Ruby: Add basic modeling for ViewComponent

.gitattributes

@@ -71,6 +71,3 @@ go/extractor/opencsv/CSVReader.java -text
 # `javascript/ql/experimental/adaptivethreatmodeling/test/update_endpoint_test_files.py`.
 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.js linguist-generated=true -merge
 javascript/ql/experimental/adaptivethreatmodeling/test/endpoint_large_scale/autogenerated/**/*.ts linguist-generated=true -merge
-
-# Auto-generated modeling for Python
-python/ql/lib/semmle/python/frameworks/data/internal/subclass-capture/*.yml linguist-generated=true

cpp/ql/lib/CHANGELOG.md

@@ -1,24 +1,3 @@
-## 0.12.3
-
-### Deprecated APIs
-
-* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead.
-
-### New Features
-
-* `UserDefineLiteral` and `DeductionGuide` classes have been added, representing C++11 user defined literals and C++17 deduction guides.
-
-### Minor Analysis Improvements
-
-* Changed the output of `Node.toString` to better reflect how many indirections a given dataflow node has.
-* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition.
-* The deprecated `DefaultTaintTracking` library has been removed.
-* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases.
-
-### Bug Fixes
-
-* Under certain circumstances a function declaration that is not also a definition could be associated with a `Function` that did not have the definition as a `FunctionDeclarationEntry`. This is now fixed when only one definition exists, and a unique `Function` will exist that has both the declaration and the definition as a `FunctionDeclarationEntry`.
-
 ## 0.12.2
 
 No user-facing changes.

cpp/ql/lib/change-notes/2022-11-21-ir-guards-replacement.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases.

cpp/ql/lib/change-notes/2023-11-25-default-taint-tracking-removal.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The deprecated `DefaultTaintTracking` library has been removed.

cpp/ql/lib/change-notes/2023-11-30-as-definition.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition.

cpp/ql/lib/change-notes/2023-12-08-ususerinput-deprecation.md

@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead.

cpp/ql/lib/change-notes/2023-12-14-dataflow-tostring.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Changed the output of `Node.toString` to better reflect how many indirections a given dataflow node has.

cpp/ql/lib/change-notes/2023-12-22-unique-function.md

@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Under certain circumstances a function declaration that is not also a definition could be associated with a `Function` that did not have the definition as a `FunctionDeclarationEntry`. This is now fixed when only one definition exists, and a unique `Function` will exist that has both the declaration and the definition as a `FunctionDeclarationEntry`.

cpp/ql/lib/change-notes/2024-01-02-function-types.md

@@ -0,0 +1,4 @@
+---
+category: feature
+---
+* `UserDefineLiteral` and `DeductionGuide` classes have been added, representing C++11 user defined literals and C++17 deduction guides.

cpp/ql/lib/change-notes/released/0.12.3.md

@@ -1,20 +0,0 @@
-## 0.12.3
-
-### Deprecated APIs
-
-* The `isUserInput`, `userInputArgument`, and `userInputReturned` predicates from `SecurityOptions` have been deprecated. Use `FlowSource` instead.
-
-### New Features
-
-* `UserDefineLiteral` and `DeductionGuide` classes have been added, representing C++11 user defined literals and C++17 deduction guides.
-
-### Minor Analysis Improvements
-
-* Changed the output of `Node.toString` to better reflect how many indirections a given dataflow node has.
-* Added a new predicate `Node.asDefinition` on `DataFlow::Node`s for selecting the dataflow node corresponding to a particular definition.
-* The deprecated `DefaultTaintTracking` library has been removed.
-* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases.
-
-### Bug Fixes
-
-* Under certain circumstances a function declaration that is not also a definition could be associated with a `Function` that did not have the definition as a `FunctionDeclarationEntry`. This is now fixed when only one definition exists, and a unique `Function` will exist that has both the declaration and the definition as a `FunctionDeclarationEntry`.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.12.3
+lastReleaseVersion: 0.12.2

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.12.3
+version: 0.12.3-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/lib/semmle/code/cpp/Element.qll

@@ -7,6 +7,7 @@ import semmle.code.cpp.Location
 private import semmle.code.cpp.Enclosing
 private import semmle.code.cpp.internal.ResolveClass
 private import semmle.code.cpp.internal.ResolveGlobalVariable
+private import semmle.code.cpp.internal.ResolveFunction
 
 /**
  * Get the `Element` that represents this `@element`.
@@ -30,11 +31,14 @@ pragma[inline]
 @element unresolveElement(Element e) {
   not result instanceof @usertype and
   not result instanceof @variable and
+  not result instanceof @function and
   result = e
   or
   e = resolveClass(result)
   or
   e = resolveGlobalVariable(result)
+  or
+  e = resolveFunction(result)
 }
 
 /**

cpp/ql/lib/semmle/code/cpp/Function.qll

@@ -9,6 +9,7 @@ import semmle.code.cpp.exprs.Call
 import semmle.code.cpp.metrics.MetricFunction
 import semmle.code.cpp.Linkage
 private import semmle.code.cpp.internal.ResolveClass
+private import semmle.code.cpp.internal.ResolveFunction
 
 /**
  * A C/C++ function [N4140 8.3.5]. Both member functions and non-member
@@ -25,6 +26,8 @@ private import semmle.code.cpp.internal.ResolveClass
  * in more detail in `Declaration.qll`.
  */
 class Function extends Declaration, ControlFlowNode, AccessHolder, @function {
+  Function() { isFunction(underlyingElement(this)) }
+
   override string getName() { functions(underlyingElement(this), result, _) }
 
   /**

cpp/ql/lib/semmle/code/cpp/internal/ResolveFunction.qll

@@ -0,0 +1,57 @@
+private predicate hasDefinition(@function f) {
+  exists(@fun_decl fd | fun_decls(fd, f, _, _, _) | fun_def(fd))
+}
+
+private predicate onlyOneCompleteFunctionExistsWithMangledName(@mangledname name) {
+  strictcount(@function f | hasDefinition(f) and mangled_name(f, name)) = 1
+}
+
+/** Holds if `f` is a unique function with a definition named `name`. */
+private predicate isFunctionWithMangledNameAndWithDefinition(@mangledname name, @function f) {
+  hasDefinition(f) and
+  mangled_name(f, name) and
+  onlyOneCompleteFunctionExistsWithMangledName(name)
+}
+
+/** Holds if `f` is a function without a definition named `name`. */
+private predicate isFunctionWithMangledNameAndWithoutDefinition(@mangledname name, @function f) {
+  not hasDefinition(f) and
+  mangled_name(f, name)
+}
+
+/**
+ * Holds if `incomplete` is a function without a definition, and there exists
+ * a unique function `complete` with the same name that does have a definition.
+ */
+private predicate hasTwinWithDefinition(@function incomplete, @function complete) {
+  not function_instantiation(incomplete, complete) and
+  (
+    not compgenerated(incomplete) or
+    not compgenerated(complete)
+  ) and
+  exists(@mangledname name |
+    isFunctionWithMangledNameAndWithoutDefinition(name, incomplete) and
+    isFunctionWithMangledNameAndWithDefinition(name, complete)
+  )
+}
+
+import Cached
+
+cached
+private module Cached {
+  /**
+   * If `f` is a function without a definition, and there exists a unique
+   * function with the same name that does have a definition, then the
+   * result is that unique function. Otherwise, the result is `f`.
+   */
+  cached
+  @function resolveFunction(@function f) {
+    hasTwinWithDefinition(f, result)
+    or
+    not hasTwinWithDefinition(f, _) and
+    result = f
+  }
+
+  cached
+  predicate isFunction(@function f) { f = resolveFunction(_) }
+}

cpp/ql/src/CHANGELOG.md

@@ -1,14 +1,3 @@
-## 0.9.2
-
-### New Queries
-
-* Added a new query, `cpp/use-of-unique-pointer-after-lifetime-ends`, to detect uses of the contents unique pointers that will be destroyed immediately.
-* The `cpp/incorrectly-checked-scanf` query has been added. This finds results where the return value of scanf is not checked correctly. Some of these were previously found by `cpp/missing-check-scanf` and will no longer be reported there.
-
-### Minor Analysis Improvements
-
-* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur.
-
 ## 0.9.1
 
 No user-facing changes.

cpp/ql/src/change-notes/2023-12-04-incorrectly-checked-scanf.md

@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* The `cpp/incorrectly-checked-scanf` query has been added. This finds results where the return value of scanf is not checked correctly. Some of these were previously found by `cpp/missing-check-scanf` and will no longer be reported there.

cpp/ql/src/change-notes/2023-12-12-use-of-unique-pointer-after-lifetime-ends.md

@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* Added a new query, `cpp/use-of-unique-pointer-after-lifetime-ends`, to detect uses of the contents unique pointers that will be destroyed immediately.

cpp/ql/src/change-notes/2023-12-15-badly-bounded-write.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur.

cpp/ql/src/change-notes/released/0.9.2.md

@@ -1,10 +0,0 @@
-## 0.9.2
-
-### New Queries
-
-* Added a new query, `cpp/use-of-unique-pointer-after-lifetime-ends`, to detect uses of the contents unique pointers that will be destroyed immediately.
-* The `cpp/incorrectly-checked-scanf` query has been added. This finds results where the return value of scanf is not checked correctly. Some of these were previously found by `cpp/missing-check-scanf` and will no longer be reported there.
-
-### Minor Analysis Improvements
-
-* The `cpp/badly-bounded-write` query could report false positives when a pointer was first initialized with a literal and later assigned a dynamically allocated array. These false positives now no longer occur.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.2
+lastReleaseVersion: 0.9.1

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.9.2
+version: 0.9.2-dev
 groups:
   - cpp
   - queries

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 1.7.6
-
-No user-facing changes.
-
 ## 1.7.5
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.6.md

@@ -1,3 +0,0 @@
-## 1.7.6
-
-No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.6
+lastReleaseVersion: 1.7.5

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.6
+version: 1.7.6-dev
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 1.7.6
-
-No user-facing changes.
-
 ## 1.7.5
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.6.md

@@ -1,3 +0,0 @@
-## 1.7.6
-
-No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.6
+lastReleaseVersion: 1.7.5

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.6
+version: 1.7.6-dev
 groups:
   - csharp
   - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,11 +1,3 @@
-## 0.8.6
-
-### Minor Analysis Improvements
-
-* The `Call::getArgumentForParameter` predicate has been reworked to add support for arguments passed to `params` parameters.
-* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`.
-* Additional support for `Amazon.Lambda` SDK
-
 ## 0.8.5
 
 No user-facing changes.

csharp/ql/lib/change-notes/2023-06-22-aws-lambda-models.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Additional support for `Amazon.Lambda` SDK

csharp/ql/lib/change-notes/2023-12-07-stringbuilder.md

@@ -1,7 +1,5 @@
-## 0.8.6
+---
+category: minorAnalysis
+---
 
-### Minor Analysis Improvements
-
-* The `Call::getArgumentForParameter` predicate has been reworked to add support for arguments passed to `params` parameters.
-* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`.
-* Additional support for `Amazon.Lambda` SDK
+* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`.

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.6
+lastReleaseVersion: 0.8.5

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.6
+version: 0.8.6-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/lib/semmle/code/csharp/dataflow/Nullness.qll

@@ -163,48 +163,7 @@ private predicate isMaybeNullArgument(Ssa::ExplicitDefinition def, MaybeNullExpr
   |
     p = pdef.getParameter().getUnboundDeclaration() and
     arg = p.getAnAssignedArgument() and
-    not arg.getEnclosingCallable().getEnclosingCallable*() instanceof TestMethod and
-    (
-      p.isParams()
-      implies
-      (
-        isValidExplicitParamsType(p, arg.getType()) and
-        not exists(Call c | c.getAnArgument() = arg and hasMultipleParamsArguments(c))
-      )
-    )
-  )
-}
-
-/**
- * Holds if the type `t` is a valid argument type for passing an explicit array
- * to the `params` parameter `p`. For example, the types `object[]` and `string[]`
- * of the arguments on lines 4 and 5, respectively, are valid for the parameter
- * `args` on line 1 in
- *
- * ```csharp
- * void M(params object[] args) { ... }
- *
- * void CallM(object[] os, string[] ss, string s) {
- *   M(os);
- *   M(ss);
- *   M(s);
- * }
- * ```
- */
-pragma[nomagic]
-private predicate isValidExplicitParamsType(Parameter p, Type t) {
-  p.isParams() and
-  t.isImplicitlyConvertibleTo(p.getType())
-}
-
-/**
- * Holds if call `c` has multiple arguments for a `params` parameter
- * of the targeted callable.
- */
-private predicate hasMultipleParamsArguments(Call c) {
-  exists(Parameter p | p = c.getTarget().getAParameter() |
-    p.isParams() and
-    exists(c.getArgument(any(int i | i > p.getPosition())))
+    not arg.getEnclosingCallable().getEnclosingCallable*() instanceof TestMethod
   )
 }
 

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll

@@ -602,6 +602,18 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) {
   nodeTo.(ObjectCreationNode).getPreUpdateNode() = nodeFrom.(ObjectInitializerNode)
 }
 
+pragma[noinline]
+private Expr getImplicitArgument(Call c, int pos) {
+  result = c.getArgument(pos) and
+  not exists(result.getExplicitArgumentName())
+}
+
+pragma[nomagic]
+private Expr getExplicitArgument(Call c, string name) {
+  result = c.getAnArgument() and
+  result.getExplicitArgumentName() = name
+}
+
 /**
  * Holds if `arg` is a `params` argument of `c`, for parameter `p`, and `arg` will
  * be wrapped in an array by the C# compiler.
@@ -612,7 +624,11 @@ private predicate isParamsArg(Call c, Expr arg, Parameter p) {
     p = target.getAParameter() and
     p.isParams() and
     numArgs = c.getNumberOfArguments() and
-    arg = c.getArgumentForParameter(p)
+    arg =
+      [
+        getImplicitArgument(c, [p.getPosition() .. numArgs - 1]),
+        getExplicitArgument(c, p.getName())
+      ]
   |
     numArgs > target.getNumberOfParameters()
     or

csharp/ql/lib/semmle/code/csharp/exprs/Call.qll

@@ -57,29 +57,60 @@ class Call extends DotNet::Call, Expr, @call {
    *
    * This takes into account both positional and named arguments, but does not
    * consider default arguments.
+   *
+   * An argument must always have a type that is convertible to the relevant
+   * parameter type. Therefore, `params` arguments are only taken into account
+   * when they are passed as explicit arrays. For example, in the call to `M1`
+   * on line 5, `o` is not an argument for `M1`'s `args` parameter, while
+   * `new object[] { o }` on line 6 is, in
+   *
+   * ```csharp
+   * class C {
+   *   void M1(params object[] args) { }
+   *
+   *   void M2(object o) {
+   *     M1(o);
+   *     M1(new object[] { o });
+   *   }
+   * }
+   * ```
    */
   cached
   override Expr getArgumentForParameter(DotNet::Parameter p) {
     this.getTarget().getAParameter() = p and
     (
       // Appears in the positional part of the call
-      result = this.getImplicitArgument(p)
+      result = this.getImplicitArgument(p.getPosition()) and
+      (
+        p.(Parameter).isParams()
+        implies
+        (
+          isValidExplicitParamsType(p, result.getType()) and
+          not this.hasMultipleParamsArguments()
+        )
+      )
       or
       // Appears in the named part of the call
-      result = this.getExplicitArgument(p.getName())
+      result = this.getExplicitArgument(p.getName()) and
+      (p.(Parameter).isParams() implies isValidExplicitParamsType(p, result.getType()))
+    )
+  }
+
+  /**
+   * Holds if this call has multiple arguments for a `params` parameter
+   * of the targeted callable.
+   */
+  private predicate hasMultipleParamsArguments() {
+    exists(Parameter p | p = this.getTarget().getAParameter() |
+      p.isParams() and
+      exists(this.getArgument(any(int i | i > p.getPosition())))
     )
   }
 
   pragma[noinline]
-  private Expr getImplicitArgument(DotNet::Parameter p) {
-    not exists(result.getExplicitArgumentName()) and
-    (
-      p.(Parameter).isParams() and
-      result = this.getArgument(any(int i | i >= p.getPosition()))
-      or
-      not p.(Parameter).isParams() and
-      result = this.getArgument(p.getPosition())
-    )
+  private Expr getImplicitArgument(int pos) {
+    result = this.getArgument(pos) and
+    not exists(result.getExplicitArgumentName())
   }
 
   pragma[nomagic]
@@ -223,6 +254,28 @@ class Call extends DotNet::Call, Expr, @call {
   override string toString() { result = "call" }
 }
 
+/**
+ * Holds if the type `t` is a valid argument type for passing an explicit array
+ * to the `params` parameter `p`. For example, the types `object[]` and `string[]`
+ * of the arguments on lines 4 and 5, respectively, are valid for the parameter
+ * `args` on line 1 in
+ *
+ * ```csharp
+ * void M(params object[] args) { ... }
+ *
+ * void CallM(object[] os, string[] ss, string s) {
+ *   M(os);
+ *   M(ss);
+ *   M(s);
+ * }
+ * ```
+ */
+pragma[nomagic]
+private predicate isValidExplicitParamsType(Parameter p, Type t) {
+  p.isParams() and
+  t.isImplicitlyConvertibleTo(p.getType())
+}
+
 /**
  * A method call, for example `a.M()` on line 5 in
  *

csharp/ql/lib/semmle/code/csharp/frameworks/System.qll

@@ -346,11 +346,11 @@ class SystemStringClass extends StringType {
     result.hasName("==")
   }
 
-  /** Gets the `Replace(...)` method. */
+  /** Gets the `Replace(string/char, string/char)` method. */
   Method getReplaceMethod() {
     result.getDeclaringType() = this and
     result.hasName("Replace") and
-    result.getNumberOfParameters() in [2 .. 4] and
+    result.getNumberOfParameters() = 2 and
     result.getReturnType() instanceof StringType
   }
 

csharp/ql/src/CHANGELOG.md

@@ -1,10 +1,3 @@
-## 0.8.6
-
-### Minor Analysis Improvements
-
-* Fixed a Log forging false positive when using `String.Replace` to sanitize the input.    
-* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()`
-
 ## 0.8.5
 
 No user-facing changes.

csharp/ql/src/change-notes/2023-11-29-url-redirect-false-positive.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()`

csharp/ql/src/change-notes/released/0.8.6.md

@@ -1,6 +0,0 @@
-## 0.8.6
-
-### Minor Analysis Improvements
-
-* Fixed a Log forging false positive when using `String.Replace` to sanitize the input.    
-* Fixed a URL redirection from remote source false positive when guarding a redirect with `HttpRequestBase.IsUrlLocalToHost()`

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.6
+lastReleaseVersion: 0.8.5

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.6
+version: 0.8.6-dev
 groups:
   - csharp
   - queries

csharp/ql/test/library-tests/arguments/PrintAst.expected

@@ -117,239 +117,137 @@ arguments.cs:
 #   40|               0: [IntLiteral] 1
 #   40|               1: [IntLiteral] 2
 #   40|           1: [IntLiteral] 0
-#   41|       6: [LocalVariableDeclStmt] ... ...;
-#   41|         0: [LocalVariableDeclAndInitExpr] Int16 s1 = ...
-#   41|           -1: [TypeMention] short
-#   41|           0: [LocalVariableAccess] access to local variable s1
-#   41|           1: [CastExpr] (...) ...
-#   41|             1: [IntLiteral] 1
-#   41|         1: [LocalVariableDeclAndInitExpr] Int16 s2 = ...
-#   41|           -1: [TypeMention] short
-#   41|           0: [LocalVariableAccess] access to local variable s2
-#   41|           1: [CastExpr] (...) ...
-#   41|             1: [IntLiteral] 2
-#   42|       7: [ExprStmt] ...;
-#   42|         0: [MethodCall] call to method f3
-#   42|           0: [IntLiteral] 0
-#   42|           1: [CastExpr] (...) ...
-#   42|             1: [LocalVariableAccess] access to local variable s1
-#   42|           2: [CastExpr] (...) ...
-#   42|             1: [LocalVariableAccess] access to local variable s2
-#   45|   10: [Method] f4
-#   45|     -1: [TypeMention] Void
+#   43|   10: [Method] f4
+#   43|     -1: [TypeMention] Void
 #-----|     2: (Parameters)
-#   45|       0: [Parameter] args
-#   45|         -1: [TypeMention] Object[]
-#   45|           1: [TypeMention] object
-#   46|     4: [BlockStmt] {...}
-#   47|       0: [ExprStmt] ...;
-#   47|         0: [MethodCall] call to method f4
-#   47|           0: [ArrayCreation] array creation of type Object[]
-#   47|             -2: [TypeMention] Object[]
-#   47|               1: [TypeMention] object
-#   47|             -1: [ArrayInitializer] { ..., ... }
-#   47|               0: [NullLiteral] null
-#   47|           1: [NullLiteral] null
-#   50|   11: [Property] Prop
+#   43|       0: [Parameter] args
+#   43|         -1: [TypeMention] Object[]
+#   43|           1: [TypeMention] object
+#   44|     4: [BlockStmt] {...}
+#   45|       0: [ExprStmt] ...;
+#   45|         0: [MethodCall] call to method f4
+#   45|           0: [ArrayCreation] array creation of type Object[]
+#   45|             -2: [TypeMention] Object[]
+#   45|               1: [TypeMention] object
+#   45|             -1: [ArrayInitializer] { ..., ... }
+#   45|               0: [NullLiteral] null
+#   45|           1: [NullLiteral] null
+#   48|   11: [Property] Prop
+#   48|     -1: [TypeMention] int
+#   48|     3: [Getter] get_Prop
+#   48|     4: [Setter] set_Prop
+#-----|       2: (Parameters)
+#   48|         0: [Parameter] value
+#   50|   12: [Indexer] Item
 #   50|     -1: [TypeMention] int
-#   50|     3: [Getter] get_Prop
-#   50|     4: [Setter] set_Prop
-#-----|       2: (Parameters)
-#   50|         0: [Parameter] value
-#   52|   12: [Indexer] Item
-#   52|     -1: [TypeMention] int
 #-----|     1: (Parameters)
-#   52|       0: [Parameter] a
-#   52|         -1: [TypeMention] int
-#   52|       1: [Parameter] b
-#   52|         -1: [TypeMention] int
-#   52|     3: [Getter] get_Item
+#   50|       0: [Parameter] a
+#   50|         -1: [TypeMention] int
+#   50|       1: [Parameter] b
+#   50|         -1: [TypeMention] int
+#   50|     3: [Getter] get_Item
 #-----|       2: (Parameters)
-#   52|         0: [Parameter] a
-#   52|         1: [Parameter] b
-#   52|       4: [AddExpr] ... + ...
-#   52|         0: [ParameterAccess] access to parameter a
-#   52|         1: [ParameterAccess] access to parameter b
-#   52|     4: [Setter] set_Item
+#   50|         0: [Parameter] a
+#   50|         1: [Parameter] b
+#   50|       4: [AddExpr] ... + ...
+#   50|         0: [ParameterAccess] access to parameter a
+#   50|         1: [ParameterAccess] access to parameter b
+#   50|     4: [Setter] set_Item
 #-----|       2: (Parameters)
-#   52|         0: [Parameter] a
-#   52|         1: [Parameter] b
-#   52|         2: [Parameter] value
-#   52|       4: [BlockStmt] {...}
-#   54|   13: [Method] f5
-#   54|     -1: [TypeMention] Void
-#   55|     4: [BlockStmt] {...}
-#   56|       0: [ExprStmt] ...;
+#   50|         0: [Parameter] a
+#   50|         1: [Parameter] b
+#   50|         2: [Parameter] value
+#   50|       4: [BlockStmt] {...}
+#   52|   13: [Method] f5
+#   52|     -1: [TypeMention] Void
+#   53|     4: [BlockStmt] {...}
+#   54|       0: [ExprStmt] ...;
+#   54|         0: [AssignExpr] ... = ...
+#   54|           0: [PropertyCall] access to property Prop
+#   54|           1: [IntLiteral] 0
+#   55|       1: [ExprStmt] ...;
+#   55|         0: [AssignExpr] ... = ...
+#   55|           0: [PropertyCall] access to property Prop
+#   55|           1: [IndexerCall] access to indexer
+#   55|             -1: [ThisAccess] this access
+#   55|             0: [IntLiteral] 1
+#   55|             1: [IntLiteral] 2
+#   56|       2: [ExprStmt] ...;
 #   56|         0: [AssignExpr] ... = ...
-#   56|           0: [PropertyCall] access to property Prop
-#   56|           1: [IntLiteral] 0
-#   57|       1: [ExprStmt] ...;
-#   57|         0: [AssignExpr] ... = ...
+#   56|           0: [TupleExpr] (..., ...)
+#   56|             0: [PropertyCall] access to property Prop
+#   56|             1: [IndexerCall] access to indexer
+#   56|               -1: [ThisAccess] this access
+#   56|               0: [IntLiteral] 3
+#   56|               1: [IntLiteral] 4
+#   56|           1: [TupleExpr] (..., ...)
+#   56|             0: [IntLiteral] 5
+#   56|             1: [IntLiteral] 6
+#   57|       3: [ExprStmt] ...;
+#   57|         0: [PostIncrExpr] ...++
 #   57|           0: [PropertyCall] access to property Prop
-#   57|           1: [IndexerCall] access to indexer
-#   57|             -1: [ThisAccess] this access
-#   57|             0: [IntLiteral] 1
-#   57|             1: [IntLiteral] 2
-#   58|       2: [ExprStmt] ...;
-#   58|         0: [AssignExpr] ... = ...
-#   58|           0: [TupleExpr] (..., ...)
-#   58|             0: [PropertyCall] access to property Prop
-#   58|             1: [IndexerCall] access to indexer
-#   58|               -1: [ThisAccess] this access
-#   58|               0: [IntLiteral] 3
-#   58|               1: [IntLiteral] 4
-#   58|           1: [TupleExpr] (..., ...)
-#   58|             0: [IntLiteral] 5
-#   58|             1: [IntLiteral] 6
-#   59|       3: [ExprStmt] ...;
+#   58|       4: [ExprStmt] ...;
+#   58|         0: [AssignAddExpr] ... += ...
+#   58|           0: [PropertyCall] access to property Prop
+#   58|           1: [IntLiteral] 7
+#   59|       5: [ExprStmt] ...;
 #   59|         0: [PostIncrExpr] ...++
-#   59|           0: [PropertyCall] access to property Prop
-#   60|       4: [ExprStmt] ...;
+#   59|           0: [IndexerCall] access to indexer
+#   59|             -1: [ThisAccess] this access
+#   59|             0: [IntLiteral] 8
+#   59|             1: [IntLiteral] 9
+#   60|       6: [ExprStmt] ...;
 #   60|         0: [AssignAddExpr] ... += ...
-#   60|           0: [PropertyCall] access to property Prop
-#   60|           1: [IntLiteral] 7
-#   61|       5: [ExprStmt] ...;
-#   61|         0: [PostIncrExpr] ...++
-#   61|           0: [IndexerCall] access to indexer
-#   61|             -1: [ThisAccess] this access
-#   61|             0: [IntLiteral] 8
-#   61|             1: [IntLiteral] 9
-#   62|       6: [ExprStmt] ...;
-#   62|         0: [AssignAddExpr] ... += ...
-#   62|           0: [IndexerCall] access to indexer
-#   62|             -1: [ThisAccess] this access
-#   62|             0: [IntLiteral] 10
-#   62|             1: [IntLiteral] 11
-#   62|           1: [IntLiteral] 12
-#   63|       7: [LocalVariableDeclStmt] ... ...;
-#   63|         0: [LocalVariableDeclAndInitExpr] (Int32,Int32) tuple = ...
-#   63|           -1: [TypeMention] (int, int)
-#   63|           0: [LocalVariableAccess] access to local variable tuple
-#   63|           1: [TupleExpr] (..., ...)
-#   63|             0: [IntLiteral] 13
-#   63|             1: [IntLiteral] 14
-#   64|       8: [ExprStmt] ...;
-#   64|         0: [AssignExpr] ... = ...
-#   64|           0: [TupleExpr] (..., ...)
-#   64|             0: [PropertyCall] access to property Prop
-#   64|             1: [IndexerCall] access to indexer
-#   64|               -1: [ThisAccess] this access
-#   64|               0: [IntLiteral] 15
-#   64|               1: [IntLiteral] 16
-#   64|           1: [LocalVariableAccess] access to local variable tuple
-#   68|   14: [Method] f6
-#   68|     -1: [TypeMention] Void
+#   60|           0: [IndexerCall] access to indexer
+#   60|             -1: [ThisAccess] this access
+#   60|             0: [IntLiteral] 10
+#   60|             1: [IntLiteral] 11
+#   60|           1: [IntLiteral] 12
+#   61|       7: [LocalVariableDeclStmt] ... ...;
+#   61|         0: [LocalVariableDeclAndInitExpr] (Int32,Int32) tuple = ...
+#   61|           -1: [TypeMention] (int, int)
+#   61|           0: [LocalVariableAccess] access to local variable tuple
+#   61|           1: [TupleExpr] (..., ...)
+#   61|             0: [IntLiteral] 13
+#   61|             1: [IntLiteral] 14
+#   62|       8: [ExprStmt] ...;
+#   62|         0: [AssignExpr] ... = ...
+#   62|           0: [TupleExpr] (..., ...)
+#   62|             0: [PropertyCall] access to property Prop
+#   62|             1: [IndexerCall] access to indexer
+#   62|               -1: [ThisAccess] this access
+#   62|               0: [IntLiteral] 15
+#   62|               1: [IntLiteral] 16
+#   62|           1: [LocalVariableAccess] access to local variable tuple
+#   66|   14: [Method] f6
+#   66|     -1: [TypeMention] Void
 #-----|     0: (Attributes)
-#   67|       1: [DefaultAttribute] [My(...)]
-#   67|         -1: [TypeMention] MyAttribute
-#   67|         0: [BoolLiteral] false
-#   68|     4: [BlockStmt] {...}
-#   71|   15: [Method] f7
-#   71|     -1: [TypeMention] Void
+#   65|       1: [DefaultAttribute] [My(...)]
+#   65|         -1: [TypeMention] MyAttribute
+#   65|         0: [BoolLiteral] false
+#   66|     4: [BlockStmt] {...}
+#   69|   15: [Method] f7
+#   69|     -1: [TypeMention] Void
 #-----|     0: (Attributes)
-#   70|       1: [DefaultAttribute] [My(...)]
-#   70|         -1: [TypeMention] MyAttribute
-#   70|         0: [BoolLiteral] true
-#   70|         1: [StringLiteralUtf16] ""
-#   70|         2: [IntLiteral] 0
-#   71|     4: [BlockStmt] {...}
-#   73|   17: [Method] f8`1
-#   73|     -1: [TypeMention] Void
-#-----|     1: (Type parameters)
-#   73|       0: [TypeParameter] T
-#-----|     2: (Parameters)
-#   73|       0: [Parameter] o
-#   73|         -1: [TypeMention] int
-#   73|       1: [Parameter] args
-#   73|         -1: [TypeMention] T[]
-#   73|           1: [TypeMention] T
-#   74|     4: [BlockStmt] {...}
-#   75|       0: [ExprStmt] ...;
-#   75|         0: [MethodCall] call to method f8`1
-#   75|           0: [IntLiteral] 0
-#   75|           1: [ArrayAccess] access to array element
-#   75|             -1: [ParameterAccess] access to parameter args
-#   75|             0: [IntLiteral] 0
-#   75|           2: [ArrayAccess] access to array element
-#   75|             -1: [ParameterAccess] access to parameter args
-#   75|             0: [IntLiteral] 1
-#   76|       1: [ExprStmt] ...;
-#   76|         0: [MethodCall] call to method f8`1
-#   76|           0: [IntLiteral] 0
-#   76|           1: [ArrayCreation] array creation of type T[]
-#   76|             -2: [TypeMention] T[]
-#   76|               1: [TypeMention] T
-#   76|             -1: [ArrayInitializer] { ..., ... }
-#   76|               0: [ArrayAccess] access to array element
-#   76|                 -1: [ParameterAccess] access to parameter args
-#   76|                 0: [IntLiteral] 0
-#   76|               1: [ArrayAccess] access to array element
-#   76|                 -1: [ParameterAccess] access to parameter args
-#   76|                 0: [IntLiteral] 1
-#   77|       2: [ExprStmt] ...;
-#   77|         0: [MethodCall] call to method f8`1
-#   77|           0: [IntLiteral] 0
-#   77|           1: [ParameterAccess] access to parameter args
-#   78|       3: [ExprStmt] ...;
-#   78|         0: [MethodCall] call to method f8`1
-#   78|           0: [ParameterAccess] access to parameter args
-#   78|           1: [IntLiteral] 0
-#   80|       4: [ExprStmt] ...;
-#   80|         0: [MethodCall] call to method f8<Double>
-#   80|           0: [IntLiteral] 0
-#   80|           1: [DoubleLiteral] 1.1
-#   80|           2: [DoubleLiteral] 2.2
-#   81|       5: [ExprStmt] ...;
-#   81|         0: [MethodCall] call to method f8<Double>
-#   81|           0: [IntLiteral] 0
-#   81|           1: [ArrayCreation] array creation of type Double[]
-#   81|             -2: [TypeMention] Double[]
-#   81|               1: [TypeMention] double
-#   81|             -1: [ArrayInitializer] { ..., ... }
-#   81|               0: [DoubleLiteral] 1.1
-#   81|               1: [DoubleLiteral] 2.2
-#   83|       6: [ExprStmt] ...;
-#   83|         0: [MethodCall] call to method f8<Double>
-#   83|           0: [IntLiteral] 0
-#   83|           1: [CastExpr] (...) ...
-#   83|             1: [IntLiteral] 1
-#   83|           2: [CastExpr] (...) ...
-#   83|             1: [IntLiteral] 2
-#   84|       7: [ExprStmt] ...;
-#   84|         0: [MethodCall] call to method f8<Double>
-#   84|           0: [IntLiteral] 0
-#   84|           1: [ArrayCreation] array creation of type Double[]
-#   84|             -2: [TypeMention] Double[]
-#   84|               1: [TypeMention] double
-#   84|             -1: [ArrayInitializer] { ..., ... }
-#   84|               0: [CastExpr] (...) ...
-#   84|                 1: [IntLiteral] 1
-#   84|               1: [CastExpr] (...) ...
-#   84|                 1: [IntLiteral] 2
-#   85|       8: [ExprStmt] ...;
-#   85|         0: [MethodCall] call to method f8<Double>
-#   85|           0: [IntLiteral] 0
-#   85|           1: [ArrayCreation] array creation of type Double[]
-#   85|             -2: [TypeMention] Double[]
-#   85|               1: [TypeMention] double
-#   85|             -1: [ArrayInitializer] { ..., ... }
-#   85|               0: [CastExpr] (...) ...
-#   85|                 1: [IntLiteral] 1
-#   85|               1: [CastExpr] (...) ...
-#   85|                 1: [IntLiteral] 2
-#   89| [Class] MyAttribute
+#   68|       1: [DefaultAttribute] [My(...)]
+#   68|         -1: [TypeMention] MyAttribute
+#   68|         0: [BoolLiteral] true
+#   68|         1: [StringLiteralUtf16] ""
+#   68|         2: [IntLiteral] 0
+#   69|     4: [BlockStmt] {...}
+#   72| [Class] MyAttribute
 #-----|   3: (Base types)
-#   89|     0: [TypeMention] Attribute
-#   91|   4: [Field] x
-#   91|     -1: [TypeMention] int
-#   92|   5: [Property] y
-#   92|     -1: [TypeMention] string
-#   92|     3: [Getter] get_y
-#   92|     4: [Setter] set_y
+#   72|     0: [TypeMention] Attribute
+#   74|   4: [Field] x
+#   74|     -1: [TypeMention] int
+#   75|   5: [Property] y
+#   75|     -1: [TypeMention] string
+#   75|     3: [Getter] get_y
+#   75|     4: [Setter] set_y
 #-----|       2: (Parameters)
-#   92|         0: [Parameter] value
-#   93|   6: [InstanceConstructor] MyAttribute
+#   75|         0: [Parameter] value
+#   76|   6: [InstanceConstructor] MyAttribute
 #-----|     2: (Parameters)
-#   93|       0: [Parameter] b
-#   93|         -1: [TypeMention] bool
-#   93|     4: [BlockStmt] {...}
+#   76|       0: [Parameter] b
+#   76|         -1: [TypeMention] bool
+#   76|     4: [BlockStmt] {...}

csharp/ql/test/library-tests/arguments/argumentByName.expected

@@ -8,11 +8,8 @@
 | arguments.cs:30:9:30:38 | object creation of type ArgumentsTest | arguments.cs:30:30:30:31 | 10 | y |
 | arguments.cs:30:9:30:38 | object creation of type ArgumentsTest | arguments.cs:30:37:30:37 | 5 | x |
 | arguments.cs:35:9:35:19 | call to method f3 | arguments.cs:35:12:35:12 | 0 | o |
-| arguments.cs:35:9:35:19 | call to method f3 | arguments.cs:35:15:35:15 | 1 | args |
-| arguments.cs:35:9:35:19 | call to method f3 | arguments.cs:35:18:35:18 | 2 | args |
 | arguments.cs:36:9:36:33 | call to method f3 | arguments.cs:36:12:36:12 | 0 | o |
 | arguments.cs:36:9:36:33 | call to method f3 | arguments.cs:36:15:36:32 | array creation of type Int32[] | args |
-| arguments.cs:37:9:37:25 | call to method f3 | arguments.cs:37:18:37:18 | 1 | args |
 | arguments.cs:37:9:37:25 | call to method f3 | arguments.cs:37:24:37:24 | 0 | o |
 | arguments.cs:38:9:38:19 | call to method f3 | arguments.cs:38:12:38:12 | 0 | o |
 | arguments.cs:38:9:38:19 | call to method f3 | arguments.cs:38:15:38:18 | access to parameter args | args |
@@ -20,47 +17,21 @@
 | arguments.cs:39:9:39:28 | call to method f3 | arguments.cs:39:27:39:27 | 0 | o |
 | arguments.cs:40:9:40:42 | call to method f3 | arguments.cs:40:18:40:35 | array creation of type Int32[] | args |
 | arguments.cs:40:9:40:42 | call to method f3 | arguments.cs:40:41:40:41 | 0 | o |
-| arguments.cs:42:9:42:21 | call to method f3 | arguments.cs:42:12:42:12 | 0 | o |
-| arguments.cs:42:9:42:21 | call to method f3 | arguments.cs:42:15:42:16 | (...) ... | args |
-| arguments.cs:42:9:42:21 | call to method f3 | arguments.cs:42:19:42:20 | (...) ... | args |
-| arguments.cs:47:9:47:39 | call to method f4 | arguments.cs:47:12:47:32 | array creation of type Object[] | args |
-| arguments.cs:47:9:47:39 | call to method f4 | arguments.cs:47:35:47:38 | null | args |
-| arguments.cs:56:9:56:12 | access to property Prop | arguments.cs:56:16:56:16 | 0 | value |
-| arguments.cs:57:9:57:12 | access to property Prop | arguments.cs:57:16:57:25 | access to indexer | value |
-| arguments.cs:57:16:57:25 | access to indexer | arguments.cs:57:21:57:21 | 1 | a |
-| arguments.cs:57:16:57:25 | access to indexer | arguments.cs:57:24:57:24 | 2 | b |
-| arguments.cs:58:10:58:13 | access to property Prop | arguments.cs:58:31:58:31 | 5 | value |
-| arguments.cs:58:16:58:25 | access to indexer | arguments.cs:58:21:58:21 | 3 | a |
-| arguments.cs:58:16:58:25 | access to indexer | arguments.cs:58:24:58:24 | 4 | b |
-| arguments.cs:58:16:58:25 | access to indexer | arguments.cs:58:34:58:34 | 6 | value |
-| arguments.cs:60:9:60:12 | access to property Prop | arguments.cs:60:9:60:17 | ... + ... | value |
-| arguments.cs:61:9:61:18 | access to indexer | arguments.cs:61:14:61:14 | 8 | a |
-| arguments.cs:61:9:61:18 | access to indexer | arguments.cs:61:17:61:17 | 9 | b |
-| arguments.cs:62:9:62:20 | access to indexer | arguments.cs:62:9:62:26 | ... + ... | value |
-| arguments.cs:62:9:62:20 | access to indexer | arguments.cs:62:14:62:15 | 10 | a |
-| arguments.cs:62:9:62:20 | access to indexer | arguments.cs:62:14:62:15 | 10 | a |
-| arguments.cs:62:9:62:20 | access to indexer | arguments.cs:62:18:62:19 | 11 | b |
-| arguments.cs:62:9:62:20 | access to indexer | arguments.cs:62:18:62:19 | 11 | b |
-| arguments.cs:64:16:64:27 | access to indexer | arguments.cs:64:21:64:22 | 15 | a |
-| arguments.cs:64:16:64:27 | access to indexer | arguments.cs:64:25:64:26 | 16 | b |
-| arguments.cs:75:9:75:31 | call to method f8`1 | arguments.cs:75:12:75:12 | 0 | o |
-| arguments.cs:75:9:75:31 | call to method f8`1 | arguments.cs:75:15:75:21 | access to array element | args |
-| arguments.cs:75:9:75:31 | call to method f8`1 | arguments.cs:75:24:75:30 | access to array element | args |
-| arguments.cs:76:9:76:43 | call to method f8`1 | arguments.cs:76:12:76:12 | 0 | o |
-| arguments.cs:76:9:76:43 | call to method f8`1 | arguments.cs:76:15:76:42 | array creation of type T[] | args |
-| arguments.cs:77:9:77:19 | call to method f8`1 | arguments.cs:77:12:77:12 | 0 | o |
-| arguments.cs:77:9:77:19 | call to method f8`1 | arguments.cs:77:15:77:18 | access to parameter args | args |
-| arguments.cs:78:9:78:28 | call to method f8`1 | arguments.cs:78:18:78:21 | access to parameter args | args |
-| arguments.cs:78:9:78:28 | call to method f8`1 | arguments.cs:78:27:78:27 | 0 | o |
-| arguments.cs:80:9:80:31 | call to method f8<Double> | arguments.cs:80:20:80:20 | 0 | o |
-| arguments.cs:80:9:80:31 | call to method f8<Double> | arguments.cs:80:23:80:25 | 1.1 | args |
-| arguments.cs:80:9:80:31 | call to method f8<Double> | arguments.cs:80:28:80:30 | 2.2 | args |
-| arguments.cs:81:9:81:48 | call to method f8<Double> | arguments.cs:81:20:81:20 | 0 | o |
-| arguments.cs:81:9:81:48 | call to method f8<Double> | arguments.cs:81:23:81:47 | array creation of type Double[] | args |
-| arguments.cs:83:9:83:27 | call to method f8<Double> | arguments.cs:83:20:83:20 | 0 | o |
-| arguments.cs:83:9:83:27 | call to method f8<Double> | arguments.cs:83:23:83:23 | (...) ... | args |
-| arguments.cs:83:9:83:27 | call to method f8<Double> | arguments.cs:83:26:83:26 | (...) ... | args |
-| arguments.cs:84:9:84:44 | call to method f8<Double> | arguments.cs:84:20:84:20 | 0 | o |
-| arguments.cs:84:9:84:44 | call to method f8<Double> | arguments.cs:84:23:84:43 | array creation of type Double[] | args |
-| arguments.cs:85:9:85:44 | call to method f8<Double> | arguments.cs:85:20:85:20 | 0 | o |
-| arguments.cs:85:9:85:44 | call to method f8<Double> | arguments.cs:85:23:85:43 | array creation of type Double[] | args |
+| arguments.cs:54:9:54:12 | access to property Prop | arguments.cs:54:16:54:16 | 0 | value |
+| arguments.cs:55:9:55:12 | access to property Prop | arguments.cs:55:16:55:25 | access to indexer | value |
+| arguments.cs:55:16:55:25 | access to indexer | arguments.cs:55:21:55:21 | 1 | a |
+| arguments.cs:55:16:55:25 | access to indexer | arguments.cs:55:24:55:24 | 2 | b |
+| arguments.cs:56:10:56:13 | access to property Prop | arguments.cs:56:31:56:31 | 5 | value |
+| arguments.cs:56:16:56:25 | access to indexer | arguments.cs:56:21:56:21 | 3 | a |
+| arguments.cs:56:16:56:25 | access to indexer | arguments.cs:56:24:56:24 | 4 | b |
+| arguments.cs:56:16:56:25 | access to indexer | arguments.cs:56:34:56:34 | 6 | value |
+| arguments.cs:58:9:58:12 | access to property Prop | arguments.cs:58:9:58:17 | ... + ... | value |
+| arguments.cs:59:9:59:18 | access to indexer | arguments.cs:59:14:59:14 | 8 | a |
+| arguments.cs:59:9:59:18 | access to indexer | arguments.cs:59:17:59:17 | 9 | b |
+| arguments.cs:60:9:60:20 | access to indexer | arguments.cs:60:9:60:26 | ... + ... | value |
+| arguments.cs:60:9:60:20 | access to indexer | arguments.cs:60:14:60:15 | 10 | a |
+| arguments.cs:60:9:60:20 | access to indexer | arguments.cs:60:14:60:15 | 10 | a |
+| arguments.cs:60:9:60:20 | access to indexer | arguments.cs:60:18:60:19 | 11 | b |
+| arguments.cs:60:9:60:20 | access to indexer | arguments.cs:60:18:60:19 | 11 | b |
+| arguments.cs:62:16:62:27 | access to indexer | arguments.cs:62:21:62:22 | 15 | a |
+| arguments.cs:62:16:62:27 | access to indexer | arguments.cs:62:25:62:26 | 16 | b |

csharp/ql/test/library-tests/arguments/argumentByParameter.expected

@@ -8,11 +8,8 @@
 | arguments.cs:30:9:30:38 | object creation of type ArgumentsTest | arguments.cs:30:30:30:31 | 10 | arguments.cs:5:41:5:41 | y |
 | arguments.cs:30:9:30:38 | object creation of type ArgumentsTest | arguments.cs:30:37:30:37 | 5 | arguments.cs:5:30:5:30 | x |
 | arguments.cs:35:9:35:19 | call to method f3 | arguments.cs:35:12:35:12 | 0 | arguments.cs:33:17:33:17 | o |
-| arguments.cs:35:9:35:19 | call to method f3 | arguments.cs:35:15:35:15 | 1 | arguments.cs:33:33:33:36 | args |
-| arguments.cs:35:9:35:19 | call to method f3 | arguments.cs:35:18:35:18 | 2 | arguments.cs:33:33:33:36 | args |
 | arguments.cs:36:9:36:33 | call to method f3 | arguments.cs:36:12:36:12 | 0 | arguments.cs:33:17:33:17 | o |
 | arguments.cs:36:9:36:33 | call to method f3 | arguments.cs:36:15:36:32 | array creation of type Int32[] | arguments.cs:33:33:33:36 | args |
-| arguments.cs:37:9:37:25 | call to method f3 | arguments.cs:37:18:37:18 | 1 | arguments.cs:33:33:33:36 | args |
 | arguments.cs:37:9:37:25 | call to method f3 | arguments.cs:37:24:37:24 | 0 | arguments.cs:33:17:33:17 | o |
 | arguments.cs:38:9:38:19 | call to method f3 | arguments.cs:38:12:38:12 | 0 | arguments.cs:33:17:33:17 | o |
 | arguments.cs:38:9:38:19 | call to method f3 | arguments.cs:38:15:38:18 | access to parameter args | arguments.cs:33:33:33:36 | args |
@@ -20,49 +17,23 @@
 | arguments.cs:39:9:39:28 | call to method f3 | arguments.cs:39:27:39:27 | 0 | arguments.cs:33:17:33:17 | o |
 | arguments.cs:40:9:40:42 | call to method f3 | arguments.cs:40:18:40:35 | array creation of type Int32[] | arguments.cs:33:33:33:36 | args |
 | arguments.cs:40:9:40:42 | call to method f3 | arguments.cs:40:41:40:41 | 0 | arguments.cs:33:17:33:17 | o |
-| arguments.cs:42:9:42:21 | call to method f3 | arguments.cs:42:12:42:12 | 0 | arguments.cs:33:17:33:17 | o |
-| arguments.cs:42:9:42:21 | call to method f3 | arguments.cs:42:15:42:16 | (...) ... | arguments.cs:33:33:33:36 | args |
-| arguments.cs:42:9:42:21 | call to method f3 | arguments.cs:42:19:42:20 | (...) ... | arguments.cs:33:33:33:36 | args |
-| arguments.cs:47:9:47:39 | call to method f4 | arguments.cs:47:12:47:32 | array creation of type Object[] | arguments.cs:45:29:45:32 | args |
-| arguments.cs:47:9:47:39 | call to method f4 | arguments.cs:47:35:47:38 | null | arguments.cs:45:29:45:32 | args |
-| arguments.cs:56:9:56:12 | access to property Prop | arguments.cs:56:16:56:16 | 0 | arguments.cs:50:21:50:23 | value |
-| arguments.cs:57:9:57:12 | access to property Prop | arguments.cs:57:16:57:25 | access to indexer | arguments.cs:50:21:50:23 | value |
-| arguments.cs:57:16:57:25 | access to indexer | arguments.cs:57:21:57:21 | 1 | arguments.cs:52:18:52:18 | a |
-| arguments.cs:57:16:57:25 | access to indexer | arguments.cs:57:24:57:24 | 2 | arguments.cs:52:25:52:25 | b |
-| arguments.cs:58:10:58:13 | access to property Prop | arguments.cs:58:31:58:31 | 5 | arguments.cs:50:21:50:23 | value |
-| arguments.cs:58:16:58:25 | access to indexer | arguments.cs:58:21:58:21 | 3 | arguments.cs:52:18:52:18 | a |
-| arguments.cs:58:16:58:25 | access to indexer | arguments.cs:58:24:58:24 | 4 | arguments.cs:52:25:52:25 | b |
-| arguments.cs:58:16:58:25 | access to indexer | arguments.cs:58:34:58:34 | 6 | arguments.cs:52:44:52:46 | value |
-| arguments.cs:60:9:60:12 | access to property Prop | arguments.cs:60:9:60:17 | ... + ... | arguments.cs:50:21:50:23 | value |
-| arguments.cs:61:9:61:18 | access to indexer | arguments.cs:61:14:61:14 | 8 | arguments.cs:52:18:52:18 | a |
-| arguments.cs:61:9:61:18 | access to indexer | arguments.cs:61:14:61:14 | 8 | arguments.cs:52:18:52:18 | a |
-| arguments.cs:61:9:61:18 | access to indexer | arguments.cs:61:17:61:17 | 9 | arguments.cs:52:25:52:25 | b |
-| arguments.cs:61:9:61:18 | access to indexer | arguments.cs:61:17:61:17 | 9 | arguments.cs:52:25:52:25 | b |
-| arguments.cs:62:9:62:20 | access to indexer | arguments.cs:62:9:62:26 | ... + ... | arguments.cs:52:44:52:46 | value |
-| arguments.cs:62:9:62:20 | access to indexer | arguments.cs:62:14:62:15 | 10 | arguments.cs:52:18:52:18 | a |
-| arguments.cs:62:9:62:20 | access to indexer | arguments.cs:62:14:62:15 | 10 | arguments.cs:52:18:52:18 | a |
-| arguments.cs:62:9:62:20 | access to indexer | arguments.cs:62:18:62:19 | 11 | arguments.cs:52:25:52:25 | b |
-| arguments.cs:62:9:62:20 | access to indexer | arguments.cs:62:18:62:19 | 11 | arguments.cs:52:25:52:25 | b |
-| arguments.cs:64:16:64:27 | access to indexer | arguments.cs:64:21:64:22 | 15 | arguments.cs:52:18:52:18 | a |
-| arguments.cs:64:16:64:27 | access to indexer | arguments.cs:64:25:64:26 | 16 | arguments.cs:52:25:52:25 | b |
-| arguments.cs:75:9:75:31 | call to method f8`1 | arguments.cs:75:12:75:12 | 0 | arguments.cs:73:20:73:20 | o |
-| arguments.cs:75:9:75:31 | call to method f8`1 | arguments.cs:75:15:75:21 | access to array element | arguments.cs:73:34:73:37 | args |
-| arguments.cs:75:9:75:31 | call to method f8`1 | arguments.cs:75:24:75:30 | access to array element | arguments.cs:73:34:73:37 | args |
-| arguments.cs:76:9:76:43 | call to method f8`1 | arguments.cs:76:12:76:12 | 0 | arguments.cs:73:20:73:20 | o |
-| arguments.cs:76:9:76:43 | call to method f8`1 | arguments.cs:76:15:76:42 | array creation of type T[] | arguments.cs:73:34:73:37 | args |
-| arguments.cs:77:9:77:19 | call to method f8`1 | arguments.cs:77:12:77:12 | 0 | arguments.cs:73:20:73:20 | o |
-| arguments.cs:77:9:77:19 | call to method f8`1 | arguments.cs:77:15:77:18 | access to parameter args | arguments.cs:73:34:73:37 | args |
-| arguments.cs:78:9:78:28 | call to method f8`1 | arguments.cs:78:18:78:21 | access to parameter args | arguments.cs:73:34:73:37 | args |
-| arguments.cs:78:9:78:28 | call to method f8`1 | arguments.cs:78:27:78:27 | 0 | arguments.cs:73:20:73:20 | o |
-| arguments.cs:80:9:80:31 | call to method f8<Double> | arguments.cs:80:20:80:20 | 0 | arguments.cs:73:20:73:20 | o |
-| arguments.cs:80:9:80:31 | call to method f8<Double> | arguments.cs:80:23:80:25 | 1.1 | arguments.cs:73:34:73:37 | args |
-| arguments.cs:80:9:80:31 | call to method f8<Double> | arguments.cs:80:28:80:30 | 2.2 | arguments.cs:73:34:73:37 | args |
-| arguments.cs:81:9:81:48 | call to method f8<Double> | arguments.cs:81:20:81:20 | 0 | arguments.cs:73:20:73:20 | o |
-| arguments.cs:81:9:81:48 | call to method f8<Double> | arguments.cs:81:23:81:47 | array creation of type Double[] | arguments.cs:73:34:73:37 | args |
-| arguments.cs:83:9:83:27 | call to method f8<Double> | arguments.cs:83:20:83:20 | 0 | arguments.cs:73:20:73:20 | o |
-| arguments.cs:83:9:83:27 | call to method f8<Double> | arguments.cs:83:23:83:23 | (...) ... | arguments.cs:73:34:73:37 | args |
-| arguments.cs:83:9:83:27 | call to method f8<Double> | arguments.cs:83:26:83:26 | (...) ... | arguments.cs:73:34:73:37 | args |
-| arguments.cs:84:9:84:44 | call to method f8<Double> | arguments.cs:84:20:84:20 | 0 | arguments.cs:73:20:73:20 | o |
-| arguments.cs:84:9:84:44 | call to method f8<Double> | arguments.cs:84:23:84:43 | array creation of type Double[] | arguments.cs:73:34:73:37 | args |
-| arguments.cs:85:9:85:44 | call to method f8<Double> | arguments.cs:85:20:85:20 | 0 | arguments.cs:73:20:73:20 | o |
-| arguments.cs:85:9:85:44 | call to method f8<Double> | arguments.cs:85:23:85:43 | array creation of type Double[] | arguments.cs:73:34:73:37 | args |
+| arguments.cs:54:9:54:12 | access to property Prop | arguments.cs:54:16:54:16 | 0 | arguments.cs:48:21:48:23 | value |
+| arguments.cs:55:9:55:12 | access to property Prop | arguments.cs:55:16:55:25 | access to indexer | arguments.cs:48:21:48:23 | value |
+| arguments.cs:55:16:55:25 | access to indexer | arguments.cs:55:21:55:21 | 1 | arguments.cs:50:18:50:18 | a |
+| arguments.cs:55:16:55:25 | access to indexer | arguments.cs:55:24:55:24 | 2 | arguments.cs:50:25:50:25 | b |
+| arguments.cs:56:10:56:13 | access to property Prop | arguments.cs:56:31:56:31 | 5 | arguments.cs:48:21:48:23 | value |
+| arguments.cs:56:16:56:25 | access to indexer | arguments.cs:56:21:56:21 | 3 | arguments.cs:50:18:50:18 | a |
+| arguments.cs:56:16:56:25 | access to indexer | arguments.cs:56:24:56:24 | 4 | arguments.cs:50:25:50:25 | b |
+| arguments.cs:56:16:56:25 | access to indexer | arguments.cs:56:34:56:34 | 6 | arguments.cs:50:44:50:46 | value |
+| arguments.cs:58:9:58:12 | access to property Prop | arguments.cs:58:9:58:17 | ... + ... | arguments.cs:48:21:48:23 | value |
+| arguments.cs:59:9:59:18 | access to indexer | arguments.cs:59:14:59:14 | 8 | arguments.cs:50:18:50:18 | a |
+| arguments.cs:59:9:59:18 | access to indexer | arguments.cs:59:14:59:14 | 8 | arguments.cs:50:18:50:18 | a |
+| arguments.cs:59:9:59:18 | access to indexer | arguments.cs:59:17:59:17 | 9 | arguments.cs:50:25:50:25 | b |
+| arguments.cs:59:9:59:18 | access to indexer | arguments.cs:59:17:59:17 | 9 | arguments.cs:50:25:50:25 | b |
+| arguments.cs:60:9:60:20 | access to indexer | arguments.cs:60:9:60:26 | ... + ... | arguments.cs:50:44:50:46 | value |
+| arguments.cs:60:9:60:20 | access to indexer | arguments.cs:60:14:60:15 | 10 | arguments.cs:50:18:50:18 | a |
+| arguments.cs:60:9:60:20 | access to indexer | arguments.cs:60:14:60:15 | 10 | arguments.cs:50:18:50:18 | a |
+| arguments.cs:60:9:60:20 | access to indexer | arguments.cs:60:18:60:19 | 11 | arguments.cs:50:25:50:25 | b |
+| arguments.cs:60:9:60:20 | access to indexer | arguments.cs:60:18:60:19 | 11 | arguments.cs:50:25:50:25 | b |
+| arguments.cs:62:16:62:27 | access to indexer | arguments.cs:62:21:62:22 | 15 | arguments.cs:50:18:50:18 | a |
+| arguments.cs:62:16:62:27 | access to indexer | arguments.cs:62:25:62:26 | 16 | arguments.cs:50:25:50:25 | b |

csharp/ql/test/library-tests/arguments/argumentName.expected

@@ -7,7 +7,5 @@
 | arguments.cs:39:27:39:27 | 0 | o |
 | arguments.cs:40:18:40:35 | array creation of type Int32[] | args |
 | arguments.cs:40:41:40:41 | 0 | o |
-| arguments.cs:70:28:70:29 | "" | y |
-| arguments.cs:70:36:70:36 | 0 | x |
-| arguments.cs:78:18:78:21 | access to parameter args | args |
-| arguments.cs:78:27:78:27 | 0 | o |
+| arguments.cs:68:28:68:29 | "" | y |
+| arguments.cs:68:36:68:36 | 0 | x |

csharp/ql/test/library-tests/arguments/argumentType.expected

@@ -20,53 +20,25 @@
 | arguments.cs:39:27:39:27 | 0 | 0 |
 | arguments.cs:40:18:40:35 | array creation of type Int32[] | 0 |
 | arguments.cs:40:41:40:41 | 0 | 0 |
-| arguments.cs:42:12:42:12 | 0 | 0 |
-| arguments.cs:42:15:42:16 | (...) ... | 0 |
-| arguments.cs:42:19:42:20 | (...) ... | 0 |
-| arguments.cs:47:12:47:32 | array creation of type Object[] | 0 |
-| arguments.cs:47:35:47:38 | null | 0 |
-| arguments.cs:57:21:57:21 | 1 | 0 |
-| arguments.cs:57:24:57:24 | 2 | 0 |
-| arguments.cs:58:10:58:13 | access to property Prop | 0 |
-| arguments.cs:58:16:58:25 | access to indexer | 0 |
-| arguments.cs:58:21:58:21 | 3 | 0 |
-| arguments.cs:58:24:58:24 | 4 | 0 |
-| arguments.cs:58:31:58:31 | 5 | 0 |
-| arguments.cs:58:34:58:34 | 6 | 0 |
-| arguments.cs:61:14:61:14 | 8 | 0 |
-| arguments.cs:61:17:61:17 | 9 | 0 |
-| arguments.cs:62:14:62:15 | 10 | 0 |
-| arguments.cs:62:14:62:15 | 10 | 0 |
-| arguments.cs:62:18:62:19 | 11 | 0 |
-| arguments.cs:62:18:62:19 | 11 | 0 |
-| arguments.cs:63:22:63:23 | 13 | 0 |
-| arguments.cs:63:26:63:27 | 14 | 0 |
-| arguments.cs:64:10:64:13 | access to property Prop | 0 |
-| arguments.cs:64:16:64:27 | access to indexer | 0 |
-| arguments.cs:64:21:64:22 | 15 | 0 |
-| arguments.cs:64:25:64:26 | 16 | 0 |
-| arguments.cs:75:12:75:12 | 0 | 0 |
-| arguments.cs:75:15:75:21 | access to array element | 0 |
-| arguments.cs:75:20:75:20 | 0 | 0 |
-| arguments.cs:75:24:75:30 | access to array element | 0 |
-| arguments.cs:75:29:75:29 | 1 | 0 |
-| arguments.cs:76:12:76:12 | 0 | 0 |
-| arguments.cs:76:15:76:42 | array creation of type T[] | 0 |
-| arguments.cs:76:30:76:30 | 0 | 0 |
-| arguments.cs:76:39:76:39 | 1 | 0 |
-| arguments.cs:77:12:77:12 | 0 | 0 |
-| arguments.cs:77:15:77:18 | access to parameter args | 0 |
-| arguments.cs:78:18:78:21 | access to parameter args | 0 |
-| arguments.cs:78:27:78:27 | 0 | 0 |
-| arguments.cs:80:20:80:20 | 0 | 0 |
-| arguments.cs:80:23:80:25 | 1.1 | 0 |
-| arguments.cs:80:28:80:30 | 2.2 | 0 |
-| arguments.cs:81:20:81:20 | 0 | 0 |
-| arguments.cs:81:23:81:47 | array creation of type Double[] | 0 |
-| arguments.cs:83:20:83:20 | 0 | 0 |
-| arguments.cs:83:23:83:23 | (...) ... | 0 |
-| arguments.cs:83:26:83:26 | (...) ... | 0 |
-| arguments.cs:84:20:84:20 | 0 | 0 |
-| arguments.cs:84:23:84:43 | array creation of type Double[] | 0 |
-| arguments.cs:85:20:85:20 | 0 | 0 |
-| arguments.cs:85:23:85:43 | array creation of type Double[] | 0 |
+| arguments.cs:45:12:45:32 | array creation of type Object[] | 0 |
+| arguments.cs:45:35:45:38 | null | 0 |
+| arguments.cs:55:21:55:21 | 1 | 0 |
+| arguments.cs:55:24:55:24 | 2 | 0 |
+| arguments.cs:56:10:56:13 | access to property Prop | 0 |
+| arguments.cs:56:16:56:25 | access to indexer | 0 |
+| arguments.cs:56:21:56:21 | 3 | 0 |
+| arguments.cs:56:24:56:24 | 4 | 0 |
+| arguments.cs:56:31:56:31 | 5 | 0 |
+| arguments.cs:56:34:56:34 | 6 | 0 |
+| arguments.cs:59:14:59:14 | 8 | 0 |
+| arguments.cs:59:17:59:17 | 9 | 0 |
+| arguments.cs:60:14:60:15 | 10 | 0 |
+| arguments.cs:60:14:60:15 | 10 | 0 |
+| arguments.cs:60:18:60:19 | 11 | 0 |
+| arguments.cs:60:18:60:19 | 11 | 0 |
+| arguments.cs:61:22:61:23 | 13 | 0 |
+| arguments.cs:61:26:61:27 | 14 | 0 |
+| arguments.cs:62:10:62:13 | access to property Prop | 0 |
+| arguments.cs:62:16:62:27 | access to indexer | 0 |
+| arguments.cs:62:21:62:22 | 15 | 0 |
+| arguments.cs:62:25:62:26 | 16 | 0 |

csharp/ql/test/library-tests/arguments/arguments.cs

@@ -38,8 +38,6 @@ class ArgumentsTest
         f3(0, args);
         f3(args: args, o: 0);
         f3(args: new int[] { 1, 2 }, o: 0);
-        short s1 = 1, s2 = 2;
-        f3(0, s1, s2);
     }
 
     void f4(params object[] args)
@@ -69,21 +67,6 @@ class ArgumentsTest
 
     [MyAttribute(true, y = "", x = 0)]
     void f7() { }
-
-    void f8<T>(int o, params T[] args)
-    {
-        f8(0, args[0], args[1]);
-        f8(0, new T[] { args[0], args[1] });
-        f8(0, args);
-        f8(args: args, o: 0);
-
-        f8<double>(0, 1.1, 2.2);
-        f8<double>(0, new double[] { 1.1, 2.2 });
-
-        f8<double>(0, 1, 2);
-        f8<double>(0, new double[] { 1, 2 });
-        f8<double>(0, new double[] { 1, 2 });
-    }
 }
 
 class MyAttribute : Attribute

csharp/ql/test/library-tests/arguments/parameterGetArguments.expected

@@ -13,56 +13,27 @@
 | arguments.cs:33:17:33:17 | o | arguments.cs:38:12:38:12 | 0 |
 | arguments.cs:33:17:33:17 | o | arguments.cs:39:27:39:27 | 0 |
 | arguments.cs:33:17:33:17 | o | arguments.cs:40:41:40:41 | 0 |
-| arguments.cs:33:17:33:17 | o | arguments.cs:42:12:42:12 | 0 |
-| arguments.cs:33:33:33:36 | args | arguments.cs:35:15:35:15 | 1 |
-| arguments.cs:33:33:33:36 | args | arguments.cs:35:18:35:18 | 2 |
 | arguments.cs:33:33:33:36 | args | arguments.cs:36:15:36:32 | array creation of type Int32[] |
-| arguments.cs:33:33:33:36 | args | arguments.cs:37:18:37:18 | 1 |
 | arguments.cs:33:33:33:36 | args | arguments.cs:38:15:38:18 | access to parameter args |
 | arguments.cs:33:33:33:36 | args | arguments.cs:39:18:39:21 | access to parameter args |
 | arguments.cs:33:33:33:36 | args | arguments.cs:40:18:40:35 | array creation of type Int32[] |
-| arguments.cs:33:33:33:36 | args | arguments.cs:42:15:42:16 | (...) ... |
-| arguments.cs:33:33:33:36 | args | arguments.cs:42:19:42:20 | (...) ... |
-| arguments.cs:45:29:45:32 | args | arguments.cs:47:12:47:32 | array creation of type Object[] |
-| arguments.cs:45:29:45:32 | args | arguments.cs:47:35:47:38 | null |
-| arguments.cs:50:21:50:23 | value | arguments.cs:56:16:56:16 | 0 |
-| arguments.cs:50:21:50:23 | value | arguments.cs:57:16:57:25 | access to indexer |
-| arguments.cs:50:21:50:23 | value | arguments.cs:58:31:58:31 | 5 |
-| arguments.cs:50:21:50:23 | value | arguments.cs:60:9:60:17 | ... + ... |
-| arguments.cs:52:18:52:18 | a | arguments.cs:57:21:57:21 | 1 |
-| arguments.cs:52:18:52:18 | a | arguments.cs:58:21:58:21 | 3 |
-| arguments.cs:52:18:52:18 | a | arguments.cs:61:14:61:14 | 8 |
-| arguments.cs:52:18:52:18 | a | arguments.cs:61:14:61:14 | 8 |
-| arguments.cs:52:18:52:18 | a | arguments.cs:62:14:62:15 | 10 |
-| arguments.cs:52:18:52:18 | a | arguments.cs:62:14:62:15 | 10 |
-| arguments.cs:52:18:52:18 | a | arguments.cs:64:21:64:22 | 15 |
-| arguments.cs:52:25:52:25 | b | arguments.cs:57:24:57:24 | 2 |
-| arguments.cs:52:25:52:25 | b | arguments.cs:58:24:58:24 | 4 |
-| arguments.cs:52:25:52:25 | b | arguments.cs:61:17:61:17 | 9 |
-| arguments.cs:52:25:52:25 | b | arguments.cs:61:17:61:17 | 9 |
-| arguments.cs:52:25:52:25 | b | arguments.cs:62:18:62:19 | 11 |
-| arguments.cs:52:25:52:25 | b | arguments.cs:62:18:62:19 | 11 |
-| arguments.cs:52:25:52:25 | b | arguments.cs:64:25:64:26 | 16 |
-| arguments.cs:52:44:52:46 | value | arguments.cs:58:34:58:34 | 6 |
-| arguments.cs:52:44:52:46 | value | arguments.cs:62:9:62:26 | ... + ... |
-| arguments.cs:73:20:73:20 | o | arguments.cs:75:12:75:12 | 0 |
-| arguments.cs:73:20:73:20 | o | arguments.cs:76:12:76:12 | 0 |
-| arguments.cs:73:20:73:20 | o | arguments.cs:77:12:77:12 | 0 |
-| arguments.cs:73:20:73:20 | o | arguments.cs:78:27:78:27 | 0 |
-| arguments.cs:73:20:73:20 | o | arguments.cs:80:20:80:20 | 0 |
-| arguments.cs:73:20:73:20 | o | arguments.cs:81:20:81:20 | 0 |
-| arguments.cs:73:20:73:20 | o | arguments.cs:83:20:83:20 | 0 |
-| arguments.cs:73:20:73:20 | o | arguments.cs:84:20:84:20 | 0 |
-| arguments.cs:73:20:73:20 | o | arguments.cs:85:20:85:20 | 0 |
-| arguments.cs:73:34:73:37 | args | arguments.cs:75:15:75:21 | access to array element |
-| arguments.cs:73:34:73:37 | args | arguments.cs:75:24:75:30 | access to array element |
-| arguments.cs:73:34:73:37 | args | arguments.cs:76:15:76:42 | array creation of type T[] |
-| arguments.cs:73:34:73:37 | args | arguments.cs:77:15:77:18 | access to parameter args |
-| arguments.cs:73:34:73:37 | args | arguments.cs:78:18:78:21 | access to parameter args |
-| arguments.cs:73:34:73:37 | args | arguments.cs:80:23:80:25 | 1.1 |
-| arguments.cs:73:34:73:37 | args | arguments.cs:80:28:80:30 | 2.2 |
-| arguments.cs:73:34:73:37 | args | arguments.cs:81:23:81:47 | array creation of type Double[] |
-| arguments.cs:73:34:73:37 | args | arguments.cs:83:23:83:23 | (...) ... |
-| arguments.cs:73:34:73:37 | args | arguments.cs:83:26:83:26 | (...) ... |
-| arguments.cs:73:34:73:37 | args | arguments.cs:84:23:84:43 | array creation of type Double[] |
-| arguments.cs:73:34:73:37 | args | arguments.cs:85:23:85:43 | array creation of type Double[] |
+| arguments.cs:48:21:48:23 | value | arguments.cs:54:16:54:16 | 0 |
+| arguments.cs:48:21:48:23 | value | arguments.cs:55:16:55:25 | access to indexer |
+| arguments.cs:48:21:48:23 | value | arguments.cs:56:31:56:31 | 5 |
+| arguments.cs:48:21:48:23 | value | arguments.cs:58:9:58:17 | ... + ... |
+| arguments.cs:50:18:50:18 | a | arguments.cs:55:21:55:21 | 1 |
+| arguments.cs:50:18:50:18 | a | arguments.cs:56:21:56:21 | 3 |
+| arguments.cs:50:18:50:18 | a | arguments.cs:59:14:59:14 | 8 |
+| arguments.cs:50:18:50:18 | a | arguments.cs:59:14:59:14 | 8 |
+| arguments.cs:50:18:50:18 | a | arguments.cs:60:14:60:15 | 10 |
+| arguments.cs:50:18:50:18 | a | arguments.cs:60:14:60:15 | 10 |
+| arguments.cs:50:18:50:18 | a | arguments.cs:62:21:62:22 | 15 |
+| arguments.cs:50:25:50:25 | b | arguments.cs:55:24:55:24 | 2 |
+| arguments.cs:50:25:50:25 | b | arguments.cs:56:24:56:24 | 4 |
+| arguments.cs:50:25:50:25 | b | arguments.cs:59:17:59:17 | 9 |
+| arguments.cs:50:25:50:25 | b | arguments.cs:59:17:59:17 | 9 |
+| arguments.cs:50:25:50:25 | b | arguments.cs:60:18:60:19 | 11 |
+| arguments.cs:50:25:50:25 | b | arguments.cs:60:18:60:19 | 11 |
+| arguments.cs:50:25:50:25 | b | arguments.cs:62:25:62:26 | 16 |
+| arguments.cs:50:44:50:46 | value | arguments.cs:56:34:56:34 | 6 |
+| arguments.cs:50:44:50:46 | value | arguments.cs:60:9:60:26 | ... + ... |

csharp/ql/test/query-tests/Nullness/NullMaybe.expected

@@ -443,8 +443,6 @@ nodes
 | NullAlwaysBad.cs:9:30:9:30 | access to parameter s |
 | NullMaybeBad.cs:7:27:7:27 | access to parameter o |
 | NullMaybeBad.cs:13:17:13:20 | null |
-| Params.cs:14:17:14:20 | access to parameter args |
-| Params.cs:20:12:20:15 | null |
 | StringConcatenation.cs:14:16:14:23 | SSA def(s) |
 | StringConcatenation.cs:15:16:15:16 | access to local variable s |
 | StringConcatenation.cs:16:17:16:17 | access to local variable s |
@@ -833,7 +831,6 @@ edges
 | GuardedString.cs:34:26:34:26 | 0 | GuardedString.cs:35:31:35:31 | access to local variable s |
 | NullAlwaysBad.cs:7:29:7:29 | SSA param(s) | NullAlwaysBad.cs:9:30:9:30 | access to parameter s |
 | NullMaybeBad.cs:13:17:13:20 | null | NullMaybeBad.cs:7:27:7:27 | access to parameter o |
-| Params.cs:20:12:20:15 | null | Params.cs:14:17:14:20 | access to parameter args |
 | StringConcatenation.cs:14:16:14:23 | SSA def(s) | StringConcatenation.cs:15:16:15:16 | access to local variable s |
 | StringConcatenation.cs:15:16:15:16 | access to local variable s | StringConcatenation.cs:16:17:16:17 | access to local variable s |
 #select
@@ -921,5 +918,4 @@ edges
 | E.cs:417:34:417:34 | access to parameter i | E.cs:417:24:417:40 | SSA capture def(i) | E.cs:417:34:417:34 | access to parameter i | Variable $@ may be null at this access because it has a nullable type. | E.cs:415:27:415:27 | i | i | E.cs:415:27:415:27 | i | this |
 | GuardedString.cs:35:31:35:31 | access to local variable s | GuardedString.cs:7:16:7:32 | SSA def(s) | GuardedString.cs:35:31:35:31 | access to local variable s | Variable $@ may be null at this access because of $@ assignment. | GuardedString.cs:7:16:7:16 | s | s | GuardedString.cs:7:16:7:32 | String s = ... | this |
 | NullMaybeBad.cs:7:27:7:27 | access to parameter o | NullMaybeBad.cs:13:17:13:20 | null | NullMaybeBad.cs:7:27:7:27 | access to parameter o | Variable $@ may be null at this access because of $@ null argument. | NullMaybeBad.cs:5:25:5:25 | o | o | NullMaybeBad.cs:13:17:13:20 | null | this |
-| Params.cs:14:17:14:20 | access to parameter args | Params.cs:20:12:20:15 | null | Params.cs:14:17:14:20 | access to parameter args | Variable $@ may be null at this access because of $@ null argument. | Params.cs:12:36:12:39 | args | args | Params.cs:20:12:20:15 | null | this |
 | StringConcatenation.cs:16:17:16:17 | access to local variable s | StringConcatenation.cs:14:16:14:23 | SSA def(s) | StringConcatenation.cs:16:17:16:17 | access to local variable s | Variable $@ may be null at this access because of $@ assignment. | StringConcatenation.cs:14:16:14:16 | s | s | StringConcatenation.cs:14:16:14:23 | String s = ... | this |

csharp/ql/test/query-tests/Nullness/Params.cs

@@ -1,22 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-
-public class Params
-{
-    public void M1(params string[] args)
-    {
-        var l = args.Length; // Good, true negative
-    }
-
-    public void M2(params string[] args)
-    {
-        var l = args.Length; // Good
-    }
-
-    public void M()
-    {
-        M1("a", "b", "c", null);
-        M2(null);
-    }
-}

csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs

@@ -21,8 +21,6 @@ public class LogForgingHandler : IHttpHandler
         logger.Warn(username + " logged in");
         // GOOD: New-lines removed
         logger.Warn(username.Replace(Environment.NewLine, "") + " logged in");
-        // GOOD: New-lines removed
-        logger.Warn(username.Replace(Environment.NewLine, "", StringComparison.InvariantCultureIgnoreCase) + " logged in");
         // GOOD: Html encoded
         logger.Warn(WebUtility.HtmlEncode(username) + " logged in");
         // BAD: Logged as-is to TraceSource

csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected

@@ -1,23 +1,23 @@
 edges
 | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:27:18:61 | access to indexer : String |
 | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:21:21:21:43 | ... + ... |
-| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:29:50:29:72 | ... + ... |
-| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:33:26:33:33 | access to local variable username |
+| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:27:50:27:72 | ... + ... |
+| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:31:26:31:33 | access to local variable username |
 | LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:21:21:21:43 | ... + ... |
-| LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:29:50:29:72 | ... + ... |
-| LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:33:26:33:33 | access to local variable username |
+| LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:27:50:27:72 | ... + ... |
+| LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:31:26:31:33 | access to local variable username |
 | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... |
 nodes
 | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
 | LogForging.cs:18:27:18:61 | access to indexer : String | semmle.label | access to indexer : String |
 | LogForging.cs:21:21:21:43 | ... + ... | semmle.label | ... + ... |
-| LogForging.cs:29:50:29:72 | ... + ... | semmle.label | ... + ... |
-| LogForging.cs:33:26:33:33 | access to local variable username | semmle.label | access to local variable username |
+| LogForging.cs:27:50:27:72 | ... + ... | semmle.label | ... + ... |
+| LogForging.cs:31:26:31:33 | access to local variable username | semmle.label | access to local variable username |
 | LogForgingAsp.cs:8:32:8:39 | username : String | semmle.label | username : String |
 | LogForgingAsp.cs:12:21:12:43 | ... + ... | semmle.label | ... + ... |
 subpaths
 #select
 | LogForging.cs:21:21:21:43 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:21:21:21:43 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
-| LogForging.cs:29:50:29:72 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:29:50:29:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
-| LogForging.cs:33:26:33:33 | access to local variable username | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:33:26:33:33 | access to local variable username | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
+| LogForging.cs:27:50:27:72 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:27:50:27:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
+| LogForging.cs:31:26:31:33 | access to local variable username | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:31:26:31:33 | access to local variable username | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
 | LogForgingAsp.cs:12:21:12:43 | ... + ... | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:8:32:8:39 | username | user-provided value |

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.2.rst

@@ -158,14 +158,6 @@ Dataflow Analysis
 
 *   The API for debugging flow using partial flow has changed slightly. Instead of using :code:`module Partial = FlowExploration<limit/0>` and choosing between :code:`Partial::partialFlow` and :code:`Partial::partialFlowRev`, you now choose between :code:`module Partial = FlowExplorationFwd<limit/0>` and :code:`module Partial = FlowExplorationRev<limit/0>`, and then always use :code:`Partial::partialFlow`.
 
-Minor Analysis Improvements
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Range Analysis
-""""""""""""""
-
-*   Initial release. Moves the range analysis library into its own qlpack.
-
 New Features
 ~~~~~~~~~~~~
 

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.3.rst

@@ -23,19 +23,20 @@ Bug Fixes
 ~~~~~~~~~
 
 *   Fixed an internal error in the compiler when arguments to the :code:`codePointCount` string primitive were not bound.
-*   Fixed a bug where :code:`codeql database finalize` would fail if a database under construction was moved between machines between :code:`codeql database init` and :code:`codeql database finalize`.
-    This should now work, as long as both commands are run by the same *release* of the CodeQL CLI and the extractors used are the ones bundled with the CLI.
+*   Fixed a bug where :code:`codeql database finalize` would fail if a database under construction was moved between machines between
+    :code:`codeql database init` and :code:`codeql database finalize`.  This should now work, as long as both commands are run by the same *release* of the CodeQL CLI and the extractors used are the ones bundled with the CLI.
 *   Fixed a bug where :code:`codeql database run-queries` would fail in some circumstances when the database path included an :code:`@`.
 
 New Features
 ~~~~~~~~~~~~
 
-*   :code:`codeql database analyze` now defaults to include markdown query help for all custom queries with help files available. To change the default behaviour you can pass the new flag :code:`--sarif-include-query-help`, which provides the options :code:`always` (which includes query help for all queries), :code:`custom_queries_only` (the default) and :code:`never` (which does not include query help for any query). The existing flag
-    :code:`--sarif-add-query-help` has been deprecated and will be removed in a future release.
+*   A new compilation flag (:code:`--fail-on-ambiguous-relation-name`) has been added to specify that compilation should fail if the compiler generates an ambiguous relation name.
 *   The new (advanced) command-line option :code:`--[no-]linkage-aware-import` disables the linkage-awareness phase of :code:`codeql dataset import`, as a quick fix (at the expense of database completeness) for C++ projects where this part of database creation consumes too much memory. This option is available in the commands :code:`database create`,
     :code:`database finalize`, :code:`database import`, :code:`dataset import`, :code:`test extract`, and
     :code:`test run`.
 *   The CodeQL language server now provides basic support for Rename, and you can now use the Rename Symbol functionality in Visual Studio Code for CodeQL. The current Rename support is less a refactoring tool and more a labor-saving device. You may have to perform some manual edits after using Rename, but it should still be faster and less work than renaming a symbol manually.
+*   :code:`codeql database analyze` now defaults to include markdown query help for all custom queries with help files available. To change the default behaviour you can pass the new flag :code:`--sarif-include-query-help`, which provides the options :code:`always` (which includes query help for all queries), :code:`custom_queries_only` (the default) and :code:`never` (which does not include query help for any query). The existing flag
+    :code:`--sarif-add-query-help` has been deprecated and will be removed in a future release.
 
 Improvements
 ~~~~~~~~~~~~
@@ -83,7 +84,7 @@ Swift
 """""
 
 *   Added new query "System command built from user-controlled sources" (:code:`swift/command-line-injection`) for Swift. This query detects system commands built from user-controlled sources without sufficient validation. The query was previously `contributed to the 'experimental' directory by @maikypedia <https://github.com/github/codeql/pull/13726>`__ but will now run by default for all code scanning users.
-*   Added a new query "Missing regular expression anchor" (:code:`swift/missing-regexp-anchor`) for Swift. This query detects regular expressions without anchors that can be vulnerable to bypassing.
+*   Added a nw query "Missing regular expression anchor" (:code:`swift/missing-regexp-anchor`) for Swift. This query detects regular expressions without anchors that can be vulnerable to bypassing.
 
 Query Metadata Changes
 ~~~~~~~~~~~~~~~~~~~~~~
@@ -91,8 +92,8 @@ Query Metadata Changes
 JavaScript/TypeScript
 """""""""""""""""""""
 
-*   Lower the security severity of log-injection to medium.
-*   Increase the security severity of XSS to high.
+*   Lower the severity of log-injection to medium.
+*   Increase the severity of XSS to high.
 
 Language Libraries
 ------------------
@@ -191,7 +192,7 @@ C#
 Golang
 """"""
 
-*   Added the `gin-contrib/cors <https://github.com/gin-contrib/cors>`__ library to the experimental query "CORS misconfiguration" (:code:`go/cors-misconfiguration`).
+*   Added the `gin cors <https://github.com/gin-contrib/cors>`__ library to the CorsMisconfiguration.ql query
 
 Java
 """"

docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.4.rst

@@ -1,115 +0,0 @@
-.. _codeql-cli-2.15.4:
-
-==========================
-CodeQL 2.15.4 (2023-12-11)
-==========================
-
-.. contents:: Contents
-   :depth: 2
-   :local:
-   :backlinks: none
-
-This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog <https://github.blog/tag/code-scanning/>`__, `relevant GitHub Changelog updates <https://github.blog/changelog/label/code-scanning/>`__, `changes in the CodeQL extension for Visual Studio Code <https://marketplace.visualstudio.com/items/GitHub.vscode-codeql/changelog>`__, and the `CodeQL Action changelog <https://github.com/github/codeql-action/blob/main/CHANGELOG.md>`__.
-
-CodeQL CLI
-----------
-
-Improvements
-~~~~~~~~~~~~
-
-*   Parallelism in the evaluator has been improved, resulting in faster analysis when running with many threads, particularly for large databases.
-
-Query Packs
------------
-
-Breaking Changes
-~~~~~~~~~~~~~~~~
-
-C/C++
-"""""
-
-*   The :code:`cpp/tainted-format-string-through-global` query has been deleted. This does not lead to a loss of relevant alerts, as the query duplicated a subset of the alerts from :code:`cpp/tainted-format-string`.
-
-Minor Analysis Improvements
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-C#
-""
-
-*   Modelled additional flow steps to track flow from a :code:`View` call in an MVC controller to the corresponding Razor View (:code:`.cshtml`) file, which may result in additional results for queries such as :code:`cs/web/xss`.
-
-JavaScript/TypeScript
-"""""""""""""""""""""
-
-*   Added django URLs to detected "safe" URL patterns in :code:`js/unsafe-external-link`.
-
-Swift
-"""""
-
-*   Added additional sinks for the "Uncontrolled format string" (:code:`swift/uncontrolled-format-string`) query. Some of these sinks are heuristic (imprecise) in nature.
-*   Added heuristic (imprecise) sinks for the "Database query built from user-controlled sources" (:code:`swift/sql-injection`) query.
-
-New Queries
-~~~~~~~~~~~
-
-C/C++
-"""""
-
-*   Added a new query, :code:`cpp/use-of-string-after-lifetime-ends`, to detect calls to :code:`c_str` on strings that will be destroyed immediately.
-
-Language Libraries
-------------------
-
-Bug Fixes
-~~~~~~~~~
-
-Golang
-""""""
-
-*   A bug has been fixed that meant that value flow through a slice expression was not tracked correctly. Taint flow was tracked correctly.
-
-Minor Analysis Improvements
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Java
-""""
-
-*   The diagnostic query :code:`java/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Java files, now considers any Java file seen during extraction, even one with some errors, to be extracted / scanned.
-*   Switch cases using binding patterns and :code:`case null[, default]` are now supported. Classes :code:`PatternCase` and :code:`NullDefaultCase` are introduced to represent new kinds of case statement.
-*   Both switch cases and instanceof expressions using record patterns are now supported. The new class :code:`RecordPatternExpr` is introduced to represent record patterns, and :code:`InstanceOfExpr` gains :code:`getPattern` to replace :code:`getLocalVariableDeclExpr`.
-*   The control-flow graph and therefore dominance information regarding switch blocks in statement context but with an expression rule (e.g. :code:`switch(...) { case 1 -> System.out.println("Hello world!") }`) has been fixed. This reduces false positives and negatives from various queries relating to functions featuring such statements.
-
-JavaScript/TypeScript
-"""""""""""""""""""""
-
-*   Added models for the :code:`sqlite` and :code:`better-sqlite3` npm packages.
-*   TypeScript 5.3 is now supported.
-
-Python
-""""""
-
-*   Added support for tarfile extraction filters as defined in `PEP-706 <https://peps.python.org/pep-0706>`__. In particular, calls to :code:`TarFile.extract`, and :code:`TarFile.extractall` are no longer considered to be sinks for the :code:`py/tarslip` query if a sufficiently safe filter is provided.
-*   Added modeling of :code:`*args` and :code:`**kwargs` as routed-parameters in request handlers for django/flask/FastAPI/tornado.
-*   Added support for type parameters in function and class definitions, as well as the new Python 3.12 type alias statement.
-*   Added taint-flow modeling for regular expressions with :code:`re` module from the standard library.
-
-Ruby
-""""
-
-*   Improved modeling for :code:`ActiveRecord`\ s :code:`update_all` method
-
-Swift
-"""""
-
-*   Extracts Swift's :code:`DiscardStmt` and :code:`MaterizliePackExpr`
-*   Expanded and improved flow models for :code:`Set` and :code:`Sequence`.
-*   Added imprecise flow sources matching initializers such as :code:`init(contentsOfFile:)`.
-*   Extracts :code:`MacroDecl` and some related information
-
-New Features
-~~~~~~~~~~~~
-
-C/C++
-"""""
-
-*   Added an :code:`isPrototyped` predicate to :code:`Function` that holds when the function has a prototype.

docs/codeql/codeql-overview/codeql-changelog/index.rst

@@ -9,7 +9,6 @@ This is an overview of changes in the CodeQL CLI and relevant CodeQL query and l
 .. toctree::
    :maxdepth: 1
 
-   codeql-cli-2.15.4
    codeql-cli-2.15.3
    codeql-cli-2.15.2
    codeql-cli-2.15.1

docs/codeql/reusables/supported-versions-compilers.rst

@@ -17,7 +17,7 @@
 
    .NET 5, .NET 6, .NET 7","``.sln``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``"
    Go (aka Golang), "Go up to 1.21", "Go 1.11 or more recent", ``.go``
-   Java,"Java 7 to 21 [5]_","javac (OpenJDK and Oracle JDK),
+   Java,"Java 7 to 20 [5]_","javac (OpenJDK and Oracle JDK),
 
    Eclipse compiler for Java (ECJ) [6]_",``.java``
    Kotlin [7]_,"Kotlin 1.5.0 to 1.9.20","kotlinc",``.kt``
@@ -33,7 +33,7 @@
     .. [2] Objective-C, Objective-C++, C++/CLI, and C++/CX are not supported.
     .. [3] Support for the clang-cl compiler is preliminary.
     .. [4] Support for the Arm Compiler (armcc) is preliminary.
-    .. [5] Builds that execute on Java 7 to 21 can be analyzed. The analysis understands Java 21 standard language features.
+    .. [5] Builds that execute on Java 7 to 20 can be analyzed. The analysis understands Java 20 standard language features.
     .. [6] ECJ is supported when the build invokes it via the Maven Compiler plugin or the Takari Lifecycle plugin.
     .. [7] Kotlin support is currently in beta.
     .. [8] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files.

go/ql/consistency-queries/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 0.0.5
-
-No user-facing changes.
-
 ## 0.0.4
 
 No user-facing changes.

go/ql/consistency-queries/change-notes/released/0.0.5.md

@@ -1,3 +0,0 @@
-## 0.0.5
-
-No user-facing changes.

go/ql/consistency-queries/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.4

go/ql/consistency-queries/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 0.0.5
+version: 0.0.5-dev
 groups:
   - go
   - queries

go/ql/lib/CHANGELOG.md

@@ -1,11 +1,3 @@
-## 0.7.6
-
-### Minor Analysis Improvements
-
-* The diagnostic query `go/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Go files, now considers any Go file seen during extraction, even one with some errors, to be extracted / scanned.
-* The XPath library, which is used for the XPath injection query (`go/xml/xpath-injection`), now includes support for `Parser` sinks from the [libxml2](https://github.com/lestrrat-go/libxml2) package.
-* `CallNode::getACallee` and related predicates now recognise more callees accessed via a function variable, in particular when the callee is stored into a global variable or is captured by an anonymous function. This may lead to new alerts where data-flow into such a callee is relevant.
-
 ## 0.7.5
 
 No user-facing changes.

go/ql/lib/change-notes/2023-12-08-find-more-callees-for-captured-functions.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* `CallNode::getACallee` and related predicates now recognise more callees accessed via a function variable, in particular when the callee is stored into a global variable or is captured by an anonymous function. This may lead to new alerts where data-flow into such a callee is relevant.

go/ql/lib/change-notes/2023-12-22-minor-analysis-xpath-libxml2.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The XPath library, which is used for the XPath injection query (`go/xml/xpath-injection`), now includes support for `Parser` sinks from the [libxml2](https://github.com/lestrrat-go/libxml2) package.

go/ql/lib/change-notes/2024-01-02-go-successfully-extracted.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The diagnostic query `go/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Go files, now considers any Go file seen during extraction, even one with some errors, to be extracted / scanned.

go/ql/lib/change-notes/released/0.7.6.md

@@ -1,7 +0,0 @@
-## 0.7.6
-
-### Minor Analysis Improvements
-
-* The diagnostic query `go/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Go files, now considers any Go file seen during extraction, even one with some errors, to be extracted / scanned.
-* The XPath library, which is used for the XPath injection query (`go/xml/xpath-injection`), now includes support for `Parser` sinks from the [libxml2](https://github.com/lestrrat-go/libxml2) package.
-* `CallNode::getACallee` and related predicates now recognise more callees accessed via a function variable, in particular when the callee is stored into a global variable or is captured by an anonymous function. This may lead to new alerts where data-flow into such a callee is relevant.

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.6
+lastReleaseVersion: 0.7.5

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.6
+version: 0.7.6-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/lib/semmle/go/controlflow/ControlFlowGraphImpl.qll

@@ -623,21 +623,13 @@ module CFG {
       not cmpl.isNormal()
     }
 
-    /**
-     * Holds if `succ` is a successor of `pred`, ignoring the execution of any
-     * deferred functions when a function ends.
-     */
-    pragma[nomagic]
-    predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
+    predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
       exists(int i |
         lastNode(this.getChildTreeRanked(i), pred, normalCompletion()) and
         firstNode(this.getChildTreeRanked(i + 1), succ)
       )
     }
 
-    /** Holds if `succ` is a successor of `pred`. */
-    predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) { this.succ0(pred, succ) }
-
     final ControlFlowTree getChildTreeRanked(int i) {
       exists(int j |
         result = this.getChildTree(j) and
@@ -735,9 +727,8 @@ module CFG {
       last = this.getNode() and cmpl = this.getCompletion()
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
-      super.succ0(pred, succ)
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
+      super.succ(pred, succ)
       or
       lastNode(this.getLastChildTree(), pred, normalCompletion()) and
       succ = this.getNode()
@@ -759,9 +750,8 @@ module CFG {
       cmpl = Done()
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
-      super.succ0(pred, succ)
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
+      super.succ(pred, succ)
       or
       pred = this.getNode() and
       firstNode(this.getFirstChildTree(), succ)
@@ -863,9 +853,8 @@ module CFG {
       cmpl = Done()
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
-      ControlFlowTree.super.succ0(pred, succ)
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
+      ControlFlowTree.super.succ(pred, succ)
       or
       exists(int i | lastNode(this.getLhs(i), pred, normalCompletion()) |
         firstNode(this.getLhs(i + 1), succ)
@@ -989,8 +978,7 @@ module CFG {
       )
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
       exists(Completion lcmpl |
         lastNode(this.getLeftOperand(), pred, lcmpl) and
         succ = this.getGuard(lcmpl.getOutcome())
@@ -1040,12 +1028,11 @@ module CFG {
       not result instanceof TypeExpr
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
       // interpose implicit argument destructuring nodes between last argument
       // and call itself; this is for cases like `f(g())` where `g` has multiple
       // results
-      exists(ControlFlow::Node mid | PostOrderTree.super.succ0(pred, mid) |
+      exists(ControlFlow::Node mid | PostOrderTree.super.succ(pred, mid) |
         if mid = this.getNode() then succ = this.getEpilogueNode(0) else succ = mid
       )
       or
@@ -1115,9 +1102,8 @@ module CFG {
       lastNode(this.getStmt(this.getNumStmt() - 1), last, cmpl)
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
-      ControlFlowTree.super.succ0(pred, succ)
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
+      ControlFlowTree.super.succ(pred, succ)
       or
       exists(int i |
         lastNode(this.getExpr(i), pred, normalCompletion()) and
@@ -1186,8 +1172,7 @@ module CFG {
       cmpl = Done()
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
       this.firstNode(pred) and
       succ = this.getElementStart(0)
       or
@@ -1265,8 +1250,7 @@ module CFG {
       cmpl = Done()
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
       lastNode(this.getInit(), pred, normalCompletion()) and
       firstNode(this.getCond(), succ)
       or
@@ -1297,8 +1281,7 @@ module CFG {
       (cmpl = Done() or cmpl = Panic())
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
       lastNode(this.getBase(), pred, normalCompletion()) and
       (
         succ = MkImplicitDeref(this.getBase())
@@ -1335,9 +1318,8 @@ module CFG {
 
     override predicate lastNode(ControlFlow::Node last, Completion cmpl) { none() }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
-      ControlFlowTree.super.succ0(pred, succ)
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
+      ControlFlowTree.super.succ(pred, succ)
       or
       pred = MkEntryNode(this) and
       firstNode(this.getDecl(0), succ)
@@ -1392,8 +1374,7 @@ module CFG {
       i = 5 and result = this.getBody()
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
       exists(int i, ControlFlowTree predTree, Completion cmpl |
         predTree = this.getChildTreeRanked(i) and
         lastNode(predTree, pred, cmpl) and
@@ -1459,14 +1440,13 @@ module CFG {
         // `defer` can be the first `defer` statement executed
         // there is always a predecessor node because the `defer`'s call is always
         // evaluated before the defer statement itself
-        MkDeferNode(defer) = succ0(notDeferSucc0*(this.getEntry()))
+        MkDeferNode(defer) = succ(notDeferSucc*(this.getEntry()))
       )
     }
 
     override predicate lastNode(ControlFlow::Node last, Completion cmpl) { none() }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
       exists(int i |
         pred = this.getPrologueNode(i) and
         succ = this.getPrologueNode(i + 1)
@@ -1480,19 +1460,10 @@ module CFG {
         firstNode(ls, succ)
       )
       or
-      exists(int i |
-        pred = this.getEpilogueNode(i) and
-        succ = this.getEpilogueNode(i + 1)
-      )
-    }
-
-    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
-      this.succ0(pred, succ)
-      or
       exists(Completion cmpl |
         lastNode(this.getBody(), pred, cmpl) and
         // last node of function body can be reached without going through a `defer` statement
-        pred = notDeferSucc0*(this.getEntry())
+        pred = notDeferSucc*(this.getEntry())
       |
         // panic goes directly to exit, non-panic reads result variables first
         if cmpl = Panic() then succ = MkExitNode(this) else succ = this.getEpilogueNode(0)
@@ -1502,7 +1473,7 @@ module CFG {
       exists(DeferStmt defer | defer = this.getADeferStmt() |
         succ = MkExprNode(defer.getCall()) and
         // the last `DeferStmt` executed before pred is this `defer`
-        pred = notDeferSucc0*(MkDeferNode(defer))
+        pred = notDeferSucc*(MkDeferNode(defer))
       )
       or
       exists(DeferStmt predDefer, DeferStmt succDefer |
@@ -1523,6 +1494,11 @@ module CFG {
         or
         succ = this.getEpilogueNode(0)
       )
+      or
+      exists(int i |
+        pred = this.getEpilogueNode(i) and
+        succ = this.getEpilogueNode(i + 1)
+      )
     }
   }
 
@@ -1540,8 +1516,7 @@ module CFG {
       cmpl = Done()
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
       lastNode(this.getOperand(), pred, normalCompletion()) and
       succ = MkImplicitOne(this)
       or
@@ -1572,8 +1547,7 @@ module CFG {
       not cmpl.isNormal()
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
       lastNode(this.getDomain(), pred, normalCompletion()) and
       succ = MkNextNode(this)
       or
@@ -1648,8 +1622,7 @@ module CFG {
 
     override Completion getCompletion() { result = Return() }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
       exists(int i |
         lastNode(this.getExpr(i), pred, normalCompletion()) and
         succ = this.complete(i)
@@ -1705,9 +1678,8 @@ module CFG {
       )
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
-      ControlFlowTree.super.succ0(pred, succ)
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
+      ControlFlowTree.super.succ(pred, succ)
       or
       exists(CommClause cc, int i, Stmt comm |
         cc = this.getNonDefaultCommClause(i) and
@@ -1805,8 +1777,7 @@ module CFG {
       cmpl = Done()
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
       exists(int i | pred = this.getStepWithRank(i) and succ = this.getStepWithRank(i + 1))
     }
 
@@ -1843,9 +1814,8 @@ module CFG {
       (cmpl = Done() or cmpl = Panic())
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
-      ControlFlowTree.super.succ0(pred, succ)
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
+      ControlFlowTree.super.succ(pred, succ)
       or
       not this = any(CommClause cc).getComm() and
       lastNode(this.getValue(), pred, normalCompletion()) and
@@ -1873,9 +1843,8 @@ module CFG {
       (cmpl = Done() or cmpl = Panic())
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
-      ControlFlowTree.super.succ0(pred, succ)
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
+      ControlFlowTree.super.succ(pred, succ)
       or
       lastNode(this.getBase(), pred, normalCompletion()) and
       (
@@ -1961,9 +1930,8 @@ module CFG {
       )
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
-      ControlFlowTree.super.succ0(pred, succ)
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
+      ControlFlowTree.super.succ(pred, succ)
       or
       lastNode(this.getInit(), pred, normalCompletion()) and
       (
@@ -2036,9 +2004,8 @@ module CFG {
       )
     }
 
-    pragma[nomagic]
-    override predicate succ0(ControlFlow::Node pred, ControlFlow::Node succ) {
-      ControlFlowTree.super.succ0(pred, succ)
+    override predicate succ(ControlFlow::Node pred, ControlFlow::Node succ) {
+      ControlFlowTree.super.succ(pred, succ)
       or
       not this = any(RecvStmt recv).getExpr() and
       lastNode(this.getOperand(), pred, normalCompletion()) and
@@ -2066,9 +2033,9 @@ module CFG {
   }
 
   /** Gets a successor of `nd` that is not a `defer` node */
-  private ControlFlow::Node notDeferSucc0(ControlFlow::Node nd) {
+  private ControlFlow::Node notDeferSucc(ControlFlow::Node nd) {
     not result = MkDeferNode(_) and
-    result = succ0(nd)
+    result = succ(nd)
   }
 
   /** Gets `defer` statements that can be the first defer statement after `nd` in the CFG */
@@ -2076,9 +2043,9 @@ module CFG {
     nd = MkDeferNode(_) and
     result = MkDeferNode(_) and
     (
-      result = succ0(nd)
+      result = succ(nd)
       or
-      result = succ0(notDeferSucc0+(nd))
+      result = succ(notDeferSucc+(nd))
     )
   }
 
@@ -2107,15 +2074,6 @@ module CFG {
     )
   }
 
-  /**
-   * Gets a successor of `nd`, that is, a node that is executed after `nd`,
-   * ignoring the execution of any deferred functions when a function ends.
-   */
-  pragma[nomagic]
-  private ControlFlow::Node succ0(ControlFlow::Node nd) {
-    any(ControlFlowTree tree).succ0(nd, result)
-  }
-
   /** Gets a successor of `nd`, that is, a node that is executed after `nd`. */
   cached
   ControlFlow::Node succ(ControlFlow::Node nd) { any(ControlFlowTree tree).succ(nd, result) }

go/ql/src/CHANGELOG.md

@@ -1,9 +1,3 @@
-## 0.7.6
-
-### Minor Analysis Improvements
-
-* There was a bug in the query `go/incorrect-integer-conversion` which meant that upper bound checks using a strict inequality (`<`) and comparing against `math.MaxInt` or `math.MaxUint` were not considered correctly, which led to false positives. This has now been fixed.
-
 ## 0.7.5
 
 No user-facing changes.

go/ql/src/change-notes/2023-12-17-incorrect-integer-conversion-fix.md

@@ -1,5 +1,4 @@
-## 0.7.6
-
-### Minor Analysis Improvements
-
+---
+category: minorAnalysis
+---
 * There was a bug in the query `go/incorrect-integer-conversion` which meant that upper bound checks using a strict inequality (`<`) and comparing against `math.MaxInt` or `math.MaxUint` were not considered correctly, which led to false positives. This has now been fixed.

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.6
+lastReleaseVersion: 0.7.5

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.6
+version: 0.7.6-dev
 groups:
   - go
   - queries

java/ql/automodel/src/CHANGELOG.md

@@ -1,11 +1,3 @@
-## 0.0.12
-
-No user-facing changes.
-
-## 0.0.11
-
-No user-facing changes.
-
 ## 0.0.10
 
 No user-facing changes.

java/ql/automodel/src/change-notes/released/0.0.11.md

@@ -1,3 +0,0 @@
-## 0.0.11
-
-No user-facing changes.

java/ql/automodel/src/change-notes/released/0.0.12.md

@@ -1,3 +0,0 @@
-## 0.0.12
-
-No user-facing changes.

java/ql/automodel/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.12
+lastReleaseVersion: 0.0.10

java/ql/automodel/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.12
+version: 0.0.11-dev
 groups:
     - java
     - automodel

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/buildless-fetches.expected

@@ -1,27 +0,0 @@
-https://repo.maven.apache.org/maven2/com/feiniaojin/naaf/naaf-graceful-response-example/1.0/naaf-graceful-response-example-1.0.jar
-https://repo.maven.apache.org/maven2/com/github/MoebiusSolutions/avro-registry-in-source/avro-registry-in-source-tests/1.8/avro-registry-in-source-tests-1.8.jar
-https://repo.maven.apache.org/maven2/com/github/MoebiusSolutions/avro-registry-in-source/example-project/1.5/example-project-1.5.jar
-https://repo.maven.apache.org/maven2/com/intuit/benten/benten-examples/0.1.5/benten-examples-0.1.5.jar
-https://repo.maven.apache.org/maven2/com/jakewharton/twirl/sample-runtime/1.2.0/sample-runtime-1.2.0.jar
-https://repo.maven.apache.org/maven2/com/mattunderscore/code/generation/specky/plugin-example/0.8.0/plugin-example-0.8.0.jar
-https://repo.maven.apache.org/maven2/com/microsoft/tang/tang-test-jarAB/0.9/tang-test-jarAB-0.9.jar
-https://repo.maven.apache.org/maven2/de/knutwalker/rx-redis-example_2.11/0.1.2/rx-redis-example_2.11-0.1.2.jar
-https://repo.maven.apache.org/maven2/de/knutwalker/rx-redis-java-example_2.11/0.1.2/rx-redis-java-example_2.11-0.1.2.jar
-https://repo.maven.apache.org/maven2/io/github/scrollsyou/example-spring-boot-starter/1.0.0/example-spring-boot-starter-1.0.0.jar
-https://repo.maven.apache.org/maven2/io/streamnative/com/example/maven-central-template/server/3.0.0/server-3.0.0.jar
-https://repo.maven.apache.org/maven2/no/nav/security/token-validation-ktor-demo/3.1.0/token-validation-ktor-demo-3.1.0.jar
-https://repo.maven.apache.org/maven2/org/minijax/minijax-example-fileupload/0.5.10/minijax-example-fileupload-0.5.10.jar
-https://repo.maven.apache.org/maven2/org/minijax/minijax-example-inject/0.5.10/minijax-example-inject-0.5.10.jar
-https://repo.maven.apache.org/maven2/org/minijax/minijax-example-json/0.5.10/minijax-example-json-0.5.10.jar
-https://repo.maven.apache.org/maven2/org/minijax/minijax-example-mustache/0.5.10/minijax-example-mustache-0.5.10.jar
-https://repo.maven.apache.org/maven2/org/minijax/minijax-example-petclinic/0.5.10/minijax-example-petclinic-0.5.10.jar
-https://repo.maven.apache.org/maven2/org/minijax/minijax-example-security/0.5.10/minijax-example-security-0.5.10.jar
-https://repo.maven.apache.org/maven2/org/minijax/minijax-example-ssl/0.5.10/minijax-example-ssl-0.5.10.jar
-https://repo.maven.apache.org/maven2/org/minijax/minijax-example-todo-backend/0.5.10/minijax-example-todo-backend-0.5.10.jar
-https://repo.maven.apache.org/maven2/org/minijax/minijax-example-websocket/0.5.10/minijax-example-websocket-0.5.10.jar
-https://repo.maven.apache.org/maven2/org/scalamock/scalamock-examples_2.10/3.6.0/scalamock-examples_2.10-3.6.0.jar
-https://repo.maven.apache.org/maven2/org/somda/sdc/glue-examples/4.0.0/glue-examples-4.0.0.jar
-https://repo.maven.apache.org/maven2/us/fatehi/schemacrawler-examplecode/16.20.2/schemacrawler-examplecode-16.20.2.jar
-https://repo1.maven.org/maven2/junit/junit/4.11/junit-4.11.jar
-https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.jar
-https://repo1.maven.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/diagnostics.expected

@@ -1,56 +0,0 @@
-{
-  "markdownMessage": "Java buildless mode used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
-  "severity": "unknown",
-  "source": {
-    "extractorName": "java",
-    "id": "java/autobuilder/buildless/using-build-tool-advice",
-    "name": "Java buildless mode used build tool Maven to pick a JDK version and/or to recommend external dependencies"
-  },
-  "visibility": {
-    "cliSummaryTable": true,
-    "statusPage": false,
-    "telemetry": true
-  }
-}
-{
-  "markdownMessage": "Java buildless mode used the system default JDK.",
-  "severity": "unknown",
-  "source": {
-    "extractorName": "java",
-    "id": "java/autobuilder/buildless/jdk-system-default",
-    "name": "Java buildless mode used the system default JDK"
-  },
-  "visibility": {
-    "cliSummaryTable": true,
-    "statusPage": false,
-    "telemetry": true
-  }
-}
-{
-  "markdownMessage": "Java was extracted in buildless mode. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
-  "severity": "note",
-  "source": {
-    "extractorName": "java",
-    "id": "java/autobuilder/buildless/mode-active",
-    "name": "Java was extracted in buildless mode"
-  },
-  "visibility": {
-    "cliSummaryTable": true,
-    "statusPage": true,
-    "telemetry": true
-  }
-}
-{
-  "markdownMessage": "Reading the dependency graph from Maven build files provided 3 classpath entries",
-  "severity": "unknown",
-  "source": {
-    "extractorName": "java",
-    "id": "java/autobuilder/buildless/depgraph-provided-by-maven",
-    "name": "Java buildless mode extracted precise dependency graph information from Maven"
-  },
-  "visibility": {
-    "cliSummaryTable": true,
-    "statusPage": false,
-    "telemetry": true
-  }
-}

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/pom.xml

@@ -1,83 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <modelVersion>4.0.0</modelVersion>
-
-  <groupId>com.example</groupId>
-  <artifactId>maven-sample</artifactId>
-  <version>1.0-SNAPSHOT</version>
-
-  <name>maven-sample</name>
-  <!-- FIXME change it to the project's website -->
-  <url>http://www.example.com</url>
-
-  <properties>
-    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <maven.compiler.source>1.7</maven.compiler.source>
-    <maven.compiler.target>1.7</maven.compiler.target>
-  </properties>
-
-  <dependencies>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>4.11</version>
-      <scope>test</scope>
-    </dependency>
-  </dependencies>
-
-  <build>
-    <pluginManagement>
-      <!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
-      <plugins>
-        <!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle -->
-        <plugin>
-          <artifactId>maven-clean-plugin</artifactId>
-          <version>3.1.0</version>
-        </plugin>
-        <!-- default lifecycle, jar packaging: see https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging -->
-        <plugin>
-          <artifactId>maven-resources-plugin</artifactId>
-          <version>3.0.2</version>
-        </plugin>
-        <plugin>
-          <artifactId>maven-compiler-plugin</artifactId>
-          <version>3.8.0</version>
-        </plugin>
-        <plugin>
-          <artifactId>maven-surefire-plugin</artifactId>
-          <version>2.22.1</version>
-        </plugin>
-        <plugin>
-          <artifactId>maven-jar-plugin</artifactId>
-          <version>3.0.2</version>
-        </plugin>
-        <plugin>
-          <artifactId>maven-install-plugin</artifactId>
-          <version>2.5.2</version>
-        </plugin>
-        <plugin>
-          <artifactId>maven-deploy-plugin</artifactId>
-          <version>2.8.2</version>
-        </plugin>
-        <!-- site lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#site_Lifecycle -->
-        <plugin>
-          <artifactId>maven-site-plugin</artifactId>
-          <version>3.7.1</version>
-        </plugin>
-        <plugin>
-          <artifactId>maven-project-info-reports-plugin</artifactId>
-          <version>3.0.0</version>
-        </plugin>
-      </plugins>
-    </pluginManagement>
-  </build>
-
-  <packaging>pom</packaging>
-
-  <modules>
-    <module>submod1</module>
-    <module>submod2</module>
-  </modules>
-
-</project>

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/submod1/pom.xml

@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <modelVersion>4.0.0</modelVersion>
-
-  <groupId>com.example</groupId>
-  <artifactId>submod1</artifactId>
-  <version>1.0-SNAPSHOT</version>
-
-  <name>maven-sample-submod1</name>
-  <!-- FIXME change it to the project's website -->
-  <url>http://www.example.com</url>
-
-  <parent>
-    <artifactId>maven-sample</artifactId>
-    <groupId>com.example</groupId>
-    <version>1.0-SNAPSHOT</version>
-  </parent>
-
-  <properties>
-    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <maven.compiler.source>1.7</maven.compiler.source>
-    <maven.compiler.target>1.7</maven.compiler.target>
-  </properties>
-
-</project>

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/submod1/src/main/java/com/example/App.java

@@ -1,30 +0,0 @@
-package com.example;
-
-import java.util.regex.Pattern;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-
-/**
- * Hello world!
- *
- */
-public class App 
-{
-    public static void main( String[] args )
-    {
-        System.out.println( "Hello World!" );
-        String expectedVersion = System.getenv("EXPECT_MAVEN");
-        Path mavenHome = Paths.get(System.getProperty("maven.home")).normalize();
-        String observedVersion = mavenHome.getFileName().toString();
-        if (expectedVersion != null && !expectedVersion.equals(observedVersion)) {
-                System.err.println("Wrong maven version, expected '" + expectedVersion + "' but got '" + observedVersion + "'" + mavenHome);
-                System.exit(1);
-        }
-        String commandMatcher = System.getenv("EXPECT_COMMAND_REGEX");
-        String command = System.getProperty("sun.java.command");
-        if (commandMatcher != null && !Pattern.matches(commandMatcher, command)) {
-                System.err.println("Wrong command line, '" + command + "' does not match '" + commandMatcher + "'");
-                System.exit(1);
-        }
-    }
-}

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/submod1/src/main/resources/my-app.properties

@@ -1 +0,0 @@
-version=1.0

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/submod1/src/main/resources/page.xml

@@ -1,8 +0,0 @@
-<html>
-<head>
-<title>A sample</title>
-</head>
-<body>
-<p>Hello world!</p>
-</body>
-</html>

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/submod1/src/main/resources/struts.xml

@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<struts>
-This is a sample file
-</struts>

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/submod1/src/test/java/com/example/AppTest.java

@@ -1,20 +0,0 @@
-package com.example;
-
-import static org.junit.Assert.assertTrue;
-
-import org.junit.Test;
-
-/**
- * Unit test for simple App.
- */
-public class AppTest 
-{
-    /**
-     * Rigorous Test :-)
-     */
-    @Test
-    public void shouldAnswerWithTrue()
-    {
-        assertTrue( true );
-    }
-}

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/submod2/pom.xml

@@ -1,53 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <modelVersion>4.0.0</modelVersion>
-
-  <groupId>com.example</groupId>
-  <artifactId>submod2</artifactId>
-  <version>1.0-SNAPSHOT</version>
-
-  <name>maven-sample-submod2</name>
-  <!-- FIXME change it to the project's website -->
-  <url>http://www.example.com</url>
-
-  <parent>
-    <artifactId>maven-sample</artifactId>
-    <groupId>com.example</groupId>
-    <version>1.0-SNAPSHOT</version>
-  </parent>
-
-  <properties>
-    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <maven.compiler.source>1.7</maven.compiler.source>
-    <maven.compiler.target>1.7</maven.compiler.target>
-  </properties>
-
-  <dependencies>
-
-    <!-- depend on sibling's main and test jars -->
-
-    <dependency>
-      <groupId>com.example</groupId>
-      <artifactId>submod1</artifactId>
-      <version>1.0-SNAPSHOT</version>
-      <scope>test</scope>
-      <type>test-jar</type>
-    </dependency>
-
-    <dependency>
-      <groupId>com.example</groupId>
-      <artifactId>submod1</artifactId>
-      <version>1.0-SNAPSHOT</version>
-    </dependency>
-
-    <!-- Add a module-specific dependency -->
-    <dependency>
-      <groupId>org.apache.commons</groupId>
-      <artifactId>commons-lang3</artifactId>
-      <version>3.14.0</version>
-    </dependency>
-
-  </dependencies>
-
-</project>

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/submod2/src/main/java/com/example/App2.java

@@ -1,30 +0,0 @@
-package com.example;
-
-import java.util.regex.Pattern;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-
-/**
- * Hello world!
- *
- */
-public class App2 
-{
-    public static void main( String[] args )
-    {
-        System.out.println( "Hello World!" );
-        String expectedVersion = System.getenv("EXPECT_MAVEN");
-        Path mavenHome = Paths.get(System.getProperty("maven.home")).normalize();
-        String observedVersion = mavenHome.getFileName().toString();
-        if (expectedVersion != null && !expectedVersion.equals(observedVersion)) {
-                System.err.println("Wrong maven version, expected '" + expectedVersion + "' but got '" + observedVersion + "'" + mavenHome);
-                System.exit(1);
-        }
-        String commandMatcher = System.getenv("EXPECT_COMMAND_REGEX");
-        String command = System.getProperty("sun.java.command");
-        if (commandMatcher != null && !Pattern.matches(commandMatcher, command)) {
-                System.err.println("Wrong command line, '" + command + "' does not match '" + commandMatcher + "'");
-                System.exit(1);
-        }
-    }
-}

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/submod2/src/main/resources/my-app.properties

@@ -1 +0,0 @@
-version=1.0

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/submod2/src/main/resources/page.xml

@@ -1,8 +0,0 @@
-<html>
-<head>
-<title>A sample</title>
-</head>
-<body>
-<p>Hello world!</p>
-</body>
-</html>

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/submod2/src/main/resources/struts.xml

@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<struts>
-This is a sample file
-</struts>

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/submod2/src/test/java/com/example/AppTest2.java

@@ -1,20 +0,0 @@
-package com.example;
-
-import static org.junit.Assert.assertTrue;
-
-import org.junit.Test;
-
-/**
- * Unit test for simple App.
- */
-public class AppTest2
-{
-    /**
-     * Rigorous Test :-)
-     */
-    @Test
-    public void shouldAnswerWithTrue()
-    {
-        assertTrue( true );
-    }
-}

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/test.expected

@@ -1,17 +0,0 @@
-#select
-| submod1/src/main/java/com/example/App.java:0:0:0:0 | App |
-| submod1/src/test/java/com/example/AppTest.java:0:0:0:0 | AppTest |
-| submod2/src/main/java/com/example/App2.java:0:0:0:0 | App2 |
-| submod2/src/test/java/com/example/AppTest2.java:0:0:0:0 | AppTest2 |
-xmlFiles
-| pom.xml:0:0:0:0 | pom.xml |
-| submod1/pom.xml:0:0:0:0 | submod1/pom.xml |
-| submod1/src/main/resources/page.xml:0:0:0:0 | submod1/src/main/resources/page.xml |
-| submod1/src/main/resources/struts.xml:0:0:0:0 | submod1/src/main/resources/struts.xml |
-| submod2/pom.xml:0:0:0:0 | submod2/pom.xml |
-| submod2/src/main/resources/page.xml:0:0:0:0 | submod2/src/main/resources/page.xml |
-| submod2/src/main/resources/struts.xml:0:0:0:0 | submod2/src/main/resources/struts.xml |
-propertiesFiles
-| submod1/src/main/resources/my-app.properties:0:0:0:0 | submod1/src/main/resources/my-app.properties |
-| submod2/src/main/resources/my-app.properties:0:0:0:0 | submod2/src/main/resources/my-app.properties |
-| test-db/log/ext/javac.properties:0:0:0:0 | test-db/log/ext/javac.properties |

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/test.py

@@ -1,8 +0,0 @@
-from create_database_utils import *
-from diagnostics_test_utils import *
-from buildless_test_utils import *
-
-run_codeql_database_create([], lang="java", extra_env={"CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS": "true", "CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_CLASSPATH_FROM_BUILD_FILES": "true"})
-
-check_diagnostics()
-check_buildless_fetches()

java/ql/integration-tests/all-platforms/java/buildless-maven-multimodule/test.ql

@@ -1,9 +0,0 @@
-import java
-
-from File f
-where f.isSourceFile()
-select f
-
-query predicate xmlFiles(XmlFile x) { any() }
-
-query predicate propertiesFiles(File f) { f.getExtension() = "properties" }