaration for which this is a declaration entry.
-   *
-   * Note that this is *not* always the inverse of
-   * `Declaration.getADeclarationEntry()`, for example if `C` is a
-   * `TemplateClass`, `I` is an instantiation of `C`, and `D` is a
-   * `Declaration` of `C`, then:
-   *  `C.getADeclarationEntry()` returns `D`
-   *  `I.getADeclarationEntry()` returns `D`
-   *  but `D.getDeclaration()` only returns `C`
-   */
-  Declaration getDeclaration() { none() } // overridden in subclasses
-
-  /** Gets the name associated with this declaration entry, if any. */
-  string getName() { none() } // overridden in subclasses
-
-  /**
-   * Gets the type associated with this declaration entry.
-   *
-   * For variable declarations, get the type of the variable.
-   * For function declarations, get the return type of the function.
-   * For type declarations, get the type being declared.
-   */
-  Type getType() { none() } // overridden in subclasses
-
-  /**
-   * Gets the type associated with this declaration entry after specifiers
-   * have been deeply stripped and typedefs have been resolved.
-   *
-   * For variable declarations, get the type of the variable.
-   * For function declarations, get the return type of the function.
-   * For type declarations, get the type being declared.
-   */
-  Type getUnspecifiedType() { result = this.getType().getUnspecifiedType() }
-
-  /**
-   * Holds if this declaration entry has a specifier with the given name.
-   */
-  predicate hasSpecifier(string specifier) { this.getASpecifier() = specifier }
-
-  /** Holds if this declaration entry is a definition. */
-  predicate isDefinition() { none() } // overridden in subclasses
-
-  override string toString() {
-    if this.isDefinition()
-    then result = "definition of " + this.getName()
-    else
-      if this.getName() = this.getCanonicalName()
-      then result = "declaration of " + this.getName()
-      else result = "declaration of " + this.getCanonicalName() + " as " + this.getName()
-  }
-}
-
-private class TAccessHolder = @function or @usertype;
-
-/**
- * A declaration that can potentially have more C++ access rights than its
- * enclosing element. This comprises `Class` (they have access to their own
- * private members) along with other `UserType`s and `Function` (they can be
- * the target of `friend` declarations).  For example `MyClass` and
- * `myFunction` in the following code:
- * ```
- * class MyClass
- * {
- * public:
- *   ...
- * };
- *
- * void myFunction() {
- *   // ...
- * }
- * ```
- * In the C++ standard (N4140 11.2), rules for access control revolve around
- * the informal phrase "_R_ occurs in a member or friend of class C", where
- * `AccessHolder` corresponds to this _R_.
- */
-class AccessHolder extends Declaration, TAccessHolder {
-  /**
-   * Holds if `this` can access private members of class `c`.
-   *
-   * This predicate encodes the phrase "occurs in a member or friend" that is
-   * repeated many times in the C++14 standard, section 11.2.
-   */
-  predicate inMemberOrFriendOf(Class c) {
-    this.getEnclosingAccessHolder*() = c
-    or
-    exists(FriendDecl fd | fd.getDeclaringClass() = c |
-      this.getEnclosingAccessHolder*() = fd.getFriend()
-    )
-  }
-
-  /**
-   * Gets the nearest enclosing `AccessHolder`.
-   */
-  AccessHolder getEnclosingAccessHolder() { none() } // overridden in subclasses
-
-  /**
-   * Holds if a base class `base` of `derived` _is accessible at_ `this` (N4140
-   * 11.2/4). When this holds, and `derived` has only one base subobject of
-   * type `base`, code in `this` can implicitly convert a pointer to `derived`
-   * into a pointer to `base`. Conversely, if such a conversion is possible
-   * then this predicate holds.
-   *
-   * For the sake of generality, this predicate also holds whenever `base` =
-   * `derived`.
-   *
-   * This predicate is `pragma[inline]` because it is infeasible to fully
-   * compute it on large code bases: all classes `derived` can be converted to
-   * their public bases `base` from everywhere (`this`), so this predicate
-   * could yield a number of tuples that is quadratic in the size of the
-   * program. To avoid this combinatorial explosion, only use this predicate in
-   * a context where `this` together with `base` or `derived` are sufficiently
-   * restricted.
-   */
-  pragma[inline]
-  predicate canAccessClass(Class base, Class derived) {
-    // This predicate is marked `inline` and implemented in a very particular
-    // way. If we allowed this predicate to be fully computed, it would relate
-    // all `AccessHolder`s to all classes, which would be too much.
-    // There are four rules in N4140 11.2/4. Only the one named (4.4) is
-    // recursive, and it describes a transitive closure: intuitively, if A can
-    // be converted to B, and B can be converted to C, then A can be converted
-    // to C. To limit the number of tuples in the non-inline helper predicates,
-    // we first separate the derivation of 11.2/4 into two cases:
-    // Derivations using only (4.1) and (4.4). Note that these derivations are
-    // independent of `this`, which is why users of this predicate must take
-    // care to avoid a combinatorial explosion.
-    isDirectPublicBaseOf*(base, derived)
-    or
-    exists(DirectAccessHolder n |
-      this.getEnclosingAccessHolder*() = n and
-      // Derivations using (4.2) or (4.3) at least once.
-      n.thisCanAccessClassTrans(base, derived)
-    )
-  }
-
-  /**
-   * Holds if a non-static member `member` _is accessible at_ `this` when named
-   * in a class `derived` that is derived from or equal to the declaring class
-   * of `member` (N4140 11.2/5 and 11.4).
-   *
-   * This predicate determines whether an expression `x.member` would be
-   * allowed in `this` when `x` has type `derived`. The more general syntax
-   * `x.N::member`, where `N` may be a base class of `derived`, is not
-   * supported. This should only affect very rare edge cases of 11.4. This
-   * predicate concerns only _access_ and thus does not determine whether
-   * `member` can be unambiguously named at `this`: multiple overloads may
-   * apply, or `member` may be declared in an ambiguous base class.
-   *
-   * This predicate is `pragma[inline]` because it is infeasible to fully
-   * compute it on large code bases: all public members `member` are accessible
-   * from everywhere (`this`), so this predicate could yield a number of tuples
-   * that is quadratic in the size of the program. To avoid this combinatorial
-   * explosion, only use this predicate in a context where `this` and `member`
-   * are sufficiently restricted when `member` is public.
-   */
-  pragma[inline]
-  predicate canAccessMember(Declaration member, Class derived) {
-    this.couldAccessMember(member.getDeclaringType(), member.getASpecifier(), derived)
-  }
-
-  /**
-   * Holds if a hypothetical non-static member of `memberClass` with access
-   * specifier `memberAccess` _is accessible at_ `this` when named in a class
-   * `derived` that is derived from or equal to `memberClass` (N4140 11.2/5 and
-   * 11.4).
-   *
-   * This predicate determines whether an expression `x.m` would be
-   * allowed in `this` when `x` has type `derived` and `m` has `memberAccess`
-   * in `memberClass`. The more general syntax `x.N::n`, where `N` may be a
-   * base class of `derived`, is not supported. This should only affect very
-   * rare edge cases of 11.4.
-   *
-   * This predicate is `pragma[inline]` because it is infeasible to fully
-   * compute it on large code bases: all classes `memberClass` have their
-   * public members accessible from everywhere (`this`), so this predicate
-   * could yield a number of tuples that is quadratic in the size of the
-   * program. To avoid this combinatorial explosion, only use this predicate in
-   * a context where `this` and `memberClass` are sufficiently restricted when
-   * `memberAccess` is public.
-   */
-  pragma[inline]
-  predicate couldAccessMember(Class memberClass, AccessSpecifier memberAccess, Class derived) {
-    // There are four rules in N4140 11.2/5. To limit the number of tuples in
-    // the non-inline helper predicates, we first separate the derivation of
-    // 11.2/5 into two cases:
-    // Rule (5.1) directly: the member is public, and `derived` uses public
-    // inheritance all the way up to `memberClass`. Note that these derivations
-    // are independent of `this`, which is why users of this predicate must
-    // take care to avoid a combinatorial explosion.
-    everyoneCouldAccessMember(memberClass, memberAccess, derived)
-    or
-    exists(DirectAccessHolder n |
-      this.getEnclosingAccessHolder*() = n and
-      // Any other derivation.
-      n.thisCouldAccessMember(memberClass, memberAccess, derived)
-    )
-  }
-}
-
-/**
- * A declaration that very likely has more C++ access rights than its
- * enclosing element. This comprises `Class` (they have access to their own
- * private members) along with any target of a `friend` declaration.  For
- * example `MyClass` and `friendFunction` in the following code:
- * ```
- * class MyClass
- * {
- * public:
- *   friend void friendFunction();
- * };
- *
- * void friendFunction() {
- *   // ...
- * }
- * ```
- * Most access rights are computed for `DirectAccessHolder` instead of
- * `AccessHolder` -- that's more efficient because there are fewer
- * `DirectAccessHolder`s. If a `DirectAccessHolder` contains an `AccessHolder`,
- * then the contained `AccessHolder` inherits its access rights.
- */
-private class DirectAccessHolder extends Element {
-  DirectAccessHolder() {
-    this instanceof Class
-    or
-    exists(FriendDecl fd | fd.getFriend() = this)
-  }
-
-  /**
-   * Holds if a base class `base` of `derived` _is accessible at_ `this` when
-   * the derivation of that fact uses rule (4.2) and (4.3) of N4140 11.2/4 at
-   * least once. In other words, the `this` parameter is not ignored. This
-   * restriction makes it feasible to fully enumerate this predicate even on
-   * large code bases.
-   */
-  predicate thisCanAccessClassTrans(Class base, Class derived) {
-    // This implementation relies on the following property of our predicates:
-    // if `this.thisCanAccessClassStep(b, d)` and
-    // `isDirectPublicBaseOf(b2, b)`, then
-    // `this.thisCanAccessClassStep(b2, d)`. In other words, if a derivation
-    // uses (4.2) or (4.3) somewhere and uses (4.1) directly above that in the
-    // transitive chain, then the use of (4.1) is redundant. This means we only
-    // need to consider derivations that use (4.2) or (4.3) as the "first"
-    // step, that is, towards `base`, so this implementation is essentially a
-    // transitive closure with a restricted base case.
-    this.thisCanAccessClassStep(base, derived)
-    or
-    exists(Class between | this.thisCanAccessClassTrans(base, between) |
-      isDirectPublicBaseOf(between, derived) or
-      this.thisCanAccessClassStep(between, derived)
-    )
-    // It is possible that this predicate could be computed faster for deep
-    // hierarchies if we can prove and utilize that all derivations of 11.2/4
-    // can be broken down into steps where `base` is a _direct_ base of
-    // `derived` in each step.
-  }
-
-  /**
-   * Holds if a base class `base` of `derived` _is accessible at_ `this` using
-   * only a single application of rule (4.2) and (4.3) of N4140 11.2/4.
-   */
-  private predicate thisCanAccessClassStep(Class base, Class derived) {
-    exists(AccessSpecifier public | public.hasName("public") |
-      // Rules (4.2) and (4.3) are implemented together as one here with
-      // reflexive-transitive inheritance, where (4.3) is the transitive case,
-      // and (4.2) is the reflexive case.
-      exists(Class p | p = derived.getADerivedClass*() |
-        this.isFriendOfOrEqualTo(p) and
-        // Note: it's crucial that this is `!=` rather than `not =` since
-        // `accessOfBaseMember` does not have a result when the member would be
-        // inaccessible.
-        p.accessOfBaseMember(base, public) != public
-      )
-    ) and
-    // This is the only case that doesn't in itself guarantee that
-    // `derived` < `base`, so we add the check here. The standard suggests
-    // computing `canAccessClass` only for derived classes, but that seems
-    // incompatible with the execution model of QL, so we instead construct
-    // every case to guarantee `derived` < `base`.
-    derived = base.getADerivedClass+()
-  }
-
-  /**
-   * Like `couldAccessMember` but only contains derivations in which either
-   * (5.2), (5.3) or (5.4) must be invoked. In other words, the `this`
-   * parameter is not ignored. This restriction makes it feasible to fully
-   * enumerate this predicate even on large code bases. We check for 11.4 as
-   * part of (5.3), since this further limits the number of tuples produced by
-   * this predicate.
-   */
-  predicate thisCouldAccessMember(Class memberClass, AccessSpecifier memberAccess, Class derived) {
-    // Only (5.4) is recursive, and chains of invocations of (5.4) can always
-    // be collapsed to one invocation by the transitivity of 11.2/4.
-    // Derivations not using (5.4) can always be rewritten to have a (5.4) rule
-    // in front because our encoding of 11.2/4 in `canAccessClass` is
-    // reflexive. Thus, we only need to consider three cases: rule (5.4)
-    // followed by either (5.1), (5.2) or (5.3).
-    // Rule (5.4), using a non-trivial derivation of 11.2/4, followed by (5.1).
-    // If the derivation of 11.2/4 is trivial (only uses (4.1) and (4.4)), this
-    // case can be replaced with purely (5.1) and thus does not need to be in
-    // this predicate.
-    exists(Class between | this.thisCanAccessClassTrans(between, derived) |
-      everyoneCouldAccessMember(memberClass, memberAccess, between)
-    )
-    or
-    // Rule (5.4) followed by Rule (5.2)
-    exists(Class between | this.(AccessHolder).canAccessClass(between, derived) |
-      between.accessOfBaseMember(memberClass, memberAccess).hasName("private") and
-      this.isFriendOfOrEqualTo(between)
-    )
-    or
-    // Rule (5.4) followed by Rule (5.3), integrating 11.4. We integrate 11.4
-    // here because we would otherwise generate too many tuples. This code is
-    // very performance-sensitive, and any changes should be benchmarked on
-    // LibreOffice.
-    // Rule (5.4) requires that `this.canAccessClass(between, derived)`
-    // (implying that `derived <= between` in the class hierarchy) and that
-    // `p <= between`. Rule 11.4 additionally requires `derived <= p`, but
-    // all these rules together result in too much freedom and overlap between
-    // cases. Therefore, for performance, we split into three cases for how
-    // `between` as a base of `derived` is accessible at `this`, where `this`
-    // is the implementation of `p`:
-    // 1. `between` is an accessible base of `derived` by going through `p` as
-    //    an intermediate step.
-    // 2. `this` is part of the implementation of `derived` because it's a
-    //    member or a friend. In this case, we do not need `p` to perform this
-    //    derivation, so we can set `p = derived` and proceed as in case 1.
-    // 3. `derived` has an alternative inheritance path up to `between` that
-    //    bypasses `p`. Then that path must be public, or we are in case 2.
-    exists(AccessSpecifier public | public.hasName("public") |
-      exists(Class between, Class p |
-        between.accessOfBaseMember(memberClass, memberAccess).hasName("protected") and
-        this.isFriendOfOrEqualTo(p) and
-        (
-          // This is case 1 from above. If `p` derives privately from `between`
-          // then the member we're trying to access is private or inaccessible
-          // in `derived`, so either rule (5.2) applies instead, or the member
-          // is inaccessible. Therefore, in this case, `p` must derive at least
-          // protected from `between`. Further, since the access of `derived`
-          // to its base `between` must pass through `p` in this case, we know
-          // that `derived` must derived publicly from `p` unless we are in
-          // case 2; there are no other cases of 11.2/4 where the
-          // implementation of a base class can access itself as a base.
-          p.accessOfBaseMember(between, public).getName() >= "protected" and
-          derived.accessOfBaseMember(p, public) = public
-          or
-          // This is case 3 above.
-          derived.accessOfBaseMember(between, public) = public and
-          derived = p.getADerivedClass*() and
-          exists(p.accessOfBaseMember(between, memberAccess))
-        )
-      )
-    )
-  }
-
-  private predicate isFriendOfOrEqualTo(Class c) {
-    exists(FriendDecl fd | fd.getDeclaringClass() = c | this = fd.getFriend())
-    or
-    this = c
-  }
-}
-
-/**
- * Holds if `base` is a direct public base of `derived`, possibly virtual and
- * possibly through typedefs. The transitive closure of this predicate encodes
- * derivations of N4140 11.2/4 that use only (4.1) and (4.4).
- */
-private predicate isDirectPublicBaseOf(Class base, Class derived) {
-  exists(ClassDerivation cd |
-    cd.getBaseClass() = base and
-    cd.getDerivedClass() = derived and
-    cd.getASpecifier().hasName("public")
-  )
-}
-
-/**
- * Holds if a hypothetical member of `memberClass` with access specifier
- * `memberAccess` would be public when named as a member of `derived`.
- * This encodes N4140 11.2/5 case (5.1).
- */
-private predicate everyoneCouldAccessMember(
-  Class memberClass, AccessSpecifier memberAccess, Class derived
-) {
-  derived.accessOfBaseMember(memberClass, memberAccess).hasName("public")
-}