Fix British spelling: recognised -> recognized

Introduce two new Connection::InstanceSource subclasses in PEP249.qll:

- ConnectionGetterAttributeRead: recognises self._conn reads inside
  getter methods of classes whose __init__ stores a connect() call in
  that attribute. The AttrRead node coincides with the return node, so
  the existing TypeTracker returnStep propagates the connection type to
  all call sites automatically.

- ConnectionConstructorAttributeRead: recognises ClassName()._conn
  direct attribute reads on constructor-call results.

Both classes share the classStoresConnectionInInit helper predicate
that checks for the self.attr = dbapi.connect() store pattern in __init__.

Also adds test cases for the new patterns in the hdbcli test suite
and a change note.

actions/ql/examples/snippets/uses_pinned_sha.ql

@@ -8,5 +8,5 @@
 import actions
 
 from UsesStep uses
-where uses.getVersion().regexpMatch("^[A-Fa-f0-9]{40}$")
+where uses.getVersion().regexpMatch("^[A-Fa-f0-9]{40}([A-Fa-f0-9]{24})?$")
 select uses, "This 'uses' step has a pinned SHA version."

actions/ql/lib/change-notes/2026-05-12-improved-alphanumeric-regex.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$` which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.

actions/ql/lib/codeql/actions/Bash.qll

@@ -785,7 +785,22 @@ module Bash {
 
   /**
    * Holds if the given regex is used to match an alphanumeric string
-   * eg: `^[0-9a-zA-Z]{40}$`, `^[0-9]+$` or `^[a-zA-Z0-9_]+$`
+   * eg: `^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$`, `^[0-9]+$` or `^[a-zA-Z0-9_]+$`
    */
-  string alphaNumericRegex() { result = "^\\^\\[([09azAZ_-]+)\\](\\+|\\{\\d+\\})\\$$" }
+  string alphaNumericRegex() {
+    exists(string r1, string r2, string r3, string r4 |
+      // An alphanumeric character class
+      r1 = "\\[([09azAZ_-]+)\\]" and
+      // The same as above, followed by a quantifier like `+` or `{20}`
+      r2 = r1 + "(\\+|\\{\\d+\\})" and
+      // The same as above, possibly with parentheses around it
+      r3 = "\\(?" + r2 + "\\)?" and
+      // The same as above, possibly with a `?` after it
+      r4 = r3 + "\\??"
+    |
+      // The same as above, repeated one or more times, and with `^` at the
+      // beginning and `$` at the end
+      result = "^\\^(" + r4 + ")+\\$$"
+    )
+  }
 }

actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql

@@ -15,7 +15,9 @@ import actions
 import codeql.actions.security.UseOfUnversionedImmutableAction
 
 bindingset[version]
-private predicate isPinnedCommit(string version) { version.regexpMatch("^[A-Fa-f0-9]{40}$") }
+private predicate isPinnedCommit(string version) {
+  version.regexpMatch("^[A-Fa-f0-9]{40}([A-Fa-f0-9]{24})?$")
+}
 
 bindingset[nwo]
 private predicate isTrustedOwner(string nwo) {

actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.md

@@ -27,7 +27,7 @@ Certain triggers automatically grant a workflow elevated privileges:
   * An attacker forks the repository and adds malicious code (e.g., in the build script)
   * The attacker opens a PR from the fork, and, if needed, comments on the PR
   * The workflow in the base repository checks out the forked code
-  * The workflow runs, (e.g. the build script etc.), which contains the malicious code
+  * The workflow runs the malicious code
 
 Please note that not only build scripts can be malicious code vectors. There is a large number of other possibilities. Some of them are listed in the [LOTP](https://boostsecurityio.github.io/lotp/) catalog.
 
@@ -41,6 +41,8 @@ The best practice is to handle the potentially untrusted pull request via the **
 
 The artifacts downloaded from the first workflow should be considered untrusted and must be verified.
 
+Additionally, ensure that least privilege are used both at the workflow level (through event triggers and workflow permissions) and job level (through job permissions).
+
 ## Example
 
 ### Incorrect Usage
@@ -163,4 +165,5 @@ jobs:
 
 - GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).
 - Mitigating risks of untrusted checkout: [GitHub Docs](https://docs.github.com/en/enterprise-cloud@latest/actions/reference/security/secure-use#mitigating-the-risks-of-untrusted-code-checkout).
+- Securing with least privilege: [Workflow secure use](https://docs.github.com/en/actions/reference/security/secure-use).
 - Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/).

actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql

@@ -51,5 +51,6 @@ where
   event.getName() = checkoutTriggers() and
   not exists(ControlCheck check | check.protects(checkout, event, "untrusted-checkout")) and
   not exists(ControlCheck check | check.protects(poisonable, event, "untrusted-checkout"))
-select poisonable, checkout, poisonable,
-  "Potential execution of untrusted code on a privileged workflow ($@)", event, event.getName()
+select checkout, checkout, poisonable,
+  "Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@).",
+  event, event.getName()

actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.md

@@ -27,7 +27,7 @@ Certain triggers automatically grant a workflow elevated privileges:
   * An attacker forks the repository and adds malicious code (e.g., in the build script)
   * The attacker opens a PR from the fork, and, if needed, comments on the PR
   * The workflow in the base repository checks out the forked code
-  * The workflow runs, (e.g. the build script etc.), which contains the malicious code
+  * The workflow runs the malicious code
 
 Please note that not only build scripts can be malicious code vectors. There is a large number of other possibilities. Some of them are listed in the [LOTP](https://boostsecurityio.github.io/lotp/) catalog.
 
@@ -41,6 +41,8 @@ The best practice is to handle the potentially untrusted pull request via the **
 
 The artifacts downloaded from the first workflow should be considered untrusted and must be verified.
 
+Additionally, ensure that least privilege are used both at the workflow level (through event triggers and workflow permissions) and job level (through job permissions).
+
 ## Example
 
 ### Incorrect Usage
@@ -163,4 +165,5 @@ jobs:
 
 - GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).
 - Mitigating risks of untrusted checkout: [GitHub Docs](https://docs.github.com/en/enterprise-cloud@latest/actions/reference/security/secure-use#mitigating-the-risks-of-untrusted-code-checkout).
+- Securing with least privilege: [Workflow secure use](https://docs.github.com/en/actions/reference/security/secure-use).
 - Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/).

actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql

@@ -1,5 +1,5 @@
 /**
- * @name Checkout of untrusted code in privileged context without privileged context use
+ * @name Checkout of untrusted code in a privileged context
  * @description Privileged workflows have read/write access to the base repository and access to secrets.
  *              By explicitly checking out and running the build script from a fork the untrusted code is running in an environment
  *              that is able to push to the base repository and to access secrets.
@@ -42,5 +42,6 @@ where
     not event.getName() = "issue_comment" and
     not exists(ControlCheck check | check.protects(checkout, event, "untrusted-checkout"))
   )
-select checkout, "Potential execution of untrusted code on a privileged workflow ($@)", event,
-  event.getName()
+select checkout,
+  "Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@).",
+  event, event.getName()

actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.md

@@ -27,7 +27,7 @@ Certain triggers automatically grant a workflow elevated privileges:
   * An attacker forks the repository and adds malicious code (e.g., in the build script)
   * The attacker opens a PR from the fork, and, if needed, comments on the PR
   * The workflow in the base repository checks out the forked code
-  * The workflow runs, (e.g. the build script etc.), which contains the malicious code
+  * The workflow runs the malicious code
 
 Please note that not only build scripts can be malicious code vectors. There is a large number of other possibilities. Some of them are listed in the [LOTP](https://boostsecurityio.github.io/lotp/) catalog.
 
@@ -41,6 +41,8 @@ The best practice is to handle the potentially untrusted pull request via the **
 
 The artifacts downloaded from the first workflow should be considered untrusted and must be verified.
 
+Additionally, ensure that least privilege are used both at the workflow level (through event triggers and workflow permissions) and job level (through job permissions).
+
 ## Example
 
 ### Incorrect Usage
@@ -163,4 +165,5 @@ jobs:
 
 - GitHub Security Lab Research: [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/).
 - Mitigating risks of untrusted checkout: [GitHub Docs](https://docs.github.com/en/enterprise-cloud@latest/actions/reference/security/secure-use#mitigating-the-risks-of-untrusted-code-checkout).
+- Securing with least privilege: [Workflow secure use](https://docs.github.com/en/actions/reference/security/secure-use).
 - Living Off the Pipeline: [LOTP](https://boostsecurityio.github.io/lotp/).

actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.ql

@@ -1,5 +1,5 @@
 /**
- * @name Checkout of untrusted code in trusted context
+ * @name Checkout of untrusted code in a trusted context
  * @description Privileged workflows have read/write access to the base repository and access to secrets.
  *              By explicitly checking out and running the build script from a fork the untrusted code is running in an environment
  *              that is able to push to the base repository and to access secrets.

actions/ql/src/change-notes/2026-05-05-untrusted-checkout-high.md

@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Adjusted `actions/untrusted-checkout/critical` to align more with other untrusted resource queries, where the alert location is the location where the artifact is obtained from (the checkout point). This aligns with the other 2 related queries. This will cause the same alerts to re-open for closed alerts of this query.

actions/ql/src/change-notes/2026-05-12-sha256-pinned-actions.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `actions/unpinned-tag` query now recognizes 64-character SHA-256 commit hashes as properly pinned references, in addition to 40-character SHA-1 hashes.

actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-alert.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Altered the alert message for clarity for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`.

actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-helpfile.md

@@ -0,0 +1,4 @@
+---
+category: fix
+---
+* Adjusted (minor) help file descriptions for queries: `actions/untrusted-checkout/critical`, `actions/untrusted-checkout/high`, `actions/untrusted-checkout/medium`. Clarified wording on in minor point, added one more listed resource and added one more recommendation for things to check.

actions/ql/src/change-notes/2026-05-14-further-iteration-untrusted-checkout-improvements-metadata.md

@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* Reversed adjustment of the name of `actions/untrusted-checkout/high`, but kept the portion of the previous change for the word "trusted" to "privileged". Added a missing "a" to phrasing in `actions/untrusted-checkout/high` and `actions/untrusted-checkout/medium`.

actions/ql/test/query-tests/Security/CWE-829/.github/workflows/unpinned_tags.yml

@@ -11,3 +11,9 @@ jobs:
     - uses: foo/bar@25b062c917b0c75f8b47d8469aff6c94ffd89abb
     - uses: docker://foo/bar@latest
     - uses: docker://foo/bar@sha256:887a259a5a534f3c4f36cb02dca341673c6089431057242cdc931e9f133147e9
+    # SHA-256 pinned (64 hex chars) - should NOT be flagged
+    - uses: foo/bar@25b062c917b0c75f8b47d8469aff6c94ffd89abb25b062c917b0c75f8b47d84d
+    # SHA-1 pinned (40 hex chars) regression - should NOT be flagged
+    - uses: foo/bar@a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2
+    # Invalid 50-char hex string - should be flagged
+    - uses: foo/bar@a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2a1b2c3d4e5

actions/ql/test/query-tests/Security/CWE-829/UnpinnedActionsTag.expected

@@ -34,3 +34,4 @@
 | .github/workflows/test18.yml:37:21:37:63 | sonarsource/sonarcloud-github-action@master | Unpinned 3rd party Action 'Sonar' step $@ uses 'sonarsource/sonarcloud-github-action' with ref 'master', not a pinned commit hash | .github/workflows/test18.yml:36:15:40:58 | Uses Step | Uses Step |
 | .github/workflows/unpinned_tags.yml:10:13:10:22 | foo/bar@v1 | Unpinned 3rd party Action 'unpinned_tags.yml' step $@ uses 'foo/bar' with ref 'v1', not a pinned commit hash | .github/workflows/unpinned_tags.yml:10:7:11:4 | Uses Step | Uses Step |
 | .github/workflows/unpinned_tags.yml:12:13:12:35 | docker://foo/bar@latest | Unpinned 3rd party Action 'unpinned_tags.yml' step $@ uses 'docker://foo/bar' with ref 'latest', not a pinned commit hash | .github/workflows/unpinned_tags.yml:12:7:13:4 | Uses Step | Uses Step |
+| .github/workflows/unpinned_tags.yml:19:13:19:70 | foo/bar@a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2a1b2c3d4e5 | Unpinned 3rd party Action 'unpinned_tags.yml' step $@ uses 'foo/bar' with ref 'a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2a1b2c3d4e5', not a pinned commit hash | .github/workflows/unpinned_tags.yml:19:7:19:71 | Uses Step | Uses Step |

actions/ql/test/query-tests/Security/CWE-829/UntrustedCheckoutCritical.expected

@@ -312,7 +312,10 @@ edges
 | .github/workflows/unpinned_tags.yml:9:7:10:4 | Uses Step | .github/workflows/unpinned_tags.yml:10:7:11:4 | Uses Step |
 | .github/workflows/unpinned_tags.yml:10:7:11:4 | Uses Step | .github/workflows/unpinned_tags.yml:11:7:12:4 | Uses Step |
 | .github/workflows/unpinned_tags.yml:11:7:12:4 | Uses Step | .github/workflows/unpinned_tags.yml:12:7:13:4 | Uses Step |
-| .github/workflows/unpinned_tags.yml:12:7:13:4 | Uses Step | .github/workflows/unpinned_tags.yml:13:7:13:101 | Uses Step |
+| .github/workflows/unpinned_tags.yml:12:7:13:4 | Uses Step | .github/workflows/unpinned_tags.yml:13:7:15:4 | Uses Step |
+| .github/workflows/unpinned_tags.yml:13:7:15:4 | Uses Step | .github/workflows/unpinned_tags.yml:15:7:17:4 | Uses Step |
+| .github/workflows/unpinned_tags.yml:15:7:17:4 | Uses Step | .github/workflows/unpinned_tags.yml:17:7:19:4 | Uses Step |
+| .github/workflows/unpinned_tags.yml:17:7:19:4 | Uses Step | .github/workflows/unpinned_tags.yml:19:7:19:71 | Uses Step |
 | .github/workflows/untrusted_checkout2.yml:7:9:14:6 | Run Step: pr_number | .github/workflows/untrusted_checkout2.yml:14:9:19:72 | Run Step |
 | .github/workflows/untrusted_checkout3.yml:11:9:12:6 | Uses Step | .github/workflows/untrusted_checkout3.yml:12:9:13:6 | Uses Step |
 | .github/workflows/untrusted_checkout3.yml:12:9:13:6 | Uses Step | .github/actions/dangerous-git-checkout/action.yml:6:7:11:4 | Uses Step |
@@ -335,42 +338,42 @@ edges
 | .github/workflows/workflow_run_untrusted_checkout_2.yml:13:9:16:6 | Uses Step | .github/workflows/workflow_run_untrusted_checkout_2.yml:16:9:18:31 | Uses Step |
 | .github/workflows/workflow_run_untrusted_checkout_3.yml:13:9:16:6 | Uses Step | .github/workflows/workflow_run_untrusted_checkout_3.yml:16:9:18:31 | Uses Step |
 #select
-| .github/workflows/auto_ci.yml:32:9:37:6 | Run Step | .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:32:9:37:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target |
-| .github/workflows/auto_ci.yml:48:9:52:2 | Run Step | .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:48:9:52:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target |
-| .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target |
-| .github/workflows/auto_ci.yml:84:9:93:6 | Run Step | .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:84:9:93:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target |
-| .github/workflows/dependabot3.yml:25:9:48:6 | Run Step: set-milestone | .github/workflows/dependabot3.yml:15:9:20:6 | Uses Step | .github/workflows/dependabot3.yml:25:9:48:6 | Run Step: set-milestone | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/dependabot3.yml:3:5:3:23 | pull_request_target | pull_request_target |
-| .github/workflows/external/TestOrg/TestRepo/.github/workflows/reusable.yml:26:9:29:7 | Run Step | .github/workflows/external/TestOrg/TestRepo/.github/workflows/reusable.yml:23:9:26:6 | Uses Step | .github/workflows/external/TestOrg/TestRepo/.github/workflows/reusable.yml:26:9:29:7 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/reusable_caller1.yaml:4:3:4:21 | pull_request_target | pull_request_target |
-| .github/workflows/gitcheckout.yml:21:11:23:22 | Run Step | .github/workflows/gitcheckout.yml:10:11:18:8 | Run Step | .github/workflows/gitcheckout.yml:21:11:23:22 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/gitcheckout.yml:2:3:2:21 | pull_request_target | pull_request_target |
-| .github/workflows/label_trusted_checkout2.yml:17:7:21:4 | Run Step | .github/workflows/label_trusted_checkout2.yml:12:7:16:4 | Uses Step | .github/workflows/label_trusted_checkout2.yml:17:7:21:4 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/label_trusted_checkout2.yml:2:3:2:21 | pull_request_target | pull_request_target |
-| .github/workflows/level0.yml:107:9:112:2 | Run Step | .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:107:9:112:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/level0.yml:5:3:5:15 | issue_comment | issue_comment |
-| .github/workflows/level0.yml:107:9:112:2 | Run Step | .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:107:9:112:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/level0.yml:7:3:7:21 | pull_request_target | pull_request_target |
-| .github/workflows/level0.yml:133:9:135:23 | Run Step | .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:133:9:135:23 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/level0.yml:5:3:5:15 | issue_comment | issue_comment |
-| .github/workflows/level0.yml:133:9:135:23 | Run Step | .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:133:9:135:23 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/level0.yml:7:3:7:21 | pull_request_target | pull_request_target |
-| .github/workflows/poc2.yml:42:9:47:6 | Uses Step | .github/workflows/poc2.yml:37:9:42:6 | Uses Step | .github/workflows/poc2.yml:42:9:47:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/poc2.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/poc2.yml:52:9:58:24 | Run Step | .github/workflows/poc2.yml:37:9:42:6 | Uses Step | .github/workflows/poc2.yml:52:9:58:24 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/poc2.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/pr-workflow.yml:222:9:227:6 | Uses Step | .github/workflows/pr-workflow.yml:216:9:222:6 | Uses Step | .github/workflows/pr-workflow.yml:222:9:227:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
-| .github/workflows/pr-workflow.yml:256:9:261:6 | Uses Step | .github/workflows/pr-workflow.yml:250:9:256:6 | Uses Step | .github/workflows/pr-workflow.yml:256:9:261:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
-| .github/workflows/pr-workflow.yml:290:9:295:6 | Uses Step | .github/workflows/pr-workflow.yml:284:9:290:6 | Uses Step | .github/workflows/pr-workflow.yml:290:9:295:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
-| .github/workflows/pr-workflow.yml:391:9:395:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:391:9:395:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
-| .github/workflows/pr-workflow.yml:395:9:404:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:395:9:404:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
-| .github/workflows/pr-workflow.yml:404:9:414:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:404:9:414:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
-| .github/workflows/pr-workflow.yml:414:9:423:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:414:9:423:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
-| .github/workflows/pr-workflow.yml:423:9:432:2 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:423:9:432:2 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
-| .github/workflows/reusable_local.yml:26:9:29:7 | Run Step | .github/workflows/reusable_local.yml:23:9:26:6 | Uses Step | .github/workflows/reusable_local.yml:26:9:29:7 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/reusable_caller3.yaml:4:3:4:21 | pull_request_target | pull_request_target |
-| .github/workflows/test7.yml:33:9:36:6 | Run Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:33:9:36:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/test7.yml:36:9:39:6 | Run Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:36:9:39:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/test7.yml:49:9:59:6 | Run Step: benchmark-pr | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:49:9:59:6 | Run Step: benchmark-pr | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/test7.yml:59:9:60:6 | Run Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:59:9:60:6 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/test7.yml:60:9:60:37 | Run Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:60:9:60:37 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/test10.yml:25:9:30:2 | Run Step | .github/workflows/test10.yml:20:9:25:6 | Uses Step | .github/workflows/test10.yml:25:9:30:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test10.yml:8:3:8:21 | pull_request_target | pull_request_target |
-| .github/workflows/test11.yml:90:7:93:54 | Uses Step | .github/workflows/test11.yml:84:7:90:4 | Uses Step | .github/workflows/test11.yml:90:7:93:54 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test11.yml:5:3:5:15 | issue_comment | issue_comment |
-| .github/workflows/test17.yml:19:15:23:58 | Uses Step | .github/workflows/test17.yml:12:15:19:12 | Uses Step | .github/workflows/test17.yml:19:15:23:58 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test17.yml:3:5:3:16 | workflow_run | workflow_run |
-| .github/workflows/test27.yml:21:9:22:16 | Run Step | .github/workflows/test27.yml:18:9:21:6 | Uses Step | .github/workflows/test27.yml:21:9:22:16 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test26.yml:4:3:4:14 | workflow_run | workflow_run |
-| .github/workflows/test29.yml:14:7:21:11 | Uses Step | .github/workflows/test29.yml:8:7:14:4 | Uses Step | .github/workflows/test29.yml:14:7:21:11 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test29.yml:1:5:1:23 | pull_request_target | pull_request_target |
-| .github/workflows/untrusted_checkout3.yml:13:9:13:23 | Run Step | .github/actions/dangerous-git-checkout/action.yml:6:7:11:4 | Uses Step | .github/workflows/untrusted_checkout3.yml:13:9:13:23 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout3.yml:4:3:4:14 | workflow_run | workflow_run |
-| .github/workflows/untrusted_checkout4.yml:35:7:41:4 | Run Step | .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:35:7:41:4 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout4.yml:2:3:2:15 | issue_comment | issue_comment |
-| .github/workflows/untrusted_checkout4.yml:41:7:47:4 | Run Step | .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:41:7:47:4 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout4.yml:2:3:2:15 | issue_comment | issue_comment |
-| .github/workflows/untrusted_checkout4.yml:47:7:51:46 | Run Step | .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:47:7:51:46 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout4.yml:2:3:2:15 | issue_comment | issue_comment |
-| .github/workflows/untrusted_checkout.yml:15:9:18:2 | Run Step | .github/workflows/untrusted_checkout.yml:8:9:11:6 | Uses Step | .github/workflows/untrusted_checkout.yml:15:9:18:2 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout.yml:2:3:2:21 | pull_request_target | pull_request_target |
-| .github/workflows/untrusted_checkout.yml:30:9:32:23 | Run Step | .github/workflows/untrusted_checkout.yml:23:9:26:6 | Uses Step | .github/workflows/untrusted_checkout.yml:30:9:32:23 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout.yml:2:3:2:21 | pull_request_target | pull_request_target |
+| .github/actions/dangerous-git-checkout/action.yml:6:7:11:4 | Uses Step | .github/actions/dangerous-git-checkout/action.yml:6:7:11:4 | Uses Step | .github/workflows/untrusted_checkout3.yml:13:9:13:23 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/untrusted_checkout3.yml:4:3:4:14 | workflow_run | workflow_run |
+| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:32:9:37:6 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target |
+| .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:20:9:27:6 | Uses Step | .github/workflows/auto_ci.yml:48:9:52:2 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target |
+| .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:79:9:84:6 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target |
+| .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:67:9:74:6 | Uses Step | .github/workflows/auto_ci.yml:84:9:93:6 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/auto_ci.yml:6:3:6:21 | pull_request_target | pull_request_target |
+| .github/workflows/dependabot3.yml:15:9:20:6 | Uses Step | .github/workflows/dependabot3.yml:15:9:20:6 | Uses Step | .github/workflows/dependabot3.yml:25:9:48:6 | Run Step: set-milestone | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/dependabot3.yml:3:5:3:23 | pull_request_target | pull_request_target |
+| .github/workflows/external/TestOrg/TestRepo/.github/workflows/reusable.yml:23:9:26:6 | Uses Step | .github/workflows/external/TestOrg/TestRepo/.github/workflows/reusable.yml:23:9:26:6 | Uses Step | .github/workflows/external/TestOrg/TestRepo/.github/workflows/reusable.yml:26:9:29:7 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/reusable_caller1.yaml:4:3:4:21 | pull_request_target | pull_request_target |
+| .github/workflows/gitcheckout.yml:10:11:18:8 | Run Step | .github/workflows/gitcheckout.yml:10:11:18:8 | Run Step | .github/workflows/gitcheckout.yml:21:11:23:22 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/gitcheckout.yml:2:3:2:21 | pull_request_target | pull_request_target |
+| .github/workflows/label_trusted_checkout2.yml:12:7:16:4 | Uses Step | .github/workflows/label_trusted_checkout2.yml:12:7:16:4 | Uses Step | .github/workflows/label_trusted_checkout2.yml:17:7:21:4 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/label_trusted_checkout2.yml:2:3:2:21 | pull_request_target | pull_request_target |
+| .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:107:9:112:2 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/level0.yml:5:3:5:15 | issue_comment | issue_comment |
+| .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:99:9:103:6 | Uses Step | .github/workflows/level0.yml:107:9:112:2 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/level0.yml:7:3:7:21 | pull_request_target | pull_request_target |
+| .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:133:9:135:23 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/level0.yml:5:3:5:15 | issue_comment | issue_comment |
+| .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:125:9:129:6 | Uses Step | .github/workflows/level0.yml:133:9:135:23 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/level0.yml:7:3:7:21 | pull_request_target | pull_request_target |
+| .github/workflows/poc2.yml:37:9:42:6 | Uses Step | .github/workflows/poc2.yml:37:9:42:6 | Uses Step | .github/workflows/poc2.yml:42:9:47:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/poc2.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/poc2.yml:37:9:42:6 | Uses Step | .github/workflows/poc2.yml:37:9:42:6 | Uses Step | .github/workflows/poc2.yml:52:9:58:24 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/poc2.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/pr-workflow.yml:216:9:222:6 | Uses Step | .github/workflows/pr-workflow.yml:216:9:222:6 | Uses Step | .github/workflows/pr-workflow.yml:222:9:227:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
+| .github/workflows/pr-workflow.yml:250:9:256:6 | Uses Step | .github/workflows/pr-workflow.yml:250:9:256:6 | Uses Step | .github/workflows/pr-workflow.yml:256:9:261:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
+| .github/workflows/pr-workflow.yml:284:9:290:6 | Uses Step | .github/workflows/pr-workflow.yml:284:9:290:6 | Uses Step | .github/workflows/pr-workflow.yml:290:9:295:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
+| .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:391:9:395:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
+| .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:395:9:404:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
+| .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:404:9:414:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
+| .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:414:9:423:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
+| .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:386:9:391:6 | Uses Step | .github/workflows/pr-workflow.yml:423:9:432:2 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
+| .github/workflows/reusable_local.yml:23:9:26:6 | Uses Step | .github/workflows/reusable_local.yml:23:9:26:6 | Uses Step | .github/workflows/reusable_local.yml:26:9:29:7 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/reusable_caller3.yaml:4:3:4:21 | pull_request_target | pull_request_target |
+| .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:33:9:36:6 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:36:9:39:6 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:49:9:59:6 | Run Step: benchmark-pr | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:59:9:60:6 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:19:9:24:6 | Uses Step | .github/workflows/test7.yml:60:9:60:37 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/test7.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/test10.yml:20:9:25:6 | Uses Step | .github/workflows/test10.yml:20:9:25:6 | Uses Step | .github/workflows/test10.yml:25:9:30:2 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/test10.yml:8:3:8:21 | pull_request_target | pull_request_target |
+| .github/workflows/test11.yml:84:7:90:4 | Uses Step | .github/workflows/test11.yml:84:7:90:4 | Uses Step | .github/workflows/test11.yml:90:7:93:54 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/test11.yml:5:3:5:15 | issue_comment | issue_comment |
+| .github/workflows/test17.yml:12:15:19:12 | Uses Step | .github/workflows/test17.yml:12:15:19:12 | Uses Step | .github/workflows/test17.yml:19:15:23:58 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/test17.yml:3:5:3:16 | workflow_run | workflow_run |
+| .github/workflows/test27.yml:18:9:21:6 | Uses Step | .github/workflows/test27.yml:18:9:21:6 | Uses Step | .github/workflows/test27.yml:21:9:22:16 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/test26.yml:4:3:4:14 | workflow_run | workflow_run |
+| .github/workflows/test29.yml:8:7:14:4 | Uses Step | .github/workflows/test29.yml:8:7:14:4 | Uses Step | .github/workflows/test29.yml:14:7:21:11 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/test29.yml:1:5:1:23 | pull_request_target | pull_request_target |
+| .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:35:7:41:4 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/untrusted_checkout4.yml:2:3:2:15 | issue_comment | issue_comment |
+| .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:41:7:47:4 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/untrusted_checkout4.yml:2:3:2:15 | issue_comment | issue_comment |
+| .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:29:7:35:4 | Uses Step | .github/workflows/untrusted_checkout4.yml:47:7:51:46 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/untrusted_checkout4.yml:2:3:2:15 | issue_comment | issue_comment |
+| .github/workflows/untrusted_checkout.yml:8:9:11:6 | Uses Step | .github/workflows/untrusted_checkout.yml:8:9:11:6 | Uses Step | .github/workflows/untrusted_checkout.yml:15:9:18:2 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/untrusted_checkout.yml:2:3:2:21 | pull_request_target | pull_request_target |
+| .github/workflows/untrusted_checkout.yml:23:9:26:6 | Uses Step | .github/workflows/untrusted_checkout.yml:23:9:26:6 | Uses Step | .github/workflows/untrusted_checkout.yml:30:9:32:23 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/untrusted_checkout.yml:2:3:2:21 | pull_request_target | pull_request_target |

actions/ql/test/query-tests/Security/CWE-829/UntrustedCheckoutHigh.expected

@@ -1,23 +1,23 @@
-| .github/workflows/issue_comment_direct.yml:12:9:16:2 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/issue_comment_direct.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/issue_comment_direct.yml:20:9:24:2 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/issue_comment_direct.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/issue_comment_direct.yml:28:9:32:2 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/issue_comment_direct.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/issue_comment_direct.yml:35:9:40:2 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/issue_comment_direct.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/issue_comment_direct.yml:43:9:46:126 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/issue_comment_direct.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/issue_comment_heuristic.yml:28:9:33:2 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/issue_comment_heuristic.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/issue_comment_heuristic.yml:48:7:50:46 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/issue_comment_heuristic.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/issue_comment_octokit2.yml:27:9:31:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/issue_comment_octokit2.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/issue_comment_octokit.yml:26:9:30:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/issue_comment_octokit.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/issue_comment_octokit.yml:30:9:35:2 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/issue_comment_octokit.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/issue_comment_octokit.yml:57:9:62:2 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/issue_comment_octokit.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/issue_comment_octokit.yml:79:9:83:2 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/issue_comment_octokit.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/issue_comment_octokit.yml:95:9:100:2 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/issue_comment_octokit.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/issue_comment_octokit.yml:109:9:114:66 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/issue_comment_octokit.yml:4:3:4:15 | issue_comment | issue_comment |
-| .github/workflows/pr-workflow.yml:103:9:109:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
-| .github/workflows/pr-workflow.yml:139:9:144:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
-| .github/workflows/pr-workflow.yml:444:9:449:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
-| .github/workflows/test13.yml:20:7:25:4 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/test13.yml:2:3:2:15 | issue_comment | issue_comment |
-| .github/workflows/untrusted_checkout2.yml:14:9:19:72 | Run Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/untrusted_checkout2.yml:1:5:1:17 | issue_comment | issue_comment |
-| .github/workflows/workflow_run_untrusted_checkout.yml:13:9:16:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/workflow_run_untrusted_checkout.yml:2:3:2:14 | workflow_run | workflow_run |
-| .github/workflows/workflow_run_untrusted_checkout.yml:16:9:18:31 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/workflow_run_untrusted_checkout.yml:2:3:2:14 | workflow_run | workflow_run |
-| .github/workflows/workflow_run_untrusted_checkout_2.yml:13:9:16:6 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/workflow_run_untrusted_checkout_2.yml:2:3:2:14 | workflow_run | workflow_run |
-| .github/workflows/workflow_run_untrusted_checkout_2.yml:16:9:18:31 | Uses Step | Potential execution of untrusted code on a privileged workflow ($@) | .github/workflows/workflow_run_untrusted_checkout_2.yml:2:3:2:14 | workflow_run | workflow_run |
+| .github/workflows/issue_comment_direct.yml:12:9:16:2 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/issue_comment_direct.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/issue_comment_direct.yml:20:9:24:2 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/issue_comment_direct.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/issue_comment_direct.yml:28:9:32:2 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/issue_comment_direct.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/issue_comment_direct.yml:35:9:40:2 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/issue_comment_direct.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/issue_comment_direct.yml:43:9:46:126 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/issue_comment_direct.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/issue_comment_heuristic.yml:28:9:33:2 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/issue_comment_heuristic.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/issue_comment_heuristic.yml:48:7:50:46 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/issue_comment_heuristic.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/issue_comment_octokit2.yml:27:9:31:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/issue_comment_octokit2.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/issue_comment_octokit.yml:26:9:30:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/issue_comment_octokit.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/issue_comment_octokit.yml:30:9:35:2 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/issue_comment_octokit.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/issue_comment_octokit.yml:57:9:62:2 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/issue_comment_octokit.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/issue_comment_octokit.yml:79:9:83:2 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/issue_comment_octokit.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/issue_comment_octokit.yml:95:9:100:2 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/issue_comment_octokit.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/issue_comment_octokit.yml:109:9:114:66 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/issue_comment_octokit.yml:4:3:4:15 | issue_comment | issue_comment |
+| .github/workflows/pr-workflow.yml:103:9:109:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
+| .github/workflows/pr-workflow.yml:139:9:144:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
+| .github/workflows/pr-workflow.yml:444:9:449:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/pr-workflow-fork.yaml:7:3:7:21 | pull_request_target | pull_request_target |
+| .github/workflows/test13.yml:20:7:25:4 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/test13.yml:2:3:2:15 | issue_comment | issue_comment |
+| .github/workflows/untrusted_checkout2.yml:14:9:19:72 | Run Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/untrusted_checkout2.yml:1:5:1:17 | issue_comment | issue_comment |
+| .github/workflows/workflow_run_untrusted_checkout.yml:13:9:16:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/workflow_run_untrusted_checkout.yml:2:3:2:14 | workflow_run | workflow_run |
+| .github/workflows/workflow_run_untrusted_checkout.yml:16:9:18:31 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/workflow_run_untrusted_checkout.yml:2:3:2:14 | workflow_run | workflow_run |
+| .github/workflows/workflow_run_untrusted_checkout_2.yml:13:9:16:6 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/workflow_run_untrusted_checkout_2.yml:2:3:2:14 | workflow_run | workflow_run |
+| .github/workflows/workflow_run_untrusted_checkout_2.yml:16:9:18:31 | Uses Step | Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: $@). | .github/workflows/workflow_run_untrusted_checkout_2.yml:2:3:2:14 | workflow_run | workflow_run |

cpp/downgrades/837c4e02326aee4582405d069263092e80a15d82/upgrade.properties

@@ -0,0 +1,6 @@
+description: Support alias templates
+compatibility: full
+is_alias_template.rel: delete
+alias_instantiation.rel: delete
+alias_template_argument.rel: delete
+alias_template_argument_value.rel: delete

cpp/ql/lib/change-notes/2026-05-16-alias-template.md

@@ -0,0 +1,4 @@
+---
+category: feature
+---
+* Added `AliasTemplateType` and `AliasTemplateInstantiationType` classes, representing C++ alias templates and their instantiations.

cpp/ql/lib/change-notes/2026-05-18-alias-type.md

@@ -0,0 +1,4 @@
+---
+category: deprecated
+---
+* The `UsingAliasTypedefType` class has been deprecated. Use `TypeAliasType` instead.

cpp/ql/lib/semmle/code/cpp/Declaration.qll

@@ -278,6 +278,8 @@ class Declaration extends Locatable, @declaration {
     or
     variable_template_argument(underlyingElement(this), index, unresolveElement(result))
     or
+    alias_template_argument(underlyingElement(this), index, unresolveElement(result))
+    or
     template_template_argument(underlyingElement(this), index, unresolveElement(result))
     or
     concept_template_argument(underlyingElement(this), index, unresolveElement(result))
@@ -290,6 +292,8 @@ class Declaration extends Locatable, @declaration {
     or
     variable_template_argument_value(underlyingElement(this), index, unresolveElement(result))
     or
+    alias_template_argument_value(underlyingElement(this), index, unresolveElement(result))
+    or
     template_template_argument_value(underlyingElement(this), index, unresolveElement(result))
     or
     concept_template_argument_value(underlyingElement(this), index, unresolveElement(result))

cpp/ql/lib/semmle/code/cpp/Element.qll

@@ -278,6 +278,15 @@ private predicate isFromTemplateInstantiationRec(Element e, Element instantiatio
   instantiation.(Variable).isConstructedFrom(_) and
   e = instantiation
   or
+  instantiation.(TypeAliasType).isConstructedFrom(_) and
+  e = instantiation
+  or
+  instantiation.(TemplateTemplateParameterInstantiation).isConstructedFrom(_) and
+  e = instantiation
+  or
+  exists(instantiation.(ConceptIdExpr).getConcept()) and
+  e = instantiation
+  or
   isFromTemplateInstantiationRec(e.getEnclosingElement(), instantiation)
 }
 
@@ -291,6 +300,15 @@ private predicate isFromUninstantiatedTemplateRec(Element e, Element template) {
   is_variable_template(unresolveElement(template)) and
   e = template
   or
+  is_alias_template(unresolveElement(template)) and
+  e = template
+  or
+  usertypes(unresolveElement(template), _, 8) and // template template parameter
+  e = template
+  or
+  template instanceof @concept_template and
+  e = template
+  or
   isFromUninstantiatedTemplateRec(e.getEnclosingElement(), template)
 }
 

cpp/ql/lib/semmle/code/cpp/TypedefType.qll

@@ -64,23 +64,102 @@ class CTypedefType extends TypedefType {
 }
 
 /**
- * A using alias C++ typedef type.  For example the type declared in the following code:
+ * DEPRECATED: Use `TypeAlias` instead.
+ *
+ * A C++ type alias or alias template.
+ *
+ * For example the type declared in the following code:
  * ```
  * using my_int2 = int;
  * ```
  */
-class UsingAliasTypedefType extends TypedefType {
-  UsingAliasTypedefType() { usertype_alias_kind(underlyingElement(this), 1) }
+deprecated class UsingAliasTypedefType = TypeAliasType;
 
-  override string getAPrimaryQlClass() { result = "UsingAliasTypedefType" }
+/**
+ * A C++ type alias or alias template.
+ *
+ * For example the type declared in the following code:
+ * ```
+ * using my_int2 = int;
+ * ```
+ */
+class TypeAliasType extends TypedefType {
+  TypeAliasType() { usertype_alias_kind(underlyingElement(this), 1) }
+
+  override string getAPrimaryQlClass() { result = "TypeAliasType" }
 
   override string explain() {
     result = "using {" + this.getBaseType().explain() + "} as \"" + this.getName() + "\""
   }
+
+  /**
+   * Holds if this alias is constructed from another alias as a result of
+   * template instantiation.
+   */
+  predicate isConstructedFrom(TypeAliasType t) {
+    alias_instantiation(underlyingElement(this), unresolveElement(t))
+  }
 }
 
 /**
- * A C++ `typedef` type that is directly enclosed by a function.  For example the type declared inside the function `foo` in
+ * A C++ alias template.
+ *
+ * For example the type declared in the following code:
+ * ```
+ * template <typename T>
+ * using my_type = T;
+ * ```
+ */
+class AliasTemplateType extends TypeAliasType {
+  AliasTemplateType() { is_alias_template(underlyingElement(this)) }
+
+  override string getAPrimaryQlClass() { result = "AliasTemplateType" }
+
+  /**
+   * Gets an alias instantiated from this template.
+   *
+   * For example for `MyAliasTemplate<T>` in the following code, the results are
+   * `MyAliasTemplate<int>` and `MyAliasTemplate<long>`:
+   * ```
+   * template<typename T>
+   * using MyAliasTemplate = ...;
+   *
+   * MyAliasTemplate<int> instance1;
+   *
+   * MyAliasTemplate<long> instance2;
+   * ```
+   */
+  TypeAliasType getAnInstantiation() { result.isConstructedFrom(this) }
+}
+
+/**
+ * A C++ alias template instantiation.
+ *
+ * For example the `my_int_type` type declared in the following code:
+ * ```
+ * template <typename T>
+ * using my_type = T;
+ *
+ * using my_int_type = my_type<int>;
+ * ```
+ */
+class AliasTemplateInstantiationType extends TypeAliasType {
+  AliasTemplateType at;
+
+  AliasTemplateInstantiationType() { at.getAnInstantiation() = this }
+
+  override string getAPrimaryQlClass() { result = "AliasTemplateInstantiationType" }
+
+  /**
+   * Gets the alias template from which this instantiation was instantiated.
+   */
+  AliasTemplateType getTemplate() { result = at }
+}
+
+/**
+ * A C++ `typedef` type that is directly enclosed by a function.
+ *
+ * For example the type declared inside the function `foo` in
  * the following code:
  * ```
  * int foo(void) { typedef int local; }

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll

@@ -136,7 +136,9 @@ private module SourceVariables {
     NormalSourceVariable() { this = TNormalSourceVariable(base, ind) }
 
     final override string toString() {
-      result = repeatStars(this.getIndirection()) + base.toString()
+      if this.getIndirection() = 0
+      then result = "&" + base.toString()
+      else result = repeatStars(this.getIndirection() - 1) + base.toString()
     }
   }
 
@@ -157,7 +159,9 @@ private module SourceVariables {
     }
 
     final override string toString() {
-      result = repeatStars(this.getIndirection()) + base.toString() + " [before crement]"
+      if this.getIndirection() = 0
+      then result = "&" + base.toString() + " [before crement]"
+      else result = repeatStars(this.getIndirection() - 1) + base.toString() + " [before crement]"
     }
 
     /**
@@ -1353,6 +1357,52 @@ class PhiNode extends Definition instanceof SsaImpl::PhiNode {
   final predicate hasInputFromBlock(Definition input, IRBlock bb) {
     phiHasInputFromBlock(this, input, bb)
   }
+
+  override int getIndirection() { result = this.getSourceVariable().getIndirection() }
+
+  override predicate isCertain() {
+    // If this phi node is part of a phi cycle of phi nodes the least
+    // fixed-point semantics of datalog means we don't get the right answer.
+    // So we perform an SCC reduction to simulate greatest fixed-point semantics.
+    getCycle(this).isCertain()
+    or
+    // If there is no cycle we get the right semantics through traditional
+    // recursion.
+    not exists(getCycle(this)) and
+    forex(Definition inp | inp = this.getAnInput() | inp.isCertain())
+  }
+
+  final override Declaration getFunction() {
+    result = SsaImpl::PhiNode.super.getBasicBlock().getEnclosingFunction()
+  }
+}
+
+private PhiNode getAnInput(PhiNode phi) { result = phi.getAnInput() }
+
+private predicate sccEdge(PhiNode phi1, PhiNode phi2) {
+  getAnInput(phi1) = phi2 and getAnInput+(phi2) = phi1
+}
+
+private module PhiCycleEquivalence = QlBuiltins::EquivalenceRelation<PhiNode, sccEdge/2>;
+
+private PhiCycle getCycle(PhiNode phi) { result.getAPhiNode() = phi }
+
+private class PhiCycle extends PhiCycleEquivalence::EquivalenceClass {
+  PhiNode getAPhiNode() { PhiCycleEquivalence::getEquivalenceClass(result) = this }
+
+  predicate hasPhiNode(PhiNode phi) { this.getAPhiNode() = phi }
+
+  pragma[nomagic]
+  Definition getAnInput() {
+    result = this.getAPhiNode().getAnInput() and not this.hasPhiNode(result)
+  }
+
+  string toString() { result = strictconcat(this.getAPhiNode().toString(), ", ") }
+
+  predicate isCertain() {
+    // A phi cycle is certain if all of the inputs into the phi cycle is certain.
+    forex(Definition inp | inp = this.getAnInput() | inp.isCertain())
+  }
 }
 
 /** An static single assignment (SSA) definition. */

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll

@@ -147,7 +147,7 @@ abstract class Indirection extends Type {
    *
    * `certain` is `true` if this write is guaranteed to write to the address.
    */
-  predicate isAdditionalWrite(Node0Impl value, Operand address, boolean certain) { none() }
+  predicate isAdditionalWrite(Node0Impl value, Operand address, Certainty certain) { none() }
 
   /**
    * Gets the base type of this indirection, after specifiers have been deeply
@@ -198,11 +198,11 @@ private module IteratorIndirections {
       baseType = super.getValueType()
     }
 
-    override predicate isAdditionalWrite(Node0Impl value, Operand address, boolean certain) {
+    override predicate isAdditionalWrite(Node0Impl value, Operand address, Certainty certain) {
       exists(CallInstruction call | call.getArgumentOperand(0) = value.asOperand() |
         this = call.getStaticCallTarget().(Function).getClassAndName("operator=") and
         address = call.getThisArgumentOperand() and
-        certain = false
+        certain instanceof AlwaysUncertain
       )
     }
 
@@ -271,30 +271,62 @@ predicate isDereference(Instruction deref, Operand address, boolean additional)
   additional = false
 }
 
-predicate isWrite(Node0Impl value, Operand address, boolean certain) {
+private newtype TCertainty =
+  TCertainWhenAddressIsCertain() or
+  TAlwaysCertain() or
+  TAlwaysUncertain()
+
+abstract private class Certainty extends TCertainty {
+  abstract predicate isCertain(boolean addressIsCertain);
+
+  abstract string toString();
+}
+
+private class CertainWhenAddressIsCertain extends Certainty, TCertainWhenAddressIsCertain {
+  override predicate isCertain(boolean addressIsCertain) { addressIsCertain = true }
+
+  override string toString() { result = "CertainWhenAddressIsCertain" }
+}
+
+private class AlwaysCertain extends Certainty, TAlwaysCertain {
+  override predicate isCertain(boolean addressIsCertain) {
+    addressIsCertain = true or addressIsCertain = false
+  }
+
+  override string toString() { result = "AlwaysCertain" }
+}
+
+private class AlwaysUncertain extends Certainty, TAlwaysUncertain {
+  override predicate isCertain(boolean addressIsCertain) { none() }
+
+  override string toString() { result = "AlwaysUncertain" }
+}
+
+predicate isWrite(Node0Impl value, Operand address, Certainty certain) {
   any(Indirection ind).isAdditionalWrite(value, address, certain)
   or
-  certain = true and
-  (
-    exists(StoreInstruction store |
-      value.asInstruction() = store and
-      address = store.getDestinationAddressOperand()
-    )
-    or
-    exists(InitializeParameterInstruction init |
-      value.asInstruction() = init and
-      address = init.getAnOperand()
-    )
-    or
-    exists(InitializeDynamicAllocationInstruction init |
-      value.asInstruction() = init and
-      address = init.getAllocationAddressOperand()
-    )
-    or
-    exists(UninitializedInstruction uninitialized |
-      value.asInstruction() = uninitialized and
-      address = uninitialized.getAnOperand()
-    )
+  exists(StoreInstruction store |
+    value.asInstruction() = store and
+    address = store.getDestinationAddressOperand() and
+    certain instanceof CertainWhenAddressIsCertain
+  )
+  or
+  exists(InitializeParameterInstruction init |
+    value.asInstruction() = init and
+    address = init.getAnOperand() and
+    certain instanceof AlwaysCertain
+  )
+  or
+  exists(InitializeDynamicAllocationInstruction init |
+    value.asInstruction() = init and
+    address = init.getAllocationAddressOperand() and
+    certain instanceof AlwaysCertain
+  )
+  or
+  exists(UninitializedInstruction uninitialized |
+    value.asInstruction() = uninitialized and
+    address = uninitialized.getAnOperand() and
+    certain instanceof AlwaysCertain
   )
 }
 
@@ -718,16 +750,18 @@ private module Cached {
     int indirectionIndex
   ) {
     exists(
-      boolean writeIsCertain, boolean addressIsCertain, int ind0, CppType type, int lower, int upper
+      Certainty writeIsCertain, boolean addressIsCertain, int ind0, CppType type, int lower,
+      int upper
     |
       isWrite(value, address, writeIsCertain) and
       isDefImpl(address, base, ind0, addressIsCertain) and
-      certain = writeIsCertain.booleanAnd(addressIsCertain) and
       type = getLanguageType(address) and
       upper = countIndirectionsForCppType(type) and
       ind = ind0 + [lower .. upper] and
       indirectionIndex = ind - (ind0 + lower) and
       lower = getMinIndirectionsForType(any(Type t | type.hasUnspecifiedType(t, _)))
+    |
+      if writeIsCertain.isCertain(addressIsCertain) then certain = true else certain = false
     )
   }
 

cpp/ql/lib/semmle/code/cpp/models/implementations/Fopen.qll

@@ -11,7 +11,9 @@ private class Fopen extends Function, AliasFunction, SideEffectFunction, TaintFu
   Fopen() {
     this.hasGlobalOrStdName(["fopen", "fopen_s", "freopen"])
     or
-    this.hasGlobalName(["_open", "_wfopen", "_fsopen", "_wfsopen", "_wopen"])
+    this.hasGlobalName([
+        "_open", "_wfopen", "_fsopen", "_wfsopen", "_wopen", "_sopen_s", "_wsopen_s"
+      ])
   }
 
   override predicate hasOnlySpecificWriteSideEffects() { any() }
@@ -46,6 +48,10 @@ private class Fopen extends Function, AliasFunction, SideEffectFunction, TaintFu
     this.hasGlobalName(["_open", "_wopen"]) and
     i = 0 and
     buffer = true
+    or
+    this.hasGlobalName(["_sopen_s", "_wsopen_s"]) and
+    i = 1 and
+    buffer = true
   }
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
@@ -64,5 +70,9 @@ private class Fopen extends Function, AliasFunction, SideEffectFunction, TaintFu
     this.hasGlobalName(["_open", "_wopen"]) and
     input.isParameterDeref(0) and
     output.isReturnValue()
+    or
+    this.hasGlobalName(["_sopen_s", "_wsopen_s"]) and
+    input.isParameterDeref(1) and
+    output.isParameterDeref(0)
   }
 }

cpp/ql/lib/semmlecode.cpp.dbscheme

@@ -960,6 +960,22 @@ variable_template_argument_value(
     int arg_value: @expr ref
 );
 
+is_alias_template(unique int id: @usertype ref);
+alias_instantiation(
+    unique int to: @usertype ref,
+    int from: @usertype ref
+);
+alias_template_argument(
+    int variable_id: @usertype ref,
+    int index: int ref,
+    int arg_type: @type ref
+);
+alias_template_argument_value(
+    int variable_id: @usertype ref,
+    int index: int ref,
+    int arg_value: @expr ref
+);
+
 template_template_instantiation(
     int to: @usertype ref,
     int from: @usertype ref

cpp/ql/lib/upgrades/770002bb02322e04fa25345838ce6e82af285a0b/upgrade.properties

@@ -0,0 +1,2 @@
+description: Support alias templates
+compatibility: backwards

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.expected

@@ -21,11 +21,7 @@ edges
 | test.cpp:85:21:85:36 | buf | test.cpp:87:5:87:31 | access to array | provenance | Config |
 | test.cpp:85:21:85:36 | buf | test.cpp:88:5:88:27 | access to array | provenance | Config |
 | test.cpp:85:34:85:36 | buf | test.cpp:85:21:85:36 | buf | provenance |  |
-| test.cpp:92:9:92:11 | definition of arr | test.cpp:96:13:96:18 | access to array | provenance | Config |
 | test.cpp:96:13:96:15 | arr | test.cpp:96:13:96:18 | access to array | provenance | Config |
-| test.cpp:102:9:102:11 | definition of arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
-| test.cpp:102:9:102:11 | definition of arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
-| test.cpp:102:9:102:11 | definition of arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
 | test.cpp:111:17:111:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
 | test.cpp:111:17:111:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
 | test.cpp:111:17:111:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
@@ -35,55 +31,41 @@ edges
 | test.cpp:119:17:119:19 | arr | test.cpp:111:17:111:22 | access to array | provenance | Config |
 | test.cpp:119:17:119:19 | arr | test.cpp:115:35:115:40 | access to array | provenance | Config |
 | test.cpp:119:17:119:19 | arr | test.cpp:119:17:119:22 | access to array | provenance | Config |
-| test.cpp:125:11:125:13 | definition of arr | test.cpp:128:9:128:14 | access to array | provenance | Config |
 | test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | provenance | Config |
 | test.cpp:134:25:134:27 | arr | test.cpp:136:9:136:16 | ... += ... | provenance | Config |
 | test.cpp:136:9:136:16 | ... += ... | test.cpp:136:9:136:16 | ... += ... | provenance |  |
 | test.cpp:136:9:136:16 | ... += ... | test.cpp:138:13:138:15 | arr | provenance |  |
-| test.cpp:142:10:142:13 | definition of asdf | test.cpp:143:18:143:21 | asdf | provenance |  |
 | test.cpp:143:18:143:21 | asdf | test.cpp:134:25:134:27 | arr | provenance |  |
 | test.cpp:143:18:143:21 | asdf | test.cpp:143:18:143:21 | asdf | provenance |  |
 | test.cpp:146:26:146:26 | *p | test.cpp:147:4:147:9 | -- ... | provenance |  |
 | test.cpp:146:26:146:26 | *p | test.cpp:147:4:147:9 | -- ... | provenance |  |
-| test.cpp:154:7:154:9 | definition of buf | test.cpp:156:12:156:18 | ... + ... | provenance | Config |
 | test.cpp:156:12:156:14 | buf | test.cpp:156:12:156:18 | ... + ... | provenance | Config |
 | test.cpp:156:12:156:18 | ... + ... | test.cpp:156:12:156:18 | ... + ... | provenance |  |
 | test.cpp:156:12:156:18 | ... + ... | test.cpp:158:17:158:18 | *& ... | provenance |  |
 | test.cpp:158:17:158:18 | *& ... | test.cpp:146:26:146:26 | *p | provenance |  |
-| test.cpp:217:19:217:24 | definition of buffer | test.cpp:218:16:218:28 | buffer | provenance |  |
 | test.cpp:218:16:218:28 | buffer | test.cpp:220:5:220:11 | access to array | provenance | Config |
 | test.cpp:218:16:218:28 | buffer | test.cpp:221:5:221:11 | access to array | provenance | Config |
 | test.cpp:218:23:218:28 | buffer | test.cpp:218:16:218:28 | buffer | provenance |  |
-| test.cpp:228:10:228:14 | definition of array | test.cpp:229:17:229:29 | array | provenance |  |
 | test.cpp:229:17:229:29 | array | test.cpp:231:5:231:10 | access to array | provenance | Config |
 | test.cpp:229:17:229:29 | array | test.cpp:232:5:232:10 | access to array | provenance | Config |
 | test.cpp:229:25:229:29 | array | test.cpp:229:17:229:29 | array | provenance |  |
 | test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | Config |
 | test.cpp:245:30:245:30 | p | test.cpp:261:27:261:30 | access to array | provenance | Config |
-| test.cpp:273:19:273:25 | definition of buffer3 | test.cpp:274:14:274:20 | buffer3 | provenance |  |
 | test.cpp:274:14:274:20 | buffer3 | test.cpp:245:30:245:30 | p | provenance |  |
 | test.cpp:274:14:274:20 | buffer3 | test.cpp:274:14:274:20 | buffer3 | provenance |  |
 | test.cpp:277:35:277:35 | p | test.cpp:278:14:278:14 | p | provenance |  |
 | test.cpp:278:14:278:14 | p | test.cpp:245:30:245:30 | p | provenance |  |
-| test.cpp:282:19:282:25 | definition of buffer1 | test.cpp:283:19:283:25 | buffer1 | provenance |  |
 | test.cpp:283:19:283:25 | buffer1 | test.cpp:277:35:277:35 | p | provenance |  |
 | test.cpp:283:19:283:25 | buffer1 | test.cpp:283:19:283:25 | buffer1 | provenance |  |
-| test.cpp:285:19:285:25 | definition of buffer2 | test.cpp:286:19:286:25 | buffer2 | provenance |  |
 | test.cpp:286:19:286:25 | buffer2 | test.cpp:277:35:277:35 | p | provenance |  |
 | test.cpp:286:19:286:25 | buffer2 | test.cpp:286:19:286:25 | buffer2 | provenance |  |
-| test.cpp:288:19:288:25 | definition of buffer3 | test.cpp:289:19:289:25 | buffer3 | provenance |  |
 | test.cpp:289:19:289:25 | buffer3 | test.cpp:277:35:277:35 | p | provenance |  |
 | test.cpp:289:19:289:25 | buffer3 | test.cpp:289:19:289:25 | buffer3 | provenance |  |
 | test.cpp:292:25:292:27 | arr | test.cpp:299:16:299:21 | access to array | provenance | Config |
-| test.cpp:305:9:305:12 | definition of arr1 | test.cpp:306:20:306:23 | arr1 | provenance |  |
 | test.cpp:306:20:306:23 | arr1 | test.cpp:292:25:292:27 | arr | provenance |  |
 | test.cpp:306:20:306:23 | arr1 | test.cpp:306:20:306:23 | arr1 | provenance |  |
-| test.cpp:308:9:308:12 | definition of arr2 | test.cpp:309:20:309:23 | arr2 | provenance |  |
 | test.cpp:309:20:309:23 | arr2 | test.cpp:292:25:292:27 | arr | provenance |  |
 | test.cpp:309:20:309:23 | arr2 | test.cpp:309:20:309:23 | arr2 | provenance |  |
-| test.cpp:314:10:314:13 | definition of temp | test.cpp:319:19:319:27 | ... + ... | provenance | Config |
-| test.cpp:314:10:314:13 | definition of temp | test.cpp:322:19:322:27 | ... + ... | provenance | Config |
-| test.cpp:314:10:314:13 | definition of temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
 | test.cpp:319:13:319:27 | ... = ... | test.cpp:325:24:325:26 | end | provenance |  |
 | test.cpp:319:19:319:22 | temp | test.cpp:319:19:319:27 | ... + ... | provenance | Config |
 | test.cpp:319:19:319:22 | temp | test.cpp:324:23:324:32 | ... + ... | provenance | Config |
@@ -133,40 +115,33 @@ nodes
 | test.cpp:85:34:85:36 | buf | semmle.label | buf |
 | test.cpp:87:5:87:31 | access to array | semmle.label | access to array |
 | test.cpp:88:5:88:27 | access to array | semmle.label | access to array |
-| test.cpp:92:9:92:11 | definition of arr | semmle.label | definition of arr |
 | test.cpp:96:13:96:15 | arr | semmle.label | arr |
 | test.cpp:96:13:96:18 | access to array | semmle.label | access to array |
-| test.cpp:102:9:102:11 | definition of arr | semmle.label | definition of arr |
 | test.cpp:111:17:111:19 | arr | semmle.label | arr |
 | test.cpp:111:17:111:22 | access to array | semmle.label | access to array |
 | test.cpp:115:35:115:37 | arr | semmle.label | arr |
 | test.cpp:115:35:115:40 | access to array | semmle.label | access to array |
 | test.cpp:119:17:119:19 | arr | semmle.label | arr |
 | test.cpp:119:17:119:22 | access to array | semmle.label | access to array |
-| test.cpp:125:11:125:13 | definition of arr | semmle.label | definition of arr |
 | test.cpp:128:9:128:11 | arr | semmle.label | arr |
 | test.cpp:128:9:128:14 | access to array | semmle.label | access to array |
 | test.cpp:134:25:134:27 | arr | semmle.label | arr |
 | test.cpp:136:9:136:16 | ... += ... | semmle.label | ... += ... |
 | test.cpp:136:9:136:16 | ... += ... | semmle.label | ... += ... |
 | test.cpp:138:13:138:15 | arr | semmle.label | arr |
-| test.cpp:142:10:142:13 | definition of asdf | semmle.label | definition of asdf |
 | test.cpp:143:18:143:21 | asdf | semmle.label | asdf |
 | test.cpp:143:18:143:21 | asdf | semmle.label | asdf |
 | test.cpp:146:26:146:26 | *p | semmle.label | *p |
 | test.cpp:147:4:147:9 | -- ... | semmle.label | -- ... |
 | test.cpp:147:4:147:9 | -- ... | semmle.label | -- ... |
-| test.cpp:154:7:154:9 | definition of buf | semmle.label | definition of buf |
 | test.cpp:156:12:156:14 | buf | semmle.label | buf |
 | test.cpp:156:12:156:18 | ... + ... | semmle.label | ... + ... |
 | test.cpp:156:12:156:18 | ... + ... | semmle.label | ... + ... |
 | test.cpp:158:17:158:18 | *& ... | semmle.label | *& ... |
-| test.cpp:217:19:217:24 | definition of buffer | semmle.label | definition of buffer |
 | test.cpp:218:16:218:28 | buffer | semmle.label | buffer |
 | test.cpp:218:23:218:28 | buffer | semmle.label | buffer |
 | test.cpp:220:5:220:11 | access to array | semmle.label | access to array |
 | test.cpp:221:5:221:11 | access to array | semmle.label | access to array |
-| test.cpp:228:10:228:14 | definition of array | semmle.label | definition of array |
 | test.cpp:229:17:229:29 | array | semmle.label | array |
 | test.cpp:229:25:229:29 | array | semmle.label | array |
 | test.cpp:231:5:231:10 | access to array | semmle.label | access to array |
@@ -174,29 +149,22 @@ nodes
 | test.cpp:245:30:245:30 | p | semmle.label | p |
 | test.cpp:245:30:245:30 | p | semmle.label | p |
 | test.cpp:261:27:261:30 | access to array | semmle.label | access to array |
-| test.cpp:273:19:273:25 | definition of buffer3 | semmle.label | definition of buffer3 |
 | test.cpp:274:14:274:20 | buffer3 | semmle.label | buffer3 |
 | test.cpp:274:14:274:20 | buffer3 | semmle.label | buffer3 |
 | test.cpp:277:35:277:35 | p | semmle.label | p |
 | test.cpp:278:14:278:14 | p | semmle.label | p |
-| test.cpp:282:19:282:25 | definition of buffer1 | semmle.label | definition of buffer1 |
 | test.cpp:283:19:283:25 | buffer1 | semmle.label | buffer1 |
 | test.cpp:283:19:283:25 | buffer1 | semmle.label | buffer1 |
-| test.cpp:285:19:285:25 | definition of buffer2 | semmle.label | definition of buffer2 |
 | test.cpp:286:19:286:25 | buffer2 | semmle.label | buffer2 |
 | test.cpp:286:19:286:25 | buffer2 | semmle.label | buffer2 |
-| test.cpp:288:19:288:25 | definition of buffer3 | semmle.label | definition of buffer3 |
 | test.cpp:289:19:289:25 | buffer3 | semmle.label | buffer3 |
 | test.cpp:289:19:289:25 | buffer3 | semmle.label | buffer3 |
 | test.cpp:292:25:292:27 | arr | semmle.label | arr |
 | test.cpp:299:16:299:21 | access to array | semmle.label | access to array |
-| test.cpp:305:9:305:12 | definition of arr1 | semmle.label | definition of arr1 |
 | test.cpp:306:20:306:23 | arr1 | semmle.label | arr1 |
 | test.cpp:306:20:306:23 | arr1 | semmle.label | arr1 |
-| test.cpp:308:9:308:12 | definition of arr2 | semmle.label | definition of arr2 |
 | test.cpp:309:20:309:23 | arr2 | semmle.label | arr2 |
 | test.cpp:309:20:309:23 | arr2 | semmle.label | arr2 |
-| test.cpp:314:10:314:13 | definition of temp | semmle.label | definition of temp |
 | test.cpp:319:13:319:27 | ... = ... | semmle.label | ... = ... |
 | test.cpp:319:19:319:22 | temp | semmle.label | temp |
 | test.cpp:319:19:319:27 | ... + ... | semmle.label | ... + ... |
@@ -221,25 +189,14 @@ subpaths
 | test.cpp:72:5:72:15 | PointerAdd: access to array | test.cpp:79:32:79:34 | buf | test.cpp:72:5:72:15 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:72:5:72:19 | Store: ... = ... | write |
 | test.cpp:77:27:77:44 | PointerAdd: access to array | test.cpp:77:32:77:34 | buf | test.cpp:66:32:66:32 | p | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:67:5:67:10 | Store: ... = ... | write |
 | test.cpp:88:5:88:27 | PointerAdd: access to array | test.cpp:85:34:85:36 | buf | test.cpp:88:5:88:27 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:15:9:15:11 | buf | buf | test.cpp:88:5:88:31 | Store: ... = ... | write |
-| test.cpp:128:9:128:14 | PointerAdd: access to array | test.cpp:125:11:125:13 | definition of arr | test.cpp:128:9:128:14 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:125:11:125:13 | arr | arr | test.cpp:128:9:128:18 | Store: ... = ... | write |
 | test.cpp:128:9:128:14 | PointerAdd: access to array | test.cpp:128:9:128:11 | arr | test.cpp:128:9:128:14 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:125:11:125:13 | arr | arr | test.cpp:128:9:128:18 | Store: ... = ... | write |
-| test.cpp:136:9:136:16 | PointerAdd: ... += ... | test.cpp:142:10:142:13 | definition of asdf | test.cpp:138:13:138:15 | arr | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:142:10:142:13 | asdf | asdf | test.cpp:138:12:138:15 | Load: * ... | read |
 | test.cpp:136:9:136:16 | PointerAdd: ... += ... | test.cpp:143:18:143:21 | asdf | test.cpp:138:13:138:15 | arr | This pointer arithmetic may have an off-by-2 error allowing it to overrun $@ at this $@. | test.cpp:142:10:142:13 | asdf | asdf | test.cpp:138:12:138:15 | Load: * ... | read |
-| test.cpp:156:12:156:18 | PointerAdd: ... + ... | test.cpp:154:7:154:9 | definition of buf | test.cpp:147:4:147:9 | -- ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:154:7:154:9 | buf | buf | test.cpp:147:3:147:13 | Store: ... = ... | write |
-| test.cpp:156:12:156:18 | PointerAdd: ... + ... | test.cpp:154:7:154:9 | definition of buf | test.cpp:147:4:147:9 | -- ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:154:7:154:9 | buf | buf | test.cpp:147:3:147:13 | Store: ... = ... | write |
 | test.cpp:156:12:156:18 | PointerAdd: ... + ... | test.cpp:156:12:156:14 | buf | test.cpp:147:4:147:9 | -- ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:154:7:154:9 | buf | buf | test.cpp:147:3:147:13 | Store: ... = ... | write |
 | test.cpp:156:12:156:18 | PointerAdd: ... + ... | test.cpp:156:12:156:14 | buf | test.cpp:147:4:147:9 | -- ... | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:154:7:154:9 | buf | buf | test.cpp:147:3:147:13 | Store: ... = ... | write |
-| test.cpp:221:5:221:11 | PointerAdd: access to array | test.cpp:217:19:217:24 | definition of buffer | test.cpp:221:5:221:11 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:217:19:217:24 | buffer | buffer | test.cpp:221:5:221:15 | Store: ... = ... | write |
 | test.cpp:221:5:221:11 | PointerAdd: access to array | test.cpp:218:23:218:28 | buffer | test.cpp:221:5:221:11 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:217:19:217:24 | buffer | buffer | test.cpp:221:5:221:15 | Store: ... = ... | write |
-| test.cpp:232:5:232:10 | PointerAdd: access to array | test.cpp:228:10:228:14 | definition of array | test.cpp:232:5:232:10 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:228:10:228:14 | array | array | test.cpp:232:5:232:19 | Store: ... = ... | write |
 | test.cpp:232:5:232:10 | PointerAdd: access to array | test.cpp:229:25:229:29 | array | test.cpp:232:5:232:10 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:228:10:228:14 | array | array | test.cpp:232:5:232:19 | Store: ... = ... | write |
-| test.cpp:261:27:261:30 | PointerAdd: access to array | test.cpp:285:19:285:25 | definition of buffer2 | test.cpp:261:27:261:30 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:285:19:285:25 | buffer2 | buffer2 | test.cpp:261:27:261:30 | Load: access to array | read |
 | test.cpp:261:27:261:30 | PointerAdd: access to array | test.cpp:286:19:286:25 | buffer2 | test.cpp:261:27:261:30 | access to array | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:285:19:285:25 | buffer2 | buffer2 | test.cpp:261:27:261:30 | Load: access to array | read |
-| test.cpp:299:16:299:21 | PointerAdd: access to array | test.cpp:308:9:308:12 | definition of arr2 | test.cpp:299:16:299:21 | access to array | This pointer arithmetic may have an off-by-1014 error allowing it to overrun $@ at this $@. | test.cpp:308:9:308:12 | arr2 | arr2 | test.cpp:299:16:299:21 | Load: access to array | read |
 | test.cpp:299:16:299:21 | PointerAdd: access to array | test.cpp:309:20:309:23 | arr2 | test.cpp:299:16:299:21 | access to array | This pointer arithmetic may have an off-by-1014 error allowing it to overrun $@ at this $@. | test.cpp:308:9:308:12 | arr2 | arr2 | test.cpp:299:16:299:21 | Load: access to array | read |
-| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:314:10:314:13 | definition of temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:330:13:330:24 | Store: ... = ... | write |
-| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:314:10:314:13 | definition of temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:331:13:331:24 | Store: ... = ... | write |
-| test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:314:10:314:13 | definition of temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:333:13:333:24 | Store: ... = ... | write |
 | test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:322:19:322:22 | temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:330:13:330:24 | Store: ... = ... | write |
 | test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:322:19:322:22 | temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:331:13:331:24 | Store: ... = ... | write |
 | test.cpp:322:19:322:27 | PointerAdd: ... + ... | test.cpp:322:19:322:22 | temp | test.cpp:325:24:325:26 | end | This pointer arithmetic may have an off-by-1 error allowing it to overrun $@ at this $@. | test.cpp:314:10:314:13 | temp | temp | test.cpp:333:13:333:24 | Store: ... = ... | write |

cpp/ql/test/library-tests/dataflow/certain/test.cpp

@@ -0,0 +1,82 @@
+void use(...);
+
+void test1() {
+  int x = 0; // $ certain="SSA def(&x)" certain="SSA def(x)"
+  use(x);
+
+  x = 1; // $ certain="SSA def(x)"
+  use(x);
+
+  int* p = &x; // $ certain="SSA def(&p)" certain="SSA def(p)" certain="SSA def(*p)"
+  use(p);
+
+  *p = 2; // $ certain="SSA def(*p)"
+  use(p);
+
+  p = nullptr; // $ certain="SSA def(p)" certain="SSA def(*p)"
+  use(p);
+
+  *p = 2; // $ uncertain="SSA def(*p)"
+  use(p);
+}
+
+void test2(bool b) { // $ certain="SSA def(&b)" certain="SSA def(b)"
+  {
+  int x; // $ certain="SSA def(&x)" 
+  if(b) {
+    x = 0; // $ certain="SSA def(x)"
+  } else {
+    x = 1; // $ certain="SSA def(x)"
+  }
+  use(x); // $ certain="SSA phi(x)"
+  }
+
+  {
+  int x; // $ certain="SSA def(&x)" certain="SSA def(x)"
+  if(b) {
+    x = 0; // $ certain="SSA def(x)"
+  } else {
+  
+  }
+  use(x); // $ certain="SSA phi(x)"
+  }
+
+  {
+  int x; // $ certain="SSA def(&x)" certain="SSA def(x)"
+  int* p = &x; // $ certain="SSA def(&p)" certain="SSA def(p)" certain="SSA def(*p)"
+  if(b) {
+    *p = 0; // $ certain="SSA def(*p)"
+  } else {
+    *(p + 1) = 1; // $ uncertain="SSA def(*p)"
+  }
+  use(p); // $ uncertain="SSA phi(*p)"
+  }
+  
+}
+
+void test3(bool b) { // $ certain="SSA def(&b)" certain="SSA def(b)"
+  for(int i = 0; i < 10;) { // $ certain="SSA def(&i)" certain="SSA def(i)" certain="SSA phi(i)"
+    if(b) {
+      ++i; // $ certain="SSA def(i)"
+    }
+    use(i); // $ certain="SSA phi(i)"
+  }
+}
+
+void test(int x, bool b1, bool b2) { // $ certain="SSA def(&x)" certain="SSA def(x)" certain="SSA def(&b1)" certain="SSA def(b1)" certain="SSA def(&b2)" certain="SSA def(b2)"
+  int* p = &x; // $ certain="SSA def(&p)" certain="SSA def(p)" certain="SSA def(*p)" 
+  int i = 0; // $ certain="SSA def(&i)" certain="SSA def(i)"
+  int j = 0; // $ certain="SSA def(&j)" certain="SSA def(j)"
+  while (i < 10) { // $ certain="SSA phi(i)" certain="SSA phi(*p)"
+  if (b1) {
+    *p = 0; // $ certain="SSA def(*p)" 
+  }
+  ++i; // $ certain="SSA def(i)" certain="SSA phi(*p)"
+  }
+  while (j < 10) { // $ uncertain="SSA phi(*p)" certain="SSA phi(j)"
+    if (b2) {
+      *(p + j) = 0; // $ uncertain="SSA def(*p)"
+    }
+    ++j; // $ certain="SSA def(j)" uncertain="SSA phi(*p)"
+  }
+}

cpp/ql/test/library-tests/dataflow/certain/test.ql

@@ -0,0 +1,22 @@
+import cpp
+import utils.test.InlineExpectationsTest
+import semmle.code.cpp.dataflow.new.DataFlow::DataFlow
+
+bindingset[s]
+string quote(string s) { if s.matches("% %") then result = "\"" + s + "\"" else result = s }
+
+module AsDefinitionTest implements TestSig {
+  string getARelevantTag() { result = ["certain", "uncertain"] }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(Ssa::Definition d |
+      location = d.getLocation() and
+      element = d.toString() and
+      value = quote(d.toString())
+    |
+      if d.isCertain() then tag = "certain" else tag = "uncertain"
+    )
+  }
+}
+
+import MakeTest<AsDefinitionTest>

cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected

@@ -143,6 +143,7 @@ postWithInFlow
 | test.cpp:1153:5:1153:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1165:5:1165:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
 | test.cpp:1195:5:1195:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
+| test.cpp:1337:5:1337:13 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
 viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition

cpp/ql/test/library-tests/dataflow/dataflow-tests/localFlow-ir.expected

@@ -65,52 +65,52 @@
 | test.cpp:8:8:8:9 | t1 | test.cpp:9:8:9:9 | t1 |
 | test.cpp:9:8:9:9 | t1 | test.cpp:11:7:11:8 | t1 |
 | test.cpp:9:8:9:9 | t1 | test.cpp:11:7:11:8 | t1 |
-| test.cpp:10:8:10:9 | t2 | test.cpp:11:7:11:8 | [input] SSA phi read(t2) |
-| test.cpp:10:8:10:9 | t2 | test.cpp:11:7:11:8 | [input] SSA phi(*t2) |
+| test.cpp:10:8:10:9 | t2 | test.cpp:11:7:11:8 | [input] SSA phi read(&t2) |
+| test.cpp:10:8:10:9 | t2 | test.cpp:11:7:11:8 | [input] SSA phi(t2) |
 | test.cpp:10:8:10:9 | t2 | test.cpp:13:10:13:11 | t2 |
-| test.cpp:11:7:11:8 | [input] SSA phi read(t2) | test.cpp:15:8:15:9 | t2 |
-| test.cpp:11:7:11:8 | [input] SSA phi(*t2) | test.cpp:15:8:15:9 | t2 |
+| test.cpp:11:7:11:8 | [input] SSA phi read(&t2) | test.cpp:15:8:15:9 | t2 |
+| test.cpp:11:7:11:8 | [input] SSA phi(t2) | test.cpp:15:8:15:9 | t2 |
 | test.cpp:11:7:11:8 | t1 | test.cpp:21:8:21:9 | t1 |
 | test.cpp:12:5:12:10 | ... = ... | test.cpp:13:10:13:11 | t2 |
 | test.cpp:12:10:12:10 | 0 | test.cpp:12:5:12:10 | ... = ... |
 | test.cpp:13:10:13:11 | t2 | test.cpp:15:8:15:9 | t2 |
 | test.cpp:13:10:13:11 | t2 | test.cpp:15:8:15:9 | t2 |
-| test.cpp:15:8:15:9 | t2 | test.cpp:23:15:23:16 | [input] SSA phi read(*t2) |
+| test.cpp:15:8:15:9 | t2 | test.cpp:23:15:23:16 | [input] SSA phi read(&t2) |
 | test.cpp:15:8:15:9 | t2 | test.cpp:23:15:23:16 | [input] SSA phi read(t2) |
 | test.cpp:17:3:17:8 | ... = ... | test.cpp:21:8:21:9 | t1 |
 | test.cpp:17:8:17:8 | 0 | test.cpp:17:3:17:8 | ... = ... |
-| test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | SSA phi read(t1) |
-| test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | SSA phi(*t1) |
+| test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | SSA phi read(&t1) |
+| test.cpp:21:8:21:9 | t1 | test.cpp:23:19:23:19 | SSA phi(t1) |
 | test.cpp:23:15:23:16 | 0 | test.cpp:23:15:23:16 | 0 |
-| test.cpp:23:15:23:16 | 0 | test.cpp:23:19:23:19 | SSA phi(*i) |
-| test.cpp:23:15:23:16 | [input] SSA phi read(*t2) | test.cpp:23:19:23:19 | SSA phi read(*t2) |
+| test.cpp:23:15:23:16 | 0 | test.cpp:23:19:23:19 | SSA phi(i) |
+| test.cpp:23:15:23:16 | [input] SSA phi read(&t2) | test.cpp:23:19:23:19 | SSA phi read(&t2) |
 | test.cpp:23:15:23:16 | [input] SSA phi read(t2) | test.cpp:23:19:23:19 | SSA phi read(t2) |
-| test.cpp:23:19:23:19 | SSA phi read(*t2) | test.cpp:24:10:24:11 | t2 |
-| test.cpp:23:19:23:19 | SSA phi read(i) | test.cpp:23:19:23:19 | i |
-| test.cpp:23:19:23:19 | SSA phi read(t1) | test.cpp:23:23:23:24 | t1 |
+| test.cpp:23:19:23:19 | SSA phi read(&i) | test.cpp:23:19:23:19 | i |
+| test.cpp:23:19:23:19 | SSA phi read(&t1) | test.cpp:23:23:23:24 | t1 |
+| test.cpp:23:19:23:19 | SSA phi read(&t2) | test.cpp:24:10:24:11 | t2 |
 | test.cpp:23:19:23:19 | SSA phi read(t2) | test.cpp:24:10:24:11 | t2 |
-| test.cpp:23:19:23:19 | SSA phi(*i) | test.cpp:23:19:23:19 | i |
-| test.cpp:23:19:23:19 | SSA phi(*t1) | test.cpp:23:23:23:24 | t1 |
+| test.cpp:23:19:23:19 | SSA phi(i) | test.cpp:23:19:23:19 | i |
+| test.cpp:23:19:23:19 | SSA phi(t1) | test.cpp:23:23:23:24 | t1 |
 | test.cpp:23:19:23:19 | i | test.cpp:23:27:23:27 | i |
 | test.cpp:23:19:23:19 | i | test.cpp:23:27:23:27 | i |
-| test.cpp:23:23:23:24 | t1 | test.cpp:23:27:23:29 | [input] SSA phi read(t1) |
+| test.cpp:23:23:23:24 | t1 | test.cpp:23:27:23:29 | [input] SSA phi read(&t1) |
 | test.cpp:23:23:23:24 | t1 | test.cpp:26:8:26:9 | t1 |
 | test.cpp:23:23:23:24 | t1 | test.cpp:26:8:26:9 | t1 |
 | test.cpp:23:27:23:27 | *i | test.cpp:23:27:23:27 | *i |
 | test.cpp:23:27:23:27 | *i | test.cpp:23:27:23:27 | i |
 | test.cpp:23:27:23:27 | i | test.cpp:23:27:23:27 | i |
 | test.cpp:23:27:23:27 | i | test.cpp:23:27:23:27 | i |
-| test.cpp:23:27:23:27 | i | test.cpp:23:27:23:29 | [input] SSA phi read(i) |
+| test.cpp:23:27:23:27 | i | test.cpp:23:27:23:29 | [input] SSA phi read(&i) |
 | test.cpp:23:27:23:29 | ... ++ | test.cpp:23:27:23:29 | ... ++ |
-| test.cpp:23:27:23:29 | ... ++ | test.cpp:23:27:23:29 | [input] SSA phi(*i) |
-| test.cpp:23:27:23:29 | [input] SSA phi read(*t2) | test.cpp:23:19:23:19 | SSA phi read(*t2) |
-| test.cpp:23:27:23:29 | [input] SSA phi read(i) | test.cpp:23:19:23:19 | SSA phi read(i) |
-| test.cpp:23:27:23:29 | [input] SSA phi read(t1) | test.cpp:23:19:23:19 | SSA phi read(t1) |
+| test.cpp:23:27:23:29 | ... ++ | test.cpp:23:27:23:29 | [input] SSA phi(i) |
+| test.cpp:23:27:23:29 | [input] SSA phi read(&i) | test.cpp:23:19:23:19 | SSA phi read(&i) |
+| test.cpp:23:27:23:29 | [input] SSA phi read(&t1) | test.cpp:23:19:23:19 | SSA phi read(&t1) |
+| test.cpp:23:27:23:29 | [input] SSA phi read(&t2) | test.cpp:23:19:23:19 | SSA phi read(&t2) |
 | test.cpp:23:27:23:29 | [input] SSA phi read(t2) | test.cpp:23:19:23:19 | SSA phi read(t2) |
-| test.cpp:23:27:23:29 | [input] SSA phi(*i) | test.cpp:23:19:23:19 | SSA phi(*i) |
-| test.cpp:23:27:23:29 | [input] SSA phi(*t1) | test.cpp:23:19:23:19 | SSA phi(*t1) |
-| test.cpp:24:5:24:11 | ... = ... | test.cpp:23:27:23:29 | [input] SSA phi(*t1) |
-| test.cpp:24:10:24:11 | t2 | test.cpp:23:27:23:29 | [input] SSA phi read(*t2) |
+| test.cpp:23:27:23:29 | [input] SSA phi(i) | test.cpp:23:19:23:19 | SSA phi(i) |
+| test.cpp:23:27:23:29 | [input] SSA phi(t1) | test.cpp:23:19:23:19 | SSA phi(t1) |
+| test.cpp:24:5:24:11 | ... = ... | test.cpp:23:27:23:29 | [input] SSA phi(t1) |
+| test.cpp:24:10:24:11 | t2 | test.cpp:23:27:23:29 | [input] SSA phi read(&t2) |
 | test.cpp:24:10:24:11 | t2 | test.cpp:23:27:23:29 | [input] SSA phi read(t2) |
 | test.cpp:24:10:24:11 | t2 | test.cpp:24:5:24:11 | ... = ... |
 | test.cpp:382:48:382:54 | source1 | test.cpp:384:16:384:23 | *& ... |

cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected

@@ -171,6 +171,7 @@ astFlow
 | test.cpp:1312:7:1312:12 | call to source | test.cpp:1313:8:1313:24 | ... ? ... : ... |
 | test.cpp:1312:7:1312:12 | call to source | test.cpp:1314:8:1314:8 | x |
 | test.cpp:1329:11:1329:16 | call to source | test.cpp:1330:10:1330:10 | i |
+| test.cpp:1335:10:1335:15 | buffer | test.cpp:1336:10:1336:18 | access to array |
 | true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
 | true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |
 | true_upon_entry.cpp:33:11:33:16 | call to source | true_upon_entry.cpp:39:8:39:8 | x |

cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp

@@ -1329,3 +1329,11 @@ void nsdmi_test() {
   nsdmi y(source());
   sink(y.i); // $ ir ast
 }
+
+void certain_def_uninitialized_instruction_test() {
+  for(int i = 0; i < 10; i++) {
+    char buffer[10];
+    sink(buffer[0]); // $ SPURIOUS: ast
+    buffer[0] = source();
+  }
+}

cpp/ql/test/library-tests/dataflow/dataflow-tests/uninitialized.expected

@@ -59,3 +59,5 @@
 | test.cpp:1137:7:1137:10 | data | test.cpp:1138:5:1138:8 | data |
 | test.cpp:1137:7:1137:10 | data | test.cpp:1139:4:1139:7 | data |
 | test.cpp:1137:7:1137:10 | data | test.cpp:1140:10:1140:13 | data |
+| test.cpp:1335:10:1335:15 | buffer | test.cpp:1336:10:1336:15 | buffer |
+| test.cpp:1335:10:1335:15 | buffer | test.cpp:1337:5:1337:10 | buffer |

cpp/ql/test/library-tests/using-aliases/using-alias.expected

@@ -1,9 +1,9 @@
 | file://:0:0:0:0 | X | NestedTypedefType | file://:0:0:0:0 | int * |
-| file://:0:0:0:0 | X | UsingAliasTypedefType | file://:0:0:0:0 | int * |
+| file://:0:0:0:0 | X | TypeAliasType | file://:0:0:0:0 | int * |
 | using-alias.cpp:2:13:2:17 | type1 | CTypedefType | file://:0:0:0:0 | int |
-| using-alias.cpp:3:7:3:12 | using1 | UsingAliasTypedefType | file://:0:0:0:0 | float |
+| using-alias.cpp:3:7:3:12 | using1 | TypeAliasType | file://:0:0:0:0 | float |
 | using-alias.cpp:5:16:5:20 | type2 | CTypedefType | file://:0:0:0:0 | float |
-| using-alias.cpp:6:7:6:12 | using2 | UsingAliasTypedefType | file://:0:0:0:0 | int |
+| using-alias.cpp:6:7:6:12 | using2 | TypeAliasType | file://:0:0:0:0 | int |
 | using-alias.cpp:8:39:8:39 | X | NestedTypedefType | file://:0:0:0:0 | T * |
-| using-alias.cpp:8:39:8:39 | X | UsingAliasTypedefType | file://:0:0:0:0 | T * |
-| using-alias.cpp:10:7:10:7 | Y | UsingAliasTypedefType | file://:0:0:0:0 | int * |
+| using-alias.cpp:8:39:8:39 | X | TypeAliasType | file://:0:0:0:0 | T * |
+| using-alias.cpp:10:7:10:7 | Y | TypeAliasType | file://:0:0:0:0 | int * |

csharp/.config/dotnet-tools.json

@@ -3,7 +3,7 @@
   "isRoot": true,
   "tools": {
     "paket": {
-      "version": "10.0.0-alpha011",
+      "version": "10.3.1",
       "commands": [
         "paket"
       ]

csharp/.paket/Paket.Restore.targets

@@ -241,8 +241,9 @@
 				<OmitContent Condition="%(PaketReferencesFileLinesInfo.Splits) &gt;= 7">$([System.String]::Copy('%(PaketReferencesFileLines.Identity)').Split(',')[6])</OmitContent>
 				<ImportTargets Condition="%(PaketReferencesFileLinesInfo.Splits) &gt;= 8">$([System.String]::Copy('%(PaketReferencesFileLines.Identity)').Split(',')[7])</ImportTargets>
 				<Aliases Condition="%(PaketReferencesFileLinesInfo.Splits) &gt;= 9">$([System.String]::Copy('%(PaketReferencesFileLines.Identity)').Split(',')[8])</Aliases>
+				<ReferenceCondition Condition="%(PaketReferencesFileLinesInfo.Splits) &gt;= 10">$([System.String]::Copy('%(PaketReferencesFileLines.Identity)').Split(',')[9])</ReferenceCondition>
 			</PaketReferencesFileLinesInfo>
-			<PackageReference Condition=" '$(ManagePackageVersionsCentrally)' != 'true' Or '%(PaketReferencesFileLinesInfo.Reference)' == 'Direct' " Include="%(PaketReferencesFileLinesInfo.PackageName)">
+			<PackageReference Condition=" ('$(ManagePackageVersionsCentrally)' != 'true' Or '%(PaketReferencesFileLinesInfo.Reference)' == 'Direct') AND ('%(PaketReferencesFileLinesInfo.ReferenceCondition)' == 'true' Or $(%(PaketReferencesFileLinesInfo.ReferenceCondition)) == 'true')" Include="%(PaketReferencesFileLinesInfo.PackageName)">
 				<Version Condition=" '$(ManagePackageVersionsCentrally)' != 'true' ">%(PaketReferencesFileLinesInfo.PackageVersion)</Version>
 				<PrivateAssets Condition=" ('%(PaketReferencesFileLinesInfo.AllPrivateAssets)' == 'true') Or ('$(PackAsTool)' == 'true') ">All</PrivateAssets>
 				<ExcludeAssets Condition=" %(PaketReferencesFileLinesInfo.CopyLocal) == 'false' or %(PaketReferencesFileLinesInfo.AllPrivateAssets) == 'exclude'">runtime</ExcludeAssets>
@@ -251,10 +252,8 @@
 				<Aliases Condition=" %(PaketReferencesFileLinesInfo.Aliases) != ''">%(PaketReferencesFileLinesInfo.Aliases)</Aliases>
 				<Publish Condition=" '$(PackAsTool)' == 'true' ">true</Publish>
 				<AllowExplicitVersion>true</AllowExplicitVersion>
-
 			</PackageReference>
-
-			<PackageVersion Include="%(PaketReferencesFileLinesInfo.PackageName)">
+			<PackageVersion Condition="('$(ManagePackageVersionsCentrally)' != 'true' Or '%(PaketReferencesFileLinesInfo.Reference)' == 'Direct') AND ('%(PaketReferencesFileLinesInfo.ReferenceCondition)' == 'true' Or $(%(PaketReferencesFileLinesInfo.ReferenceCondition)) == 'true')" Include="%(PaketReferencesFileLinesInfo.PackageName)">
 				<Version>%(PaketReferencesFileLinesInfo.PackageVersion)</Version>
 			</PackageVersion>
 		</ItemGroup>
@@ -319,7 +318,17 @@
 		</ItemGroup>
 
 		<Error Text="Error Because of PAKET_ERROR_ON_MSBUILD_EXEC (not calling fix-nuspecs)" Condition=" '$(PAKET_ERROR_ON_MSBUILD_EXEC)' == 'true' " />
-		<Exec Condition="@(_NuspecFiles) != ''" Command='$(PaketCommand) fix-nuspecs files "@(_NuspecFiles)" project-file "$(PaketProjectFile)" ' />
+		<Exec Condition="@(_NuspecFiles) != ''" Command='$(PaketCommand) show-conditions -s' ConsoleToMSBuild="true" StandardOutputImportance="low">
+			<Output TaskParameter="ConsoleOutput" ItemName="_ConditionProperties"/>
+		</Exec>
+		<ItemGroup>
+			<_DefinedConditionProperties Include="@(_ConditionProperties)" Condition="$(%(Identity)) == 'true'"/>
+		</ItemGroup>
+		<PropertyGroup>
+			<_ConditionsParameter></_ConditionsParameter>
+			<_ConditionsParameter Condition="@(_DefinedConditionProperties) != ''">--conditions @(_DefinedConditionProperties)</_ConditionsParameter>
+		</PropertyGroup>
+		<Exec Condition="@(_NuspecFiles) != ''" Command='$(PaketCommand) fix-nuspecs files "@(_NuspecFiles)" project-file "$(PaketProjectFile)" $(_ConditionsParameter)' />
 		<Error Condition="@(_NuspecFiles) == ''" Text='Could not find nuspec files in "$(AdjustedNuspecOutputPath)" (Version: "$(PackageVersion)"), therefore we cannot call "paket fix-nuspecs" and have to error out!' />
 
 		<ConvertToAbsolutePath Condition="@(_NuspecFiles) != ''" Paths="@(_NuspecFiles)">

csharp/extractor/Semmle.Extraction.CSharp.Util/SymbolExtensions.cs

@@ -52,6 +52,13 @@ namespace Semmle.Extraction.CSharp.Util
             { "op_False", "false" }
         });
 
+        /// <summary>
+        /// The operatorname for user-defined instance increment- and decrement operators are "op_IncrementAssignment" and
+        /// "op_DecrementAssignment" respectively.
+        /// Thus we need to handle this explicitly to avoid postfixing them with an "=".
+        /// </summary>
+        private static bool IsIncrementOrDecrement(string operatorName) => operatorName == "++" || operatorName == "--";
+
         /// <summary>
         /// Convert an operator method name in to a symbolic name.
         /// A return value indicates whether the conversion succeeded.
@@ -72,7 +79,7 @@ namespace Semmle.Extraction.CSharp.Util
             if (match.Success && methodToOperator.TryGetValue($"op_{match.Groups[2]}", out var rawOperatorName))
             {
                 var prefix = match.Groups[1].Success ? "checked " : "";
-                var postfix = match.Groups[3].Success ? "=" : "";
+                var postfix = match.Groups[3].Success && !IsIncrementOrDecrement(rawOperatorName) ? "=" : "";
                 operatorName = $"{prefix}{rawOperatorName}{postfix}";
                 return true;
             }

csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs

@@ -234,9 +234,9 @@ namespace Semmle.Extraction.CSharp.Entities
         /// </summary>
         /// <param name="node">The expression syntax node.</param>
         /// <returns>Returns the target method symbol, or null if it cannot be resolved.</returns>
-        protected IMethodSymbol? GetTargetSymbol(ExpressionSyntax node)
+        protected static IMethodSymbol? GetTargetSymbol(Context cx, ExpressionSyntax node)
         {
-            var si = Context.GetSymbolInfo(node);
+            var si = cx.GetSymbolInfo(node);
             if (si.Symbol is ISymbol symbol)
             {
                 var method = symbol as IMethodSymbol;
@@ -255,7 +255,7 @@ namespace Semmle.Extraction.CSharp.Entities
                     .Where(method => method.Parameters.Length >= syntax.ArgumentList.Arguments.Count)
                     .Where(method => method.Parameters.Count(p => !p.HasExplicitDefaultValue) <= syntax.ArgumentList.Arguments.Count);
 
-                return Context.ExtractionContext.IsStandalone ?
+                return cx.ExtractionContext.IsStandalone ?
                     candidates.FirstOrDefault() :
                     candidates.SingleOrDefault();
             }
@@ -281,7 +281,7 @@ namespace Semmle.Extraction.CSharp.Entities
         /// <param name="node">The expression.</param>
         public void AddOperatorCall(TextWriter trapFile, ExpressionSyntax node)
         {
-            var @operator = GetTargetSymbol(node);
+            var @operator = GetTargetSymbol(Context, node);
             if (@operator is IMethodSymbol method)
             {
                 var callType = GetCallType(Context, node);
@@ -312,9 +312,9 @@ namespace Semmle.Extraction.CSharp.Entities
         /// <returns>The call type.</returns>
         public static CallType GetCallType(Context cx, ExpressionSyntax node)
         {
-            var @operator = cx.GetSymbolInfo(node);
+            var @operator = GetTargetSymbol(cx, node);
 
-            if (@operator.Symbol is IMethodSymbol method)
+            if (@operator is IMethodSymbol method)
             {
                 if (method.ContainingSymbol is ITypeSymbol containingSymbol && containingSymbol.TypeKind == Microsoft.CodeAnalysis.TypeKind.Dynamic)
                 {

csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Invocation.cs

@@ -44,7 +44,7 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions
 
             var child = -1;
             string? memberName = null;
-            var target = GetTargetSymbol(Syntax);
+            var target = GetTargetSymbol(Context, Syntax);
             switch (Syntax.Expression)
             {
                 case MemberAccessExpressionSyntax memberAccess when IsValidMemberAccessKind():

csharp/paket.lock

@@ -13,15 +13,15 @@ NUGET
       MSBuild.StructuredLogger (>= 2.3.71)
       NaturalSort.Extension (>= 4.4)
       NuGet.Versioning (>= 6.14)
-    Humanizer.Core (3.0.1)
+    Humanizer.Core (3.0.10)
     MessagePack (3.1.4)
       MessagePack.Annotations (>= 3.1.4)
       MessagePackAnalyzer (>= 3.1.4)
       Microsoft.NET.StringTools (>= 17.11.4)
     MessagePack.Annotations (3.1.4)
     MessagePackAnalyzer (3.1.4)
-    Microsoft.Bcl.AsyncInterfaces (10.0.1)
-    Microsoft.Bcl.Memory (10.0.1)
+    Microsoft.Bcl.AsyncInterfaces (10.0.8)
+    Microsoft.Bcl.Memory (10.0.8)
     Microsoft.Build (18.0.2)
       Microsoft.Build.Framework (>= 18.0.2)
       Microsoft.NET.StringTools (>= 18.0.2)
@@ -29,13 +29,13 @@ NUGET
       System.Diagnostics.EventLog (>= 9.0)
       System.Reflection.MetadataLoadContext (>= 9.0)
       System.Security.Cryptography.ProtectedData (>= 9.0.6)
-    Microsoft.Build.Framework (18.0.2)
-    Microsoft.Build.Utilities.Core (18.0.2)
-      Microsoft.Build.Framework (>= 18.0.2)
-      Microsoft.NET.StringTools (>= 18.0.2)
-      System.Configuration.ConfigurationManager (>= 9.0)
-      System.Diagnostics.EventLog (>= 9.0)
-      System.Security.Cryptography.ProtectedData (>= 9.0.6)
+    Microsoft.Build.Framework (18.4)
+    Microsoft.Build.Utilities.Core (18.4)
+      Microsoft.Build.Framework (>= 18.4)
+      Microsoft.NET.StringTools (>= 18.4)
+      System.Configuration.ConfigurationManager (>= 10.0.1)
+      System.Diagnostics.EventLog (>= 10.0.1)
+      System.Security.Cryptography.ProtectedData (>= 10.0.1)
     Microsoft.CodeAnalysis (5.0)
       Humanizer.Core (>= 2.14.1)
       Microsoft.Bcl.AsyncInterfaces (>= 9.0)
@@ -53,7 +53,7 @@ NUGET
       System.Text.Encoding.CodePages (>= 8.0)
       System.Threading.Channels (>= 8.0)
       System.Threading.Tasks.Extensions (>= 4.6)
-    Microsoft.CodeAnalysis.Analyzers (3.11)
+    Microsoft.CodeAnalysis.Analyzers (5.3)
     Microsoft.CodeAnalysis.Common (5.0)
       Microsoft.CodeAnalysis.Analyzers (>= 3.11)
     Microsoft.CodeAnalysis.CSharp (5.0)
@@ -81,64 +81,63 @@ NUGET
       Microsoft.CodeAnalysis.Analyzers (>= 3.11)
       Microsoft.CodeAnalysis.Common (5.0)
       System.Composition (>= 9.0)
-    Microsoft.CodeCoverage (18.0.1)
-    Microsoft.Extensions.ObjectPool (10.0.1)
-    Microsoft.NET.StringTools (18.0.2)
-    Microsoft.NET.Test.Sdk (18.0.1)
-      Microsoft.CodeCoverage (>= 18.0.1)
-      Microsoft.TestPlatform.TestHost (>= 18.0.1)
-    Microsoft.TestPlatform.ObjectModel (18.0.1)
+    Microsoft.CodeCoverage (18.5.1)
+    Microsoft.Extensions.ObjectPool (10.0.8)
+    Microsoft.NET.StringTools (18.4)
+    Microsoft.NET.Test.Sdk (18.5.1)
+      Microsoft.CodeCoverage (>= 18.5.1)
+      Microsoft.TestPlatform.TestHost (>= 18.5.1)
+    Microsoft.TestPlatform.ObjectModel (18.5.1)
       System.Reflection.Metadata (>= 8.0)
-    Microsoft.TestPlatform.TestHost (18.0.1)
-      Microsoft.TestPlatform.ObjectModel (>= 18.0.1)
+    Microsoft.TestPlatform.TestHost (18.5.1)
+      Microsoft.TestPlatform.ObjectModel (>= 18.5.1)
       Newtonsoft.Json (>= 13.0.3)
     Microsoft.VisualStudio.SolutionPersistence (1.0.52)
     Mono.Posix.NETStandard (1.0)
-    MSBuild.StructuredLogger (2.3.113)
+    MSBuild.StructuredLogger (2.3.204)
       Microsoft.Build.Framework (>= 17.5)
       Microsoft.Build.Utilities.Core (>= 17.5)
-      System.Collections.Immutable (>= 8.0)
     NaturalSort.Extension (4.4.1)
     Newtonsoft.Json (13.0.4)
-    NuGet.Versioning (7.0.1)
+    NuGet.Versioning (7.6)
     System.Buffers (4.6.1)
-    System.Collections.Immutable (10.0.1)
-    System.Composition (10.0.1)
-      System.Composition.AttributedModel (>= 10.0.1)
-      System.Composition.Convention (>= 10.0.1)
-      System.Composition.Hosting (>= 10.0.1)
-      System.Composition.Runtime (>= 10.0.1)
-      System.Composition.TypedParts (>= 10.0.1)
-    System.Composition.AttributedModel (10.0.1)
-    System.Composition.Convention (10.0.1)
-      System.Composition.AttributedModel (>= 10.0.1)
-    System.Composition.Hosting (10.0.1)
-      System.Composition.Runtime (>= 10.0.1)
-    System.Composition.Runtime (10.0.1)
-    System.Composition.TypedParts (10.0.1)
-      System.Composition.AttributedModel (>= 10.0.1)
-      System.Composition.Hosting (>= 10.0.1)
-      System.Composition.Runtime (>= 10.0.1)
-    System.Configuration.ConfigurationManager (10.0.1)
-      System.Diagnostics.EventLog (>= 10.0.1)
-      System.Security.Cryptography.ProtectedData (>= 10.0.1)
-    System.Diagnostics.EventLog (10.0.1)
-    System.IO.Pipelines (10.0.1)
+    System.Collections.Immutable (10.0.8)
+    System.Composition (10.0.8)
+      System.Composition.AttributedModel (>= 10.0.8)
+      System.Composition.Convention (>= 10.0.8)
+      System.Composition.Hosting (>= 10.0.8)
+      System.Composition.Runtime (>= 10.0.8)
+      System.Composition.TypedParts (>= 10.0.8)
+    System.Composition.AttributedModel (10.0.8)
+    System.Composition.Convention (10.0.8)
+      System.Composition.AttributedModel (>= 10.0.8)
+    System.Composition.Hosting (10.0.8)
+      System.Composition.Runtime (>= 10.0.8)
+    System.Composition.Runtime (10.0.8)
+    System.Composition.TypedParts (10.0.8)
+      System.Composition.AttributedModel (>= 10.0.8)
+      System.Composition.Hosting (>= 10.0.8)
+      System.Composition.Runtime (>= 10.0.8)
+    System.Configuration.ConfigurationManager (10.0.8)
+      System.Diagnostics.EventLog (>= 10.0.8)
+      System.Security.Cryptography.ProtectedData (>= 10.0.8)
+    System.Diagnostics.EventLog (10.0.8)
+    System.IO.Pipelines (10.0.8)
     System.Memory (4.6.3)
     System.Numerics.Vectors (4.6.1)
-    System.Reflection.Metadata (10.0.1)
-    System.Reflection.MetadataLoadContext (10.0.1)
+    System.Reflection.Metadata (10.0.8)
+    System.Reflection.MetadataLoadContext (10.0.8)
     System.Runtime.CompilerServices.Unsafe (6.1.2)
-    System.Security.Cryptography.ProtectedData (10.0.1)
-    System.Text.Encoding.CodePages (10.0.1)
-    System.Threading.Channels (10.0.1)
+    System.Security.Cryptography.ProtectedData (10.0.8)
+    System.Text.Encoding.CodePages (10.0.8)
+    System.Threading.Channels (10.0.8)
     System.Threading.Tasks.Extensions (4.6.3)
     xunit (2.9.3)
       xunit.analyzers (>= 1.18)
       xunit.assert (>= 2.9.3)
       xunit.core (2.9.3)
     xunit.abstractions (2.0.3)
-    xunit.analyzers (1.26)
+    xunit.analyzers (1.27)
     xunit.assert (2.9.3)
     xunit.core (2.9.3)
       xunit.extensibility.core (2.9.3)

csharp/ql/lib/change-notes/2026-05-12-user-increment-decrement.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* C# 14: Added support for user-defined instance increment/decrement operators.

csharp/ql/lib/semmle/code/csharp/Callable.qll

@@ -613,6 +613,9 @@ class UnaryOperator extends Operator {
     this.getNumberOfParameters() = 1 and
     not this instanceof ConversionOperator and
     not this instanceof CompoundAssignmentOperator
+    or
+    // Instance increment and decrement operators don't have a parameter (only a qualifier).
+    this.getNumberOfParameters() = 0 and not this.isStatic()
   }
 }
 

csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraph.qll

@@ -175,7 +175,9 @@ module Ast implements AstSig<Location> {
   final private class FinalForStmt = CS::ForStmt;
 
   class ForStmt extends FinalForStmt {
-    Expr getInit(int index) { result = this.getInitializer(index) }
+    AstNode getInit(int index) { result = super.getInitializer(index) }
+
+    AstNode getUpdate(int index) { result = super.getUpdate(index) }
   }
 
   final private class FinalForeachStmt = CS::ForeachStmt;

csharp/ql/lib/semmle/code/csharp/dispatch/Dispatch.qll

@@ -73,6 +73,19 @@ class DispatchCall extends Internal::TDispatchCall {
   }
 }
 
+abstract private class InstanceOperatorCall extends OperatorCall {
+  abstract Expr getQualifier();
+}
+
+private class InstanceCompoundAssignment extends InstanceOperatorCall instanceof CompoundAssignmentOperatorCall
+{
+  override Expr getQualifier() { result = CompoundAssignmentOperatorCall.super.getQualifier() }
+}
+
+private class InstanceMutator extends InstanceOperatorCall instanceof InstanceMutatorOperatorCall {
+  override Expr getQualifier() { result = InstanceMutatorOperatorCall.super.getQualifier() }
+}
+
 /** Internal implementation details. */
 private module Internal {
   private import OverridableCallable
@@ -101,9 +114,9 @@ private module Internal {
       } or
       TDispatchOperatorCall(OperatorCall oc) {
         not oc.isLateBound() and
-        not oc instanceof CompoundAssignmentOperatorCall
+        not oc instanceof InstanceOperatorCall
       } or
-      TDispatchCompoundAssignmentOperatorCall(CompoundAssignmentOperatorCall caoc) or
+      TDispatchInstanceOperatorCall(InstanceOperatorCall ioc) or
       TDispatchReflectionCall(MethodCall mc, string name, Expr object, Expr qualifier, int args) {
         isReflectionCall(mc, name, object, qualifier, args)
       } or
@@ -890,12 +903,10 @@ private module Internal {
     override Operator getAStaticTarget() { result = this.getCall().getTarget() }
   }
 
-  private class DispatchCompoundAssignmentOperatorCall extends DispatchOverridableCall,
-    TDispatchCompoundAssignmentOperatorCall
+  private class DispatchInstanceOperatorCall extends DispatchOverridableCall,
+    TDispatchInstanceOperatorCall
   {
-    override CompoundAssignmentOperatorCall getCall() {
-      this = TDispatchCompoundAssignmentOperatorCall(result)
-    }
+    override InstanceOperatorCall getCall() { this = TDispatchInstanceOperatorCall(result) }
 
     override Expr getArgument(int i) { result = this.getCall().getArgument(i) }
 

csharp/ql/lib/semmle/code/csharp/exprs/Call.qll

@@ -570,6 +570,29 @@ class MutatorOperatorCall extends OperatorCall {
   predicate isPostfix() { mutator_invocation_mode(this, 2) }
 }
 
+/**
+ * A call to an instance mutator operator, for example `a++` on
+ * line 5 in
+ *
+ * ```csharp
+ * class A {
+ *   public void operator ++() { ... }
+ *
+ *   public static void Increment(A a) {
+ *     a++;
+ *   }
+ * }
+ * ```
+ */
+class InstanceMutatorOperatorCall extends MutatorOperatorCall {
+  InstanceMutatorOperatorCall() { this.getTarget().getNumberOfParameters() = 0 }
+
+  /** Gets the qualifier of this instance mutator operator call. */
+  Expr getQualifier() { result = this.getChildExpr(0) }
+
+  override Expr getArgument(int i) { none() }
+}
+
 /**
  * A call to a compound assignment operator, for example `this += other`
  * on line 7 in

csharp/ql/test/library-tests/dataflow/operators/Operator.cs

@@ -120,3 +120,36 @@ public class CompoundAssignmentOperators
         Sink(x.Field); // $ hasValueFlow=1
     }
 }
+
+public class MutatorOperators
+{
+    static void Sink(object o) { }
+    static T Source<T>(object source) => throw null;
+
+    public class C1
+    {
+        public object Field { get; private set; }
+
+        public C1()
+        {
+            Field = new object();
+        }
+
+        public C1(object o)
+        {
+            Field = o;
+        }
+
+        public void operator ++()
+        {
+            Field = Source<object>(1);
+        }
+
+        public void M1()
+        {
+            var x = new C1();
+            x++;
+            Sink(x.Field); // $ hasValueFlow=1
+        }
+    }
+}

csharp/ql/test/library-tests/dataflow/operators/operatorFlow.expected

@@ -130,6 +130,16 @@ edges
 | Operator.cs:119:14:119:14 | access to local variable y : C [property Field] : Object | Operator.cs:119:9:119:9 | [post] access to local variable x : C [property Field] : Object | provenance |  |
 | Operator.cs:120:14:120:14 | access to local variable x : C [property Field] : Object | Operator.cs:120:14:120:20 | access to property Field | provenance |  |
 | Operator.cs:120:14:120:14 | access to local variable x : C [property Field] : Object | Operator.cs:120:14:120:20 | access to property Field | provenance |  |
+| Operator.cs:143:30:143:31 | this [Return] : C1 [property Field] : Object | Operator.cs:151:13:151:13 | [post] access to local variable x : C1 [property Field] : Object | provenance |  |
+| Operator.cs:143:30:143:31 | this [Return] : C1 [property Field] : Object | Operator.cs:151:13:151:13 | [post] access to local variable x : C1 [property Field] : Object | provenance |  |
+| Operator.cs:145:13:145:17 | [post] this access : C1 [property Field] : Object | Operator.cs:143:30:143:31 | this [Return] : C1 [property Field] : Object | provenance |  |
+| Operator.cs:145:13:145:17 | [post] this access : C1 [property Field] : Object | Operator.cs:143:30:143:31 | this [Return] : C1 [property Field] : Object | provenance |  |
+| Operator.cs:145:21:145:37 | call to method Source<Object> : Object | Operator.cs:145:13:145:17 | [post] this access : C1 [property Field] : Object | provenance |  |
+| Operator.cs:145:21:145:37 | call to method Source<Object> : Object | Operator.cs:145:13:145:17 | [post] this access : C1 [property Field] : Object | provenance |  |
+| Operator.cs:151:13:151:13 | [post] access to local variable x : C1 [property Field] : Object | Operator.cs:152:18:152:18 | access to local variable x : C1 [property Field] : Object | provenance |  |
+| Operator.cs:151:13:151:13 | [post] access to local variable x : C1 [property Field] : Object | Operator.cs:152:18:152:18 | access to local variable x : C1 [property Field] : Object | provenance |  |
+| Operator.cs:152:18:152:18 | access to local variable x : C1 [property Field] : Object | Operator.cs:152:18:152:24 | access to property Field | provenance |  |
+| Operator.cs:152:18:152:18 | access to local variable x : C1 [property Field] : Object | Operator.cs:152:18:152:24 | access to property Field | provenance |  |
 nodes
 | Operator.cs:9:39:9:39 | x : C | semmle.label | x : C |
 | Operator.cs:9:39:9:39 | x : C | semmle.label | x : C |
@@ -275,6 +285,18 @@ nodes
 | Operator.cs:120:14:120:14 | access to local variable x : C [property Field] : Object | semmle.label | access to local variable x : C [property Field] : Object |
 | Operator.cs:120:14:120:20 | access to property Field | semmle.label | access to property Field |
 | Operator.cs:120:14:120:20 | access to property Field | semmle.label | access to property Field |
+| Operator.cs:143:30:143:31 | this [Return] : C1 [property Field] : Object | semmle.label | this [Return] : C1 [property Field] : Object |
+| Operator.cs:143:30:143:31 | this [Return] : C1 [property Field] : Object | semmle.label | this [Return] : C1 [property Field] : Object |
+| Operator.cs:145:13:145:17 | [post] this access : C1 [property Field] : Object | semmle.label | [post] this access : C1 [property Field] : Object |
+| Operator.cs:145:13:145:17 | [post] this access : C1 [property Field] : Object | semmle.label | [post] this access : C1 [property Field] : Object |
+| Operator.cs:145:21:145:37 | call to method Source<Object> : Object | semmle.label | call to method Source<Object> : Object |
+| Operator.cs:145:21:145:37 | call to method Source<Object> : Object | semmle.label | call to method Source<Object> : Object |
+| Operator.cs:151:13:151:13 | [post] access to local variable x : C1 [property Field] : Object | semmle.label | [post] access to local variable x : C1 [property Field] : Object |
+| Operator.cs:151:13:151:13 | [post] access to local variable x : C1 [property Field] : Object | semmle.label | [post] access to local variable x : C1 [property Field] : Object |
+| Operator.cs:152:18:152:18 | access to local variable x : C1 [property Field] : Object | semmle.label | access to local variable x : C1 [property Field] : Object |
+| Operator.cs:152:18:152:18 | access to local variable x : C1 [property Field] : Object | semmle.label | access to local variable x : C1 [property Field] : Object |
+| Operator.cs:152:18:152:24 | access to property Field | semmle.label | access to property Field |
+| Operator.cs:152:18:152:24 | access to property Field | semmle.label | access to property Field |
 subpaths
 | Operator.cs:29:17:29:17 | access to local variable x : C | Operator.cs:16:38:16:38 | x : C | Operator.cs:16:49:16:49 | access to parameter x : C | Operator.cs:29:17:29:21 | call to operator + : C |
 | Operator.cs:29:17:29:17 | access to local variable x : C | Operator.cs:16:38:16:38 | x : C | Operator.cs:16:49:16:49 | access to parameter x : C | Operator.cs:29:17:29:21 | call to operator + : C |
@@ -308,3 +330,5 @@ testFailures
 | Operator.cs:78:14:78:14 | (...) ... | Operator.cs:84:17:84:29 | call to method Source<C> : C | Operator.cs:78:14:78:14 | (...) ... | $@ | Operator.cs:84:17:84:29 | call to method Source<C> : C | call to method Source<C> : C |
 | Operator.cs:120:14:120:20 | access to property Field | Operator.cs:116:23:116:39 | call to method Source<Object> : Object | Operator.cs:120:14:120:20 | access to property Field | $@ | Operator.cs:116:23:116:39 | call to method Source<Object> : Object | call to method Source<Object> : Object |
 | Operator.cs:120:14:120:20 | access to property Field | Operator.cs:116:23:116:39 | call to method Source<Object> : Object | Operator.cs:120:14:120:20 | access to property Field | $@ | Operator.cs:116:23:116:39 | call to method Source<Object> : Object | call to method Source<Object> : Object |
+| Operator.cs:152:18:152:24 | access to property Field | Operator.cs:145:21:145:37 | call to method Source<Object> : Object | Operator.cs:152:18:152:24 | access to property Field | $@ | Operator.cs:145:21:145:37 | call to method Source<Object> : Object | call to method Source<Object> : Object |
+| Operator.cs:152:18:152:24 | access to property Field | Operator.cs:145:21:145:37 | call to method Source<Object> : Object | Operator.cs:152:18:152:24 | access to property Field | $@ | Operator.cs:145:21:145:37 | call to method Source<Object> : Object | call to method Source<Object> : Object |

csharp/ql/test/library-tests/extension/PrintAst.expected

@@ -171,311 +171,341 @@ extensions.cs:
 #   16|       4: [BlockStmt] {...}
 #   16|         0: [ReturnStmt] return ...;
 #   16|           0: [ParameterAccess] access to parameter t
-#   19|   5: [ExtensionType] extension(Object)
-#   21|     4: [ExtensionMethod] StaticObjectM1
-#   21|       -1: [TypeMention] int
-#   21|       4: [BlockStmt] {...}
-#   21|         0: [ReturnStmt] return ...;
-#   21|           0: [IntLiteral] 0
-#   22|     5: [ExtensionMethod] StaticObjectM2
-#   22|       -1: [TypeMention] int
+#   17|     15: [ExtensionCallable,IncrementOperator] ++
+#   17|       -1: [TypeMention] Void
 #-----|       2: (Parameters)
-#   22|         0: [Parameter] s
-#   22|           -1: [TypeMention] string
-#   22|       4: [BlockStmt] {...}
-#   22|         0: [ReturnStmt] return ...;
-#   22|           0: [PropertyCall] access to property Length
-#   22|             -1: [ParameterAccess] access to parameter s
-#   23|     6: [Property] StaticProp
-#   23|       -1: [TypeMention] bool
-#   23|       3: [ExtensionCallable,Getter] get_StaticProp
-#   23|         4: [BoolLiteral] true
-#   26|   8: [ExtensionType] extension(T)`1
+#    6|         0: [Parameter] s
+#    6|           -1: [TypeMention] string
+#   17|       4: [BlockStmt] {...}
+#   18|     16: [DecrementOperator,ExtensionCallable] --
+#   18|       -1: [TypeMention] string
+#-----|       2: (Parameters)
+#   18|         0: [Parameter] o
+#   18|           -1: [TypeMention] string
+#   18|       4: [BlockStmt] {...}
+#   18|         0: [ReturnStmt] return ...;
+#   18|           0: [ParameterAccess] access to parameter o
+#   21|   5: [ExtensionType] extension(Object)
+#   23|     4: [ExtensionMethod] StaticObjectM1
+#   23|       -1: [TypeMention] int
+#   23|       4: [BlockStmt] {...}
+#   23|         0: [ReturnStmt] return ...;
+#   23|           0: [IntLiteral] 0
+#   24|     5: [ExtensionMethod] StaticObjectM2
+#   24|       -1: [TypeMention] int
+#-----|       2: (Parameters)
+#   24|         0: [Parameter] s
+#   24|           -1: [TypeMention] string
+#   24|       4: [BlockStmt] {...}
+#   24|         0: [ReturnStmt] return ...;
+#   24|           0: [PropertyCall] access to property Length
+#   24|             -1: [ParameterAccess] access to parameter s
+#   25|     6: [Property] StaticProp
+#   25|       -1: [TypeMention] bool
+#   25|       3: [ExtensionCallable,Getter] get_StaticProp
+#   25|         4: [BoolLiteral] true
+#   28|   8: [ExtensionType] extension(T)`1
 #-----|     1: (Type parameters)
-#   26|       0: [TypeParameter] T
+#   28|       0: [TypeParameter] T
 #-----|     2: (Parameters)
-#   26|       0: [Parameter] t
-#   26|         -1: [TypeMention] T
-#   28|     4: [Property] GenericProp1
-#   28|       -1: [TypeMention] bool
-#   28|       3: [ExtensionCallable,Getter] get_GenericProp1
-#-----|         2: (Parameters)
-#   26|           0: [Parameter] t
-#   26|             -1: [TypeMention] T
-#   28|         4: [IsExpr] ... is ...
-#   28|           0: [SyntheticExtensionParameterAccess] access to extension synthetic parameter t
-#   28|           1: [NotPatternExpr] not ...
-#   28|             0: [ConstantPatternExpr,NullLiteral] null
-#   29|     5: [Property] GenericProp2
-#   29|       -1: [TypeMention] bool
-#   29|       3: [ExtensionCallable,Getter] get_GenericProp2
-#-----|         2: (Parameters)
-#   26|           0: [Parameter] t
-#   26|             -1: [TypeMention] T
-#   29|         4: [BlockStmt] {...}
-#   29|           0: [ReturnStmt] return ...;
-#   29|             0: [BoolLiteral] true
-#   29|       4: [ExtensionCallable,Setter] set_GenericProp2
-#-----|         2: (Parameters)
-#   26|           0: [Parameter] t
-#   26|             -1: [TypeMention] T
-#   29|           1: [Parameter] value
-#   29|         4: [BlockStmt] {...}
-#   30|     6: [ExtensionMethod] GenericM1
+#   28|       0: [Parameter] t
+#   28|         -1: [TypeMention] T
+#   30|     4: [Property] GenericProp1
 #   30|       -1: [TypeMention] bool
+#   30|       3: [ExtensionCallable,Getter] get_GenericProp1
+#-----|         2: (Parameters)
+#   28|           0: [Parameter] t
+#   28|             -1: [TypeMention] T
+#   30|         4: [IsExpr] ... is ...
+#   30|           0: [SyntheticExtensionParameterAccess] access to extension synthetic parameter t
+#   30|           1: [NotPatternExpr] not ...
+#   30|             0: [ConstantPatternExpr,NullLiteral] null
+#   31|     5: [Property] GenericProp2
+#   31|       -1: [TypeMention] bool
+#   31|       3: [ExtensionCallable,Getter] get_GenericProp2
+#-----|         2: (Parameters)
+#   28|           0: [Parameter] t
+#   28|             -1: [TypeMention] T
+#   31|         4: [BlockStmt] {...}
+#   31|           0: [ReturnStmt] return ...;
+#   31|             0: [BoolLiteral] true
+#   31|       4: [ExtensionCallable,Setter] set_GenericProp2
+#-----|         2: (Parameters)
+#   28|           0: [Parameter] t
+#   28|             -1: [TypeMention] T
+#   31|           1: [Parameter] value
+#   31|         4: [BlockStmt] {...}
+#   32|     6: [ExtensionMethod] GenericM1
+#   32|       -1: [TypeMention] bool
 #-----|       2: (Parameters)
-#   26|         0: [Parameter] t
-#   26|           -1: [TypeMention] T
-#   30|       4: [IsExpr] ... is ...
-#   30|         0: [SyntheticExtensionParameterAccess] access to extension synthetic parameter t
-#   30|         1: [NotPatternExpr] not ...
-#   30|           0: [ConstantPatternExpr,NullLiteral] null
-#   31|     7: [ExtensionMethod] GenericM2`1
-#   31|       -1: [TypeMention] Void
-#-----|       1: (Type parameters)
-#   31|         0: [TypeParameter] S
-#-----|       2: (Parameters)
-#   26|         0: [Parameter] t
-#   26|           -1: [TypeMention] T
-#   31|         1: [Parameter] other
-#   31|           -1: [TypeMention] S
-#   31|       4: [BlockStmt] {...}
-#   32|     8: [ExtensionMethod] GenericStaticM1
-#   32|       -1: [TypeMention] Void
-#-----|       2: (Parameters)
-#   26|         0: [Parameter] t
-#   26|           -1: [TypeMention] T
-#   32|       4: [BlockStmt] {...}
-#   33|     9: [ExtensionMethod] GenericStaticM2`1
+#   28|         0: [Parameter] t
+#   28|           -1: [TypeMention] T
+#   32|       4: [IsExpr] ... is ...
+#   32|         0: [SyntheticExtensionParameterAccess] access to extension synthetic parameter t
+#   32|         1: [NotPatternExpr] not ...
+#   32|           0: [ConstantPatternExpr,NullLiteral] null
+#   33|     7: [ExtensionMethod] GenericM2`1
 #   33|       -1: [TypeMention] Void
 #-----|       1: (Type parameters)
 #   33|         0: [TypeParameter] S
 #-----|       2: (Parameters)
-#   33|         0: [Parameter] other
+#   28|         0: [Parameter] t
+#   28|           -1: [TypeMention] T
+#   33|         1: [Parameter] other
 #   33|           -1: [TypeMention] S
 #   33|       4: [BlockStmt] {...}
-#   34|     10: [AddOperator,ExtensionCallable] +
-#   34|       -1: [TypeMention] T
+#   34|     8: [ExtensionMethod] GenericStaticM1
+#   34|       -1: [TypeMention] Void
 #-----|       2: (Parameters)
-#   34|         0: [Parameter] a
-#   34|           -1: [TypeMention] T
-#   34|         1: [Parameter] b
-#   34|           -1: [TypeMention] T
+#   28|         0: [Parameter] t
+#   28|           -1: [TypeMention] T
 #   34|       4: [BlockStmt] {...}
-#   34|         0: [ReturnStmt] return ...;
-#   34|           0: [NullLiteral] null
-#   38| [Class] ClassicExtensions
-#   40|   4: [ExtensionMethod] M3
-#   40|     -1: [TypeMention] bool
+#   35|     9: [ExtensionMethod] GenericStaticM2`1
+#   35|       -1: [TypeMention] Void
+#-----|       1: (Type parameters)
+#   35|         0: [TypeParameter] S
+#-----|       2: (Parameters)
+#   35|         0: [Parameter] other
+#   35|           -1: [TypeMention] S
+#   35|       4: [BlockStmt] {...}
+#   36|     10: [AddOperator,ExtensionCallable] +
+#   36|       -1: [TypeMention] T
+#-----|       2: (Parameters)
+#   36|         0: [Parameter] a
+#   36|           -1: [TypeMention] T
+#   36|         1: [Parameter] b
+#   36|           -1: [TypeMention] T
+#   36|       4: [BlockStmt] {...}
+#   36|         0: [ReturnStmt] return ...;
+#   36|           0: [NullLiteral] null
+#   40| [Class] ClassicExtensions
+#   42|   4: [ExtensionMethod] M3
+#   42|     -1: [TypeMention] bool
 #-----|     2: (Parameters)
-#   40|       0: [Parameter] s
-#   40|         -1: [TypeMention] string
-#   40|     4: [IsExpr] ... is ...
-#   40|       0: [ParameterAccess] access to parameter s
-#   40|       1: [NotPatternExpr] not ...
-#   40|         0: [ConstantPatternExpr,NullLiteral] null
-#   43| [Class] C
-#   45|   6: [Method] CallingExtensions
-#   45|     -1: [TypeMention] Void
-#   46|     4: [BlockStmt] {...}
-#   47|       0: [LocalVariableDeclStmt] ... ...;
-#   47|         0: [LocalVariableDeclAndInitExpr] String s = ...
-#   47|           -1: [TypeMention] string
-#   47|           0: [LocalVariableAccess] access to local variable s
-#   47|           1: [StringLiteralUtf16] "Hello World."
-#   50|       1: [LocalVariableDeclStmt] ... ...;
-#   50|         0: [LocalVariableDeclAndInitExpr] Boolean x11 = ...
-#   50|           -1: [TypeMention] bool
-#   50|           0: [LocalVariableAccess] access to local variable x11
-#   50|           1: [ExtensionPropertyCall] access to property Prop1
-#   50|             -1: [LocalVariableAccess] access to local variable s
-#   51|       2: [LocalVariableDeclStmt] ... ...;
-#   51|         0: [LocalVariableDeclAndInitExpr] Boolean x12 = ...
-#   51|           -1: [TypeMention] bool
-#   51|           0: [LocalVariableAccess] access to local variable x12
-#   51|           1: [ExtensionPropertyCall] access to property Prop2
-#   51|             -1: [LocalVariableAccess] access to local variable s
-#   52|       3: [ExprStmt] ...;
-#   52|         0: [AssignExpr] ... = ...
-#   52|           0: [ExtensionPropertyCall] access to property Prop2
+#   42|       0: [Parameter] s
+#   42|         -1: [TypeMention] string
+#   42|     4: [IsExpr] ... is ...
+#   42|       0: [ParameterAccess] access to parameter s
+#   42|       1: [NotPatternExpr] not ...
+#   42|         0: [ConstantPatternExpr,NullLiteral] null
+#   45| [Class] C
+#   47|   6: [Method] CallingExtensions
+#   47|     -1: [TypeMention] Void
+#   48|     4: [BlockStmt] {...}
+#   49|       0: [LocalVariableDeclStmt] ... ...;
+#   49|         0: [LocalVariableDeclAndInitExpr] String s = ...
+#   49|           -1: [TypeMention] string
+#   49|           0: [LocalVariableAccess] access to local variable s
+#   49|           1: [StringLiteralUtf16] "Hello World."
+#   52|       1: [LocalVariableDeclStmt] ... ...;
+#   52|         0: [LocalVariableDeclAndInitExpr] Boolean x11 = ...
+#   52|           -1: [TypeMention] bool
+#   52|           0: [LocalVariableAccess] access to local variable x11
+#   52|           1: [ExtensionPropertyCall] access to property Prop1
 #   52|             -1: [LocalVariableAccess] access to local variable s
-#   52|           1: [BoolLiteral] true
-#   53|       4: [LocalVariableDeclStmt] ... ...;
-#   53|         0: [LocalVariableDeclAndInitExpr] Boolean x13 = ...
+#   53|       2: [LocalVariableDeclStmt] ... ...;
+#   53|         0: [LocalVariableDeclAndInitExpr] Boolean x12 = ...
 #   53|           -1: [TypeMention] bool
-#   53|           0: [LocalVariableAccess] access to local variable x13
-#   53|           1: [ExtensionPropertyCall] access to property StaticProp1
-#   53|             -1: [TypeAccess] access to type String
-#   53|               0: [TypeMention] string
-#   54|       5: [LocalVariableDeclStmt] ... ...;
-#   54|         0: [LocalVariableDeclAndInitExpr] Boolean x14 = ...
-#   54|           -1: [TypeMention] bool
-#   54|           0: [LocalVariableAccess] access to local variable x14
-#   54|           1: [ExtensionPropertyCall] access to property StaticProp
-#   54|             -1: [TypeAccess] access to type Object
-#   54|               0: [TypeMention] object
-#   57|       6: [LocalVariableDeclStmt] ... ...;
-#   57|         0: [LocalVariableDeclAndInitExpr] Boolean x21 = ...
-#   57|           -1: [TypeMention] bool
-#   57|           0: [LocalVariableAccess] access to local variable x21
-#   57|           1: [MethodCall] call to method M1
-#   57|             -1: [LocalVariableAccess] access to local variable s
-#   58|       7: [LocalVariableDeclStmt] ... ...;
-#   58|         0: [LocalVariableDeclAndInitExpr] String x22 = ...
-#   58|           -1: [TypeMention] string
-#   58|           0: [LocalVariableAccess] access to local variable x22
-#   58|           1: [MethodCall] call to method M2
-#   58|             -1: [LocalVariableAccess] access to local variable s
-#   58|             0: [StringLiteralUtf16] "!!!"
-#   59|       8: [LocalVariableDeclStmt] ... ...;
-#   59|         0: [LocalVariableDeclAndInitExpr] Int32 x23 = ...
-#   59|           -1: [TypeMention] int
-#   59|           0: [LocalVariableAccess] access to local variable x23
-#   59|           1: [MethodCall] call to method StaticM1
-#   59|             -1: [TypeAccess] access to type String
-#   59|               0: [TypeMention] string
-#   60|       9: [LocalVariableDeclStmt] ... ...;
-#   60|         0: [LocalVariableDeclAndInitExpr] Int32 x24 = ...
-#   60|           -1: [TypeMention] int
-#   60|           0: [LocalVariableAccess] access to local variable x24
-#   60|           1: [MethodCall] call to method StaticM2
-#   60|             -1: [TypeAccess] access to type String
-#   60|               0: [TypeMention] string
-#   60|             0: [LocalVariableAccess] access to local variable s
-#   61|       10: [LocalVariableDeclStmt] ... ...;
-#   61|         0: [LocalVariableDeclAndInitExpr] Int32 x25 = ...
+#   53|           0: [LocalVariableAccess] access to local variable x12
+#   53|           1: [ExtensionPropertyCall] access to property Prop2
+#   53|             -1: [LocalVariableAccess] access to local variable s
+#   54|       3: [ExprStmt] ...;
+#   54|         0: [AssignExpr] ... = ...
+#   54|           0: [ExtensionPropertyCall] access to property Prop2
+#   54|             -1: [LocalVariableAccess] access to local variable s
+#   54|           1: [BoolLiteral] true
+#   55|       4: [LocalVariableDeclStmt] ... ...;
+#   55|         0: [LocalVariableDeclAndInitExpr] Boolean x13 = ...
+#   55|           -1: [TypeMention] bool
+#   55|           0: [LocalVariableAccess] access to local variable x13
+#   55|           1: [ExtensionPropertyCall] access to property StaticProp1
+#   55|             -1: [TypeAccess] access to type String
+#   55|               0: [TypeMention] string
+#   56|       5: [LocalVariableDeclStmt] ... ...;
+#   56|         0: [LocalVariableDeclAndInitExpr] Boolean x14 = ...
+#   56|           -1: [TypeMention] bool
+#   56|           0: [LocalVariableAccess] access to local variable x14
+#   56|           1: [ExtensionPropertyCall] access to property StaticProp
+#   56|             -1: [TypeAccess] access to type Object
+#   56|               0: [TypeMention] object
+#   59|       6: [LocalVariableDeclStmt] ... ...;
+#   59|         0: [LocalVariableDeclAndInitExpr] Boolean x21 = ...
+#   59|           -1: [TypeMention] bool
+#   59|           0: [LocalVariableAccess] access to local variable x21
+#   59|           1: [MethodCall] call to method M1
+#   59|             -1: [LocalVariableAccess] access to local variable s
+#   60|       7: [LocalVariableDeclStmt] ... ...;
+#   60|         0: [LocalVariableDeclAndInitExpr] String x22 = ...
+#   60|           -1: [TypeMention] string
+#   60|           0: [LocalVariableAccess] access to local variable x22
+#   60|           1: [MethodCall] call to method M2
+#   60|             -1: [LocalVariableAccess] access to local variable s
+#   60|             0: [StringLiteralUtf16] "!!!"
+#   61|       8: [LocalVariableDeclStmt] ... ...;
+#   61|         0: [LocalVariableDeclAndInitExpr] Int32 x23 = ...
 #   61|           -1: [TypeMention] int
-#   61|           0: [LocalVariableAccess] access to local variable x25
-#   61|           1: [MethodCall] call to method StaticObjectM1
-#   61|             -1: [TypeAccess] access to type Object
-#   61|               0: [TypeMention] object
-#   62|       11: [LocalVariableDeclStmt] ... ...;
-#   62|         0: [LocalVariableDeclAndInitExpr] Int32 x26 = ...
+#   61|           0: [LocalVariableAccess] access to local variable x23
+#   61|           1: [MethodCall] call to method StaticM1
+#   61|             -1: [TypeAccess] access to type String
+#   61|               0: [TypeMention] string
+#   62|       9: [LocalVariableDeclStmt] ... ...;
+#   62|         0: [LocalVariableDeclAndInitExpr] Int32 x24 = ...
 #   62|           -1: [TypeMention] int
-#   62|           0: [LocalVariableAccess] access to local variable x26
-#   62|           1: [MethodCall] call to method StaticObjectM2
-#   62|             -1: [TypeAccess] access to type Object
-#   62|               0: [TypeMention] object
+#   62|           0: [LocalVariableAccess] access to local variable x24
+#   62|           1: [MethodCall] call to method StaticM2
+#   62|             -1: [TypeAccess] access to type String
+#   62|               0: [TypeMention] string
 #   62|             0: [LocalVariableAccess] access to local variable s
-#   65|       12: [LocalVariableDeclStmt] ... ...;
-#   65|         0: [LocalVariableDeclAndInitExpr] String x30 = ...
-#   65|           -1: [TypeMention] string
-#   65|           0: [LocalVariableAccess] access to local variable x30
-#   65|           1: [ExtensionOperatorCall] call to operator *
-#   65|             0: [IntLiteral] 3
-#   65|             1: [LocalVariableAccess] access to local variable s
-#   68|       13: [LocalVariableDeclStmt] ... ...;
-#   68|         0: [LocalVariableDeclAndInitExpr] Boolean y = ...
-#   68|           -1: [TypeMention] bool
-#   68|           0: [LocalVariableAccess] access to local variable y
-#   68|           1: [MethodCall] call to method M3
-#   68|             -1: [LocalVariableAccess] access to local variable s
-#   71|       14: [ExprStmt] ...;
-#   71|         0: [MethodCall] call to method M1
-#   71|           -1: [TypeAccess] access to type MyExtensions
-#   71|             0: [TypeMention] MyExtensions
-#   71|           0: [LocalVariableAccess] access to local variable s
-#   72|       15: [ExprStmt] ...;
-#   72|         0: [MethodCall] call to method M2
-#   72|           -1: [TypeAccess] access to type MyExtensions
-#   72|             0: [TypeMention] MyExtensions
-#   72|           0: [LocalVariableAccess] access to local variable s
-#   72|           1: [StringLiteralUtf16] "!!!"
-#   73|       16: [ExprStmt] ...;
-#   73|         0: [MethodCall] call to method StaticM1
-#   73|           -1: [TypeAccess] access to type MyExtensions
-#   73|             0: [TypeMention] MyExtensions
-#   74|       17: [ExprStmt] ...;
-#   74|         0: [MethodCall] call to method StaticM2
-#   74|           -1: [TypeAccess] access to type MyExtensions
-#   74|             0: [TypeMention] MyExtensions
-#   74|           0: [LocalVariableAccess] access to local variable s
-#   75|       18: [ExprStmt] ...;
-#   75|         0: [MethodCall] call to method StaticObjectM1
+#   63|       10: [LocalVariableDeclStmt] ... ...;
+#   63|         0: [LocalVariableDeclAndInitExpr] Int32 x25 = ...
+#   63|           -1: [TypeMention] int
+#   63|           0: [LocalVariableAccess] access to local variable x25
+#   63|           1: [MethodCall] call to method StaticObjectM1
+#   63|             -1: [TypeAccess] access to type Object
+#   63|               0: [TypeMention] object
+#   64|       11: [LocalVariableDeclStmt] ... ...;
+#   64|         0: [LocalVariableDeclAndInitExpr] Int32 x26 = ...
+#   64|           -1: [TypeMention] int
+#   64|           0: [LocalVariableAccess] access to local variable x26
+#   64|           1: [MethodCall] call to method StaticObjectM2
+#   64|             -1: [TypeAccess] access to type Object
+#   64|               0: [TypeMention] object
+#   64|             0: [LocalVariableAccess] access to local variable s
+#   67|       12: [LocalVariableDeclStmt] ... ...;
+#   67|         0: [LocalVariableDeclAndInitExpr] String x30 = ...
+#   67|           -1: [TypeMention] string
+#   67|           0: [LocalVariableAccess] access to local variable x30
+#   67|           1: [ExtensionOperatorCall] call to operator *
+#   67|             0: [IntLiteral] 3
+#   67|             1: [LocalVariableAccess] access to local variable s
+#   68|       13: [ExprStmt] ...;
+#   68|         0: [ExtensionOperatorCall] call to operator ++
+#   68|           0: [LocalVariableAccess] access to local variable s
+#   69|       14: [ExprStmt] ...;
+#   69|         0: [ExtensionOperatorCall] call to operator --
+#   69|           0: [LocalVariableAccess] access to local variable s
+#   72|       15: [LocalVariableDeclStmt] ... ...;
+#   72|         0: [LocalVariableDeclAndInitExpr] Boolean y = ...
+#   72|           -1: [TypeMention] bool
+#   72|           0: [LocalVariableAccess] access to local variable y
+#   72|           1: [MethodCall] call to method M3
+#   72|             -1: [LocalVariableAccess] access to local variable s
+#   75|       16: [ExprStmt] ...;
+#   75|         0: [MethodCall] call to method M1
 #   75|           -1: [TypeAccess] access to type MyExtensions
 #   75|             0: [TypeMention] MyExtensions
-#   76|       19: [ExprStmt] ...;
-#   76|         0: [MethodCall] call to method StaticObjectM2
+#   75|           0: [LocalVariableAccess] access to local variable s
+#   76|       17: [ExprStmt] ...;
+#   76|         0: [MethodCall] call to method M2
 #   76|           -1: [TypeAccess] access to type MyExtensions
 #   76|             0: [TypeMention] MyExtensions
 #   76|           0: [LocalVariableAccess] access to local variable s
+#   76|           1: [StringLiteralUtf16] "!!!"
+#   77|       18: [ExprStmt] ...;
+#   77|         0: [MethodCall] call to method StaticM1
+#   77|           -1: [TypeAccess] access to type MyExtensions
+#   77|             0: [TypeMention] MyExtensions
+#   78|       19: [ExprStmt] ...;
+#   78|         0: [MethodCall] call to method StaticM2
+#   78|           -1: [TypeAccess] access to type MyExtensions
+#   78|             0: [TypeMention] MyExtensions
+#   78|           0: [LocalVariableAccess] access to local variable s
 #   79|       20: [ExprStmt] ...;
-#   79|         0: [ExtensionOperatorCall] call to operator *
+#   79|         0: [MethodCall] call to method StaticObjectM1
 #   79|           -1: [TypeAccess] access to type MyExtensions
 #   79|             0: [TypeMention] MyExtensions
-#   79|           0: [IntLiteral] 3
-#   79|           1: [LocalVariableAccess] access to local variable s
-#   82|       21: [ExprStmt] ...;
-#   82|         0: [MethodCall] call to extension accessor get_Prop1
-#   82|           -1: [TypeAccess] access to type MyExtensions
-#   82|             0: [TypeMention] MyExtensions
-#   82|           0: [LocalVariableAccess] access to local variable s
+#   80|       21: [ExprStmt] ...;
+#   80|         0: [MethodCall] call to method StaticObjectM2
+#   80|           -1: [TypeAccess] access to type MyExtensions
+#   80|             0: [TypeMention] MyExtensions
+#   80|           0: [LocalVariableAccess] access to local variable s
 #   83|       22: [ExprStmt] ...;
-#   83|         0: [MethodCall] call to extension accessor get_Prop2
+#   83|         0: [ExtensionOperatorCall] call to operator *
 #   83|           -1: [TypeAccess] access to type MyExtensions
 #   83|             0: [TypeMention] MyExtensions
-#   83|           0: [LocalVariableAccess] access to local variable s
+#   83|           0: [IntLiteral] 3
+#   83|           1: [LocalVariableAccess] access to local variable s
 #   84|       23: [ExprStmt] ...;
-#   84|         0: [MethodCall] call to extension accessor set_Prop2
+#   84|         0: [ExtensionOperatorCall] call to operator ++
 #   84|           -1: [TypeAccess] access to type MyExtensions
 #   84|             0: [TypeMention] MyExtensions
 #   84|           0: [LocalVariableAccess] access to local variable s
-#   84|           1: [BoolLiteral] false
 #   85|       24: [ExprStmt] ...;
-#   85|         0: [MethodCall] call to extension accessor get_StaticProp
+#   85|         0: [ExtensionOperatorCall] call to operator --
 #   85|           -1: [TypeAccess] access to type MyExtensions
 #   85|             0: [TypeMention] MyExtensions
-#   88|   7: [Method] CallingGenericExtensions
-#   88|     -1: [TypeMention] Void
-#   89|     4: [BlockStmt] {...}
-#   90|       0: [LocalVariableDeclStmt] ... ...;
-#   90|         0: [LocalVariableDeclAndInitExpr] String s = ...
-#   90|           -1: [TypeMention] string
+#   85|           0: [LocalVariableAccess] access to local variable s
+#   88|       25: [ExprStmt] ...;
+#   88|         0: [MethodCall] call to extension accessor get_Prop1
+#   88|           -1: [TypeAccess] access to type MyExtensions
+#   88|             0: [TypeMention] MyExtensions
+#   88|           0: [LocalVariableAccess] access to local variable s
+#   89|       26: [ExprStmt] ...;
+#   89|         0: [MethodCall] call to extension accessor get_Prop2
+#   89|           -1: [TypeAccess] access to type MyExtensions
+#   89|             0: [TypeMention] MyExtensions
+#   89|           0: [LocalVariableAccess] access to local variable s
+#   90|       27: [ExprStmt] ...;
+#   90|         0: [MethodCall] call to extension accessor set_Prop2
+#   90|           -1: [TypeAccess] access to type MyExtensions
+#   90|             0: [TypeMention] MyExtensions
 #   90|           0: [LocalVariableAccess] access to local variable s
-#   90|           1: [StringLiteralUtf16] "Hello Generic World."
-#   91|       1: [LocalVariableDeclStmt] ... ...;
-#   91|         0: [LocalVariableDeclAndInitExpr] Object o = ...
-#   91|           -1: [TypeMention] object
-#   91|           0: [LocalVariableAccess] access to local variable o
-#   91|           1: [ObjectCreation] object creation of type Object
-#   91|             0: [TypeMention] object
-#   94|       2: [ExprStmt] ...;
-#   94|         0: [MethodCall] call to method GenericM1
-#   94|           -1: [LocalVariableAccess] access to local variable o
-#   95|       3: [ExprStmt] ...;
-#   95|         0: [MethodCall] call to method GenericM1
-#   95|           -1: [LocalVariableAccess] access to local variable s
-#   98|       4: [ExprStmt] ...;
-#   98|         0: [MethodCall] call to method GenericM1
-#   98|           -1: [TypeAccess] access to type MyExtensions
-#   98|             0: [TypeMention] MyExtensions
-#   98|           0: [LocalVariableAccess] access to local variable o
-#   99|       5: [ExprStmt] ...;
-#   99|         0: [MethodCall] call to method GenericM1
-#   99|           -1: [TypeAccess] access to type MyExtensions
-#   99|             0: [TypeMention] MyExtensions
-#   99|           0: [LocalVariableAccess] access to local variable s
-#  101|       6: [ExprStmt] ...;
-#  101|         0: [MethodCall] call to method GenericM2<Int32>
-#  101|           -1: [LocalVariableAccess] access to local variable o
-#  101|           0: [IntLiteral] 42
-#  102|       7: [ExprStmt] ...;
-#  102|         0: [MethodCall] call to method GenericM2<Int32>
-#  102|           -1: [TypeAccess] access to type MyExtensions
-#  102|             0: [TypeMention] MyExtensions
-#  102|           0: [LocalVariableAccess] access to local variable o
-#  102|           1: [IntLiteral] 42
-#  104|       8: [ExprStmt] ...;
-#  104|         0: [MethodCall] call to method StringGenericM1<Int32>
-#  104|           -1: [LocalVariableAccess] access to local variable s
-#  104|           0: [IntLiteral] 7
-#  104|           1: [ObjectCreation] object creation of type Object
-#  104|             0: [TypeMention] object
-#  105|       9: [ExprStmt] ...;
-#  105|         0: [MethodCall] call to method StringGenericM1<String>
+#   90|           1: [BoolLiteral] false
+#   91|       28: [ExprStmt] ...;
+#   91|         0: [MethodCall] call to extension accessor get_StaticProp
+#   91|           -1: [TypeAccess] access to type MyExtensions
+#   91|             0: [TypeMention] MyExtensions
+#   94|   7: [Method] CallingGenericExtensions
+#   94|     -1: [TypeMention] Void
+#   95|     4: [BlockStmt] {...}
+#   96|       0: [LocalVariableDeclStmt] ... ...;
+#   96|         0: [LocalVariableDeclAndInitExpr] String s = ...
+#   96|           -1: [TypeMention] string
+#   96|           0: [LocalVariableAccess] access to local variable s
+#   96|           1: [StringLiteralUtf16] "Hello Generic World."
+#   97|       1: [LocalVariableDeclStmt] ... ...;
+#   97|         0: [LocalVariableDeclAndInitExpr] Object o = ...
+#   97|           -1: [TypeMention] object
+#   97|           0: [LocalVariableAccess] access to local variable o
+#   97|           1: [ObjectCreation] object creation of type Object
+#   97|             0: [TypeMention] object
+#  100|       2: [ExprStmt] ...;
+#  100|         0: [MethodCall] call to method GenericM1
+#  100|           -1: [LocalVariableAccess] access to local variable o
+#  101|       3: [ExprStmt] ...;
+#  101|         0: [MethodCall] call to method GenericM1
+#  101|           -1: [LocalVariableAccess] access to local variable s
+#  104|       4: [ExprStmt] ...;
+#  104|         0: [MethodCall] call to method GenericM1
+#  104|           -1: [TypeAccess] access to type MyExtensions
+#  104|             0: [TypeMention] MyExtensions
+#  104|           0: [LocalVariableAccess] access to local variable o
+#  105|       5: [ExprStmt] ...;
+#  105|         0: [MethodCall] call to method GenericM1
 #  105|           -1: [TypeAccess] access to type MyExtensions
 #  105|             0: [TypeMention] MyExtensions
 #  105|           0: [LocalVariableAccess] access to local variable s
-#  105|           1: [StringLiteralUtf16] "test"
-#  105|           2: [ObjectCreation] object creation of type Object
-#  105|             0: [TypeMention] object
+#  107|       6: [ExprStmt] ...;
+#  107|         0: [MethodCall] call to method GenericM2<Int32>
+#  107|           -1: [LocalVariableAccess] access to local variable o
+#  107|           0: [IntLiteral] 42
+#  108|       7: [ExprStmt] ...;
+#  108|         0: [MethodCall] call to method GenericM2<Int32>
+#  108|           -1: [TypeAccess] access to type MyExtensions
+#  108|             0: [TypeMention] MyExtensions
+#  108|           0: [LocalVariableAccess] access to local variable o
+#  108|           1: [IntLiteral] 42
+#  110|       8: [ExprStmt] ...;
+#  110|         0: [MethodCall] call to method StringGenericM1<Int32>
+#  110|           -1: [LocalVariableAccess] access to local variable s
+#  110|           0: [IntLiteral] 7
+#  110|           1: [ObjectCreation] object creation of type Object
+#  110|             0: [TypeMention] object
+#  111|       9: [ExprStmt] ...;
+#  111|         0: [MethodCall] call to method StringGenericM1<String>
+#  111|           -1: [TypeAccess] access to type MyExtensions
+#  111|             0: [TypeMention] MyExtensions
+#  111|           0: [LocalVariableAccess] access to local variable s
+#  111|           1: [StringLiteralUtf16] "test"
+#  111|           2: [ObjectCreation] object creation of type Object
+#  111|             0: [TypeMention] object

csharp/ql/test/library-tests/extension/extensionTypes.expected

@@ -5,10 +5,10 @@ extensionTypeReceiverParameter
 | extensionTypes.cs:18:5:21:5 | extension(Int32) | extensionTypes.cs:18:23:18:24 | i3 |
 | extensionTypes.cs:22:5:25:5 | extension(String) | extensionTypes.cs:22:23:22:23 | s |
 | extensionTypes.cs:26:5:29:5 | extension(T1)`1 | extensionTypes.cs:26:42:26:43 | t1 |
-| extensions.cs:6:5:17:5 | extension(String) | extensions.cs:6:22:6:22 | s |
-| extensions.cs:26:5:35:5 | extension(Object)<Object> | extensions.cs:26:20:26:20 | t |
-| extensions.cs:26:5:35:5 | extension(String)<String> | extensions.cs:26:20:26:20 | t |
-| extensions.cs:26:5:35:5 | extension(T)`1 | extensions.cs:26:20:26:20 | t |
+| extensions.cs:6:5:19:5 | extension(String) | extensions.cs:6:22:6:22 | s |
+| extensions.cs:28:5:37:5 | extension(Object)<Object> | extensions.cs:28:20:28:20 | t |
+| extensions.cs:28:5:37:5 | extension(String)<String> | extensions.cs:28:20:28:20 | t |
+| extensions.cs:28:5:37:5 | extension(T)`1 | extensions.cs:28:20:28:20 | t |
 extensionTypeExtendedType
 | extensionTypes.cs:6:5:9:5 | extension(String) | string |
 | extensionTypes.cs:10:5:13:5 | extension(Int32) | int |
@@ -16,11 +16,11 @@ extensionTypeExtendedType
 | extensionTypes.cs:18:5:21:5 | extension(Int32) | int |
 | extensionTypes.cs:22:5:25:5 | extension(String) | string |
 | extensionTypes.cs:26:5:29:5 | extension(T1)`1 | T1 |
-| extensions.cs:6:5:17:5 | extension(String) | string |
-| extensions.cs:19:5:24:5 | extension(Object) | object |
-| extensions.cs:26:5:35:5 | extension(Object)<Object> | object |
-| extensions.cs:26:5:35:5 | extension(String)<String> | string |
-| extensions.cs:26:5:35:5 | extension(T)`1 | T |
+| extensions.cs:6:5:19:5 | extension(String) | string |
+| extensions.cs:21:5:26:5 | extension(Object) | object |
+| extensions.cs:28:5:37:5 | extension(Object)<Object> | object |
+| extensions.cs:28:5:37:5 | extension(String)<String> | string |
+| extensions.cs:28:5:37:5 | extension(T)`1 | T |
 extensionTypeReceiverParameterAttribute
 | extensionTypes.cs:6:5:9:5 | extension(String) | extensionTypes.cs:6:32:6:32 | s | extensionTypes.cs:6:16:6:22 | [NotNull(...)] |
 | extensionTypes.cs:26:5:29:5 | extension(T1)`1 | extensionTypes.cs:26:42:26:43 | t1 | extensionTypes.cs:26:20:26:30 | [NotNullWhen(...)] |
@@ -30,7 +30,7 @@ extensionTypeReceiverParameterModifier
 | extensionTypes.cs:18:5:21:5 | extension(Int32) | extensionTypes.cs:18:23:18:24 | i3 | ref |
 extensionTypeParameterConstraints
 | extensionTypes.cs:26:5:29:5 | extension(T1)`1 | extensionTypes.cs:26:15:26:16 | T1 | file://:0:0:0:0 | where T1: ... |
-| extensions.cs:26:5:35:5 | extension(T)`1 | extensions.cs:26:15:26:15 | T | file://:0:0:0:0 | where T: ... |
+| extensions.cs:28:5:37:5 | extension(T)`1 | extensions.cs:28:15:28:15 | T | file://:0:0:0:0 | where T: ... |
 syntheticParameterModifier
 | extensionTypes.cs:10:5:13:5 | extension(Int32) | extensionTypes.cs:12:21:12:23 | M21 | extensionTypes.cs:10:32:10:33 | i1 | ref readonly |
 | extensionTypes.cs:14:5:17:5 | extension(Int32) | extensionTypes.cs:16:21:16:23 | M31 | extensionTypes.cs:14:22:14:23 | i2 | in |

csharp/ql/test/library-tests/extension/extensions.cs

@@ -14,6 +14,8 @@ public static class MyExtensions
         public static int StaticM2(string x) { return x.Length; }
         public static string operator *(int a, string b) { return ""; }
         public T StringGenericM1<T>(T t, object o) { return t; }
+        public void operator ++() { }
+        public static string operator --(string o) { return o; }
     }
 
     extension(object)
@@ -61,8 +63,10 @@ public class C
         var x25 = object.StaticObjectM1();
         var x26 = object.StaticObjectM2(s);
 
-        // Calling the extension operator.
+        // Calling the extension operators.
         var x30 = 3 * s;
+        s++;
+        s--;
 
         // Calling the classic extension method.
         var y = s.M3();
@@ -77,6 +81,8 @@ public class C
 
         // Calling the compiler generated operator method.
         MyExtensions.op_Multiply(3, s);
+        MyExtensions.op_IncrementAssignment(s);
+        MyExtensions.op_Decrement(s);
 
         // Calling the compiler generated methods used by the extension property accessors.
         MyExtensions.get_Prop1(s);

csharp/ql/test/library-tests/extension/extensions.expected

@@ -1,51 +1,51 @@
 extensionMethodCallArgument
-| extensions.cs:57:19:57:24 | call to method M1 | extensions.cs:11:21:11:22 | M1 | extensions.cs:6:22:6:22 | s | 0 | extensions.cs:57:19:57:19 | access to local variable s |
-| extensions.cs:58:19:58:29 | call to method M2 | extensions.cs:12:23:12:24 | M2 | extensions.cs:6:22:6:22 | s | 0 | extensions.cs:58:19:58:19 | access to local variable s |
-| extensions.cs:58:19:58:29 | call to method M2 | extensions.cs:12:23:12:24 | M2 | extensions.cs:12:33:12:37 | other | 1 | extensions.cs:58:24:58:28 | "!!!" |
-| extensions.cs:60:19:60:36 | call to method StaticM2 | extensions.cs:14:27:14:34 | StaticM2 | extensions.cs:14:43:14:43 | x | 0 | extensions.cs:60:35:60:35 | access to local variable s |
-| extensions.cs:62:19:62:42 | call to method StaticObjectM2 | extensions.cs:22:27:22:40 | StaticObjectM2 | extensions.cs:22:49:22:49 | s | 0 | extensions.cs:62:41:62:41 | access to local variable s |
-| extensions.cs:68:17:68:22 | call to method M3 | extensions.cs:40:24:40:25 | M3 | extensions.cs:40:39:40:39 | s | 0 | extensions.cs:68:17:68:17 | access to local variable s |
-| extensions.cs:71:9:71:26 | call to method M1 | extensions.cs:11:21:11:22 | M1 | extensions.cs:6:22:6:22 | s | 0 | extensions.cs:71:25:71:25 | access to local variable s |
-| extensions.cs:72:9:72:33 | call to method M2 | extensions.cs:12:23:12:24 | M2 | extensions.cs:6:22:6:22 | s | 0 | extensions.cs:72:25:72:25 | access to local variable s |
-| extensions.cs:72:9:72:33 | call to method M2 | extensions.cs:12:23:12:24 | M2 | extensions.cs:12:33:12:37 | other | 1 | extensions.cs:72:28:72:32 | "!!!" |
-| extensions.cs:74:9:74:32 | call to method StaticM2 | extensions.cs:14:27:14:34 | StaticM2 | extensions.cs:14:43:14:43 | x | 0 | extensions.cs:74:31:74:31 | access to local variable s |
-| extensions.cs:76:9:76:38 | call to method StaticObjectM2 | extensions.cs:22:27:22:40 | StaticObjectM2 | extensions.cs:22:49:22:49 | s | 0 | extensions.cs:76:37:76:37 | access to local variable s |
-| extensions.cs:94:9:94:21 | call to method GenericM1 | extensions.cs:30:21:30:29 | GenericM1 | extensions.cs:26:20:26:20 | t | 0 | extensions.cs:94:9:94:9 | access to local variable o |
-| extensions.cs:95:9:95:21 | call to method GenericM1 | extensions.cs:30:21:30:29 | GenericM1 | extensions.cs:26:20:26:20 | t | 0 | extensions.cs:95:9:95:9 | access to local variable s |
-| extensions.cs:98:9:98:33 | call to method GenericM1 | extensions.cs:30:21:30:29 | GenericM1 | extensions.cs:26:20:26:20 | t | 0 | extensions.cs:98:32:98:32 | access to local variable o |
-| extensions.cs:99:9:99:33 | call to method GenericM1 | extensions.cs:30:21:30:29 | GenericM1 | extensions.cs:26:20:26:20 | t | 0 | extensions.cs:99:32:99:32 | access to local variable s |
-| extensions.cs:101:9:101:23 | call to method GenericM2<Int32> | extensions.cs:31:21:31:32 | GenericM2<Int32> | extensions.cs:26:20:26:20 | t | 0 | extensions.cs:101:9:101:9 | access to local variable o |
-| extensions.cs:101:9:101:23 | call to method GenericM2<Int32> | extensions.cs:31:21:31:32 | GenericM2<Int32> | extensions.cs:31:36:31:40 | other | 1 | extensions.cs:101:21:101:22 | 42 |
-| extensions.cs:102:9:102:37 | call to method GenericM2<Int32> | extensions.cs:31:21:31:32 | GenericM2<Int32> | extensions.cs:26:20:26:20 | t | 0 | extensions.cs:102:32:102:32 | access to local variable o |
-| extensions.cs:102:9:102:37 | call to method GenericM2<Int32> | extensions.cs:31:21:31:32 | GenericM2<Int32> | extensions.cs:31:36:31:40 | other | 1 | extensions.cs:102:35:102:36 | 42 |
-| extensions.cs:104:9:104:47 | call to method StringGenericM1<Int32> | extensions.cs:16:18:16:35 | StringGenericM1<Int32> | extensions.cs:6:22:6:22 | s | 0 | extensions.cs:104:9:104:9 | access to local variable s |
-| extensions.cs:104:9:104:47 | call to method StringGenericM1<Int32> | extensions.cs:16:18:16:35 | StringGenericM1<Int32> | extensions.cs:16:39:16:39 | t | 1 | extensions.cs:104:32:104:32 | 7 |
-| extensions.cs:104:9:104:47 | call to method StringGenericM1<Int32> | extensions.cs:16:18:16:35 | StringGenericM1<Int32> | extensions.cs:16:49:16:49 | o | 2 | extensions.cs:104:35:104:46 | object creation of type Object |
-| extensions.cs:105:9:105:69 | call to method StringGenericM1<String> | extensions.cs:16:18:16:35 | StringGenericM1<String> | extensions.cs:6:22:6:22 | s | 0 | extensions.cs:105:46:105:46 | access to local variable s |
-| extensions.cs:105:9:105:69 | call to method StringGenericM1<String> | extensions.cs:16:18:16:35 | StringGenericM1<String> | extensions.cs:16:39:16:39 | t | 1 | extensions.cs:105:49:105:54 | "test" |
-| extensions.cs:105:9:105:69 | call to method StringGenericM1<String> | extensions.cs:16:18:16:35 | StringGenericM1<String> | extensions.cs:16:49:16:49 | o | 2 | extensions.cs:105:57:105:68 | object creation of type Object |
+| extensions.cs:59:19:59:24 | call to method M1 | extensions.cs:11:21:11:22 | M1 | extensions.cs:6:22:6:22 | s | 0 | extensions.cs:59:19:59:19 | access to local variable s |
+| extensions.cs:60:19:60:29 | call to method M2 | extensions.cs:12:23:12:24 | M2 | extensions.cs:6:22:6:22 | s | 0 | extensions.cs:60:19:60:19 | access to local variable s |
+| extensions.cs:60:19:60:29 | call to method M2 | extensions.cs:12:23:12:24 | M2 | extensions.cs:12:33:12:37 | other | 1 | extensions.cs:60:24:60:28 | "!!!" |
+| extensions.cs:62:19:62:36 | call to method StaticM2 | extensions.cs:14:27:14:34 | StaticM2 | extensions.cs:14:43:14:43 | x | 0 | extensions.cs:62:35:62:35 | access to local variable s |
+| extensions.cs:64:19:64:42 | call to method StaticObjectM2 | extensions.cs:24:27:24:40 | StaticObjectM2 | extensions.cs:24:49:24:49 | s | 0 | extensions.cs:64:41:64:41 | access to local variable s |
+| extensions.cs:72:17:72:22 | call to method M3 | extensions.cs:42:24:42:25 | M3 | extensions.cs:42:39:42:39 | s | 0 | extensions.cs:72:17:72:17 | access to local variable s |
+| extensions.cs:75:9:75:26 | call to method M1 | extensions.cs:11:21:11:22 | M1 | extensions.cs:6:22:6:22 | s | 0 | extensions.cs:75:25:75:25 | access to local variable s |
+| extensions.cs:76:9:76:33 | call to method M2 | extensions.cs:12:23:12:24 | M2 | extensions.cs:6:22:6:22 | s | 0 | extensions.cs:76:25:76:25 | access to local variable s |
+| extensions.cs:76:9:76:33 | call to method M2 | extensions.cs:12:23:12:24 | M2 | extensions.cs:12:33:12:37 | other | 1 | extensions.cs:76:28:76:32 | "!!!" |
+| extensions.cs:78:9:78:32 | call to method StaticM2 | extensions.cs:14:27:14:34 | StaticM2 | extensions.cs:14:43:14:43 | x | 0 | extensions.cs:78:31:78:31 | access to local variable s |
+| extensions.cs:80:9:80:38 | call to method StaticObjectM2 | extensions.cs:24:27:24:40 | StaticObjectM2 | extensions.cs:24:49:24:49 | s | 0 | extensions.cs:80:37:80:37 | access to local variable s |
+| extensions.cs:100:9:100:21 | call to method GenericM1 | extensions.cs:32:21:32:29 | GenericM1 | extensions.cs:28:20:28:20 | t | 0 | extensions.cs:100:9:100:9 | access to local variable o |
+| extensions.cs:101:9:101:21 | call to method GenericM1 | extensions.cs:32:21:32:29 | GenericM1 | extensions.cs:28:20:28:20 | t | 0 | extensions.cs:101:9:101:9 | access to local variable s |
+| extensions.cs:104:9:104:33 | call to method GenericM1 | extensions.cs:32:21:32:29 | GenericM1 | extensions.cs:28:20:28:20 | t | 0 | extensions.cs:104:32:104:32 | access to local variable o |
+| extensions.cs:105:9:105:33 | call to method GenericM1 | extensions.cs:32:21:32:29 | GenericM1 | extensions.cs:28:20:28:20 | t | 0 | extensions.cs:105:32:105:32 | access to local variable s |
+| extensions.cs:107:9:107:23 | call to method GenericM2<Int32> | extensions.cs:33:21:33:32 | GenericM2<Int32> | extensions.cs:28:20:28:20 | t | 0 | extensions.cs:107:9:107:9 | access to local variable o |
+| extensions.cs:107:9:107:23 | call to method GenericM2<Int32> | extensions.cs:33:21:33:32 | GenericM2<Int32> | extensions.cs:33:36:33:40 | other | 1 | extensions.cs:107:21:107:22 | 42 |
+| extensions.cs:108:9:108:37 | call to method GenericM2<Int32> | extensions.cs:33:21:33:32 | GenericM2<Int32> | extensions.cs:28:20:28:20 | t | 0 | extensions.cs:108:32:108:32 | access to local variable o |
+| extensions.cs:108:9:108:37 | call to method GenericM2<Int32> | extensions.cs:33:21:33:32 | GenericM2<Int32> | extensions.cs:33:36:33:40 | other | 1 | extensions.cs:108:35:108:36 | 42 |
+| extensions.cs:110:9:110:47 | call to method StringGenericM1<Int32> | extensions.cs:16:18:16:35 | StringGenericM1<Int32> | extensions.cs:6:22:6:22 | s | 0 | extensions.cs:110:9:110:9 | access to local variable s |
+| extensions.cs:110:9:110:47 | call to method StringGenericM1<Int32> | extensions.cs:16:18:16:35 | StringGenericM1<Int32> | extensions.cs:16:39:16:39 | t | 1 | extensions.cs:110:32:110:32 | 7 |
+| extensions.cs:110:9:110:47 | call to method StringGenericM1<Int32> | extensions.cs:16:18:16:35 | StringGenericM1<Int32> | extensions.cs:16:49:16:49 | o | 2 | extensions.cs:110:35:110:46 | object creation of type Object |
+| extensions.cs:111:9:111:69 | call to method StringGenericM1<String> | extensions.cs:16:18:16:35 | StringGenericM1<String> | extensions.cs:6:22:6:22 | s | 0 | extensions.cs:111:46:111:46 | access to local variable s |
+| extensions.cs:111:9:111:69 | call to method StringGenericM1<String> | extensions.cs:16:18:16:35 | StringGenericM1<String> | extensions.cs:16:39:16:39 | t | 1 | extensions.cs:111:49:111:54 | "test" |
+| extensions.cs:111:9:111:69 | call to method StringGenericM1<String> | extensions.cs:16:18:16:35 | StringGenericM1<String> | extensions.cs:16:49:16:49 | o | 2 | extensions.cs:111:57:111:68 | object creation of type Object |
 extensionMethodCalls
-| extensions.cs:57:19:57:24 | call to method M1 | extensions.cs:11:21:11:22 | M1 | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).M1 |
-| extensions.cs:58:19:58:29 | call to method M2 | extensions.cs:12:23:12:24 | M2 | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).M2 |
-| extensions.cs:59:19:59:35 | call to method StaticM1 | extensions.cs:13:27:13:34 | StaticM1 | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).StaticM1 |
-| extensions.cs:60:19:60:36 | call to method StaticM2 | extensions.cs:14:27:14:34 | StaticM2 | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).StaticM2 |
-| extensions.cs:61:19:61:41 | call to method StaticObjectM1 | extensions.cs:21:27:21:40 | StaticObjectM1 | extensions.cs:19:5:24:5 | extension(Object) | MyExtensions+extension(System.Object).StaticObjectM1 |
-| extensions.cs:62:19:62:42 | call to method StaticObjectM2 | extensions.cs:22:27:22:40 | StaticObjectM2 | extensions.cs:19:5:24:5 | extension(Object) | MyExtensions+extension(System.Object).StaticObjectM2 |
-| extensions.cs:68:17:68:22 | call to method M3 | extensions.cs:40:24:40:25 | M3 | extensions.cs:38:21:38:37 | ClassicExtensions | ClassicExtensions.M3 |
-| extensions.cs:71:9:71:26 | call to method M1 | extensions.cs:11:21:11:22 | M1 | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).M1 |
-| extensions.cs:72:9:72:33 | call to method M2 | extensions.cs:12:23:12:24 | M2 | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).M2 |
-| extensions.cs:73:9:73:31 | call to method StaticM1 | extensions.cs:13:27:13:34 | StaticM1 | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).StaticM1 |
-| extensions.cs:74:9:74:32 | call to method StaticM2 | extensions.cs:14:27:14:34 | StaticM2 | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).StaticM2 |
-| extensions.cs:75:9:75:37 | call to method StaticObjectM1 | extensions.cs:21:27:21:40 | StaticObjectM1 | extensions.cs:19:5:24:5 | extension(Object) | MyExtensions+extension(System.Object).StaticObjectM1 |
-| extensions.cs:76:9:76:38 | call to method StaticObjectM2 | extensions.cs:22:27:22:40 | StaticObjectM2 | extensions.cs:19:5:24:5 | extension(Object) | MyExtensions+extension(System.Object).StaticObjectM2 |
-| extensions.cs:94:9:94:21 | call to method GenericM1 | extensions.cs:30:21:30:29 | GenericM1 | extensions.cs:26:5:35:5 | extension(Object)<Object> | MyExtensions+extension(System.Object)<System.Object>.GenericM1 |
-| extensions.cs:95:9:95:21 | call to method GenericM1 | extensions.cs:30:21:30:29 | GenericM1 | extensions.cs:26:5:35:5 | extension(String)<String> | MyExtensions+extension(System.String)<System.String>.GenericM1 |
-| extensions.cs:98:9:98:33 | call to method GenericM1 | extensions.cs:30:21:30:29 | GenericM1 | extensions.cs:26:5:35:5 | extension(Object)<Object> | MyExtensions+extension(System.Object)<System.Object>.GenericM1 |
-| extensions.cs:99:9:99:33 | call to method GenericM1 | extensions.cs:30:21:30:29 | GenericM1 | extensions.cs:26:5:35:5 | extension(String)<String> | MyExtensions+extension(System.String)<System.String>.GenericM1 |
-| extensions.cs:101:9:101:23 | call to method GenericM2<Int32> | extensions.cs:31:21:31:32 | GenericM2<Int32> | extensions.cs:26:5:35:5 | extension(Object)<Object> | MyExtensions+extension(System.Object)<System.Object>.GenericM2<Int32> |
-| extensions.cs:102:9:102:37 | call to method GenericM2<Int32> | extensions.cs:31:21:31:32 | GenericM2<Int32> | extensions.cs:26:5:35:5 | extension(Object)<Object> | MyExtensions+extension(System.Object)<System.Object>.GenericM2<Int32> |
-| extensions.cs:104:9:104:47 | call to method StringGenericM1<Int32> | extensions.cs:16:18:16:35 | StringGenericM1<Int32> | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).StringGenericM1<Int32> |
-| extensions.cs:105:9:105:69 | call to method StringGenericM1<String> | extensions.cs:16:18:16:35 | StringGenericM1<String> | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).StringGenericM1<String> |
+| extensions.cs:59:19:59:24 | call to method M1 | extensions.cs:11:21:11:22 | M1 | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).M1 |
+| extensions.cs:60:19:60:29 | call to method M2 | extensions.cs:12:23:12:24 | M2 | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).M2 |
+| extensions.cs:61:19:61:35 | call to method StaticM1 | extensions.cs:13:27:13:34 | StaticM1 | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).StaticM1 |
+| extensions.cs:62:19:62:36 | call to method StaticM2 | extensions.cs:14:27:14:34 | StaticM2 | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).StaticM2 |
+| extensions.cs:63:19:63:41 | call to method StaticObjectM1 | extensions.cs:23:27:23:40 | StaticObjectM1 | extensions.cs:21:5:26:5 | extension(Object) | MyExtensions+extension(System.Object).StaticObjectM1 |
+| extensions.cs:64:19:64:42 | call to method StaticObjectM2 | extensions.cs:24:27:24:40 | StaticObjectM2 | extensions.cs:21:5:26:5 | extension(Object) | MyExtensions+extension(System.Object).StaticObjectM2 |
+| extensions.cs:72:17:72:22 | call to method M3 | extensions.cs:42:24:42:25 | M3 | extensions.cs:40:21:40:37 | ClassicExtensions | ClassicExtensions.M3 |
+| extensions.cs:75:9:75:26 | call to method M1 | extensions.cs:11:21:11:22 | M1 | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).M1 |
+| extensions.cs:76:9:76:33 | call to method M2 | extensions.cs:12:23:12:24 | M2 | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).M2 |
+| extensions.cs:77:9:77:31 | call to method StaticM1 | extensions.cs:13:27:13:34 | StaticM1 | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).StaticM1 |
+| extensions.cs:78:9:78:32 | call to method StaticM2 | extensions.cs:14:27:14:34 | StaticM2 | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).StaticM2 |
+| extensions.cs:79:9:79:37 | call to method StaticObjectM1 | extensions.cs:23:27:23:40 | StaticObjectM1 | extensions.cs:21:5:26:5 | extension(Object) | MyExtensions+extension(System.Object).StaticObjectM1 |
+| extensions.cs:80:9:80:38 | call to method StaticObjectM2 | extensions.cs:24:27:24:40 | StaticObjectM2 | extensions.cs:21:5:26:5 | extension(Object) | MyExtensions+extension(System.Object).StaticObjectM2 |
+| extensions.cs:100:9:100:21 | call to method GenericM1 | extensions.cs:32:21:32:29 | GenericM1 | extensions.cs:28:5:37:5 | extension(Object)<Object> | MyExtensions+extension(System.Object)<System.Object>.GenericM1 |
+| extensions.cs:101:9:101:21 | call to method GenericM1 | extensions.cs:32:21:32:29 | GenericM1 | extensions.cs:28:5:37:5 | extension(String)<String> | MyExtensions+extension(System.String)<System.String>.GenericM1 |
+| extensions.cs:104:9:104:33 | call to method GenericM1 | extensions.cs:32:21:32:29 | GenericM1 | extensions.cs:28:5:37:5 | extension(Object)<Object> | MyExtensions+extension(System.Object)<System.Object>.GenericM1 |
+| extensions.cs:105:9:105:33 | call to method GenericM1 | extensions.cs:32:21:32:29 | GenericM1 | extensions.cs:28:5:37:5 | extension(String)<String> | MyExtensions+extension(System.String)<System.String>.GenericM1 |
+| extensions.cs:107:9:107:23 | call to method GenericM2<Int32> | extensions.cs:33:21:33:32 | GenericM2<Int32> | extensions.cs:28:5:37:5 | extension(Object)<Object> | MyExtensions+extension(System.Object)<System.Object>.GenericM2<Int32> |
+| extensions.cs:108:9:108:37 | call to method GenericM2<Int32> | extensions.cs:33:21:33:32 | GenericM2<Int32> | extensions.cs:28:5:37:5 | extension(Object)<Object> | MyExtensions+extension(System.Object)<System.Object>.GenericM2<Int32> |
+| extensions.cs:110:9:110:47 | call to method StringGenericM1<Int32> | extensions.cs:16:18:16:35 | StringGenericM1<Int32> | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).StringGenericM1<Int32> |
+| extensions.cs:111:9:111:69 | call to method StringGenericM1<String> | extensions.cs:16:18:16:35 | StringGenericM1<String> | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).StringGenericM1<String> |
 extensionParameter
 | extensions.cs:11:21:11:22 | M1 | extensions.cs:6:22:6:22 | s | 0 | string | extensions.cs:6:22:6:22 | s |
 | extensions.cs:12:23:12:24 | M2 | extensions.cs:6:22:6:22 | s | 0 | string | extensions.cs:6:22:6:22 | s |
@@ -60,52 +60,60 @@ extensionParameter
 | extensions.cs:16:18:16:35 | StringGenericM1`1 | extensions.cs:6:22:6:22 | s | 0 | string | extensions.cs:6:22:6:22 | s |
 | extensions.cs:16:18:16:35 | StringGenericM1`1 | extensions.cs:16:39:16:39 | t | 1 | T | extensions.cs:16:39:16:39 | t |
 | extensions.cs:16:18:16:35 | StringGenericM1`1 | extensions.cs:16:49:16:49 | o | 2 | object | extensions.cs:16:49:16:49 | o |
-| extensions.cs:22:27:22:40 | StaticObjectM2 | extensions.cs:22:49:22:49 | s | 0 | string | extensions.cs:22:49:22:49 | s |
-| extensions.cs:30:21:30:29 | GenericM1 | extensions.cs:26:20:26:20 | t | 0 | T | extensions.cs:26:20:26:20 | t |
-| extensions.cs:30:21:30:29 | GenericM1 | extensions.cs:26:20:26:20 | t | 0 | object | extensions.cs:26:20:26:20 | t |
-| extensions.cs:30:21:30:29 | GenericM1 | extensions.cs:26:20:26:20 | t | 0 | string | extensions.cs:26:20:26:20 | t |
-| extensions.cs:31:21:31:32 | GenericM2<Int32> | extensions.cs:26:20:26:20 | t | 0 | object | extensions.cs:26:20:26:20 | t |
-| extensions.cs:31:21:31:32 | GenericM2<Int32> | extensions.cs:31:36:31:40 | other | 1 | int | extensions.cs:31:36:31:40 | other |
-| extensions.cs:31:21:31:32 | GenericM2`1 | extensions.cs:26:20:26:20 | t | 0 | T | extensions.cs:26:20:26:20 | t |
-| extensions.cs:31:21:31:32 | GenericM2`1 | extensions.cs:26:20:26:20 | t | 0 | object | extensions.cs:26:20:26:20 | t |
-| extensions.cs:31:21:31:32 | GenericM2`1 | extensions.cs:26:20:26:20 | t | 0 | string | extensions.cs:26:20:26:20 | t |
-| extensions.cs:31:21:31:32 | GenericM2`1 | extensions.cs:31:36:31:40 | other | 1 | S | extensions.cs:31:36:31:40 | other |
-| extensions.cs:31:21:31:32 | GenericM2`1 | extensions.cs:31:36:31:40 | other | 1 | S | extensions.cs:31:36:31:40 | other |
-| extensions.cs:31:21:31:32 | GenericM2`1 | extensions.cs:31:36:31:40 | other | 1 | S | extensions.cs:31:36:31:40 | other |
-| extensions.cs:32:21:32:35 | GenericStaticM1 | extensions.cs:26:20:26:20 | t | 0 | T | extensions.cs:26:20:26:20 | t |
-| extensions.cs:32:21:32:35 | GenericStaticM1 | extensions.cs:26:20:26:20 | t | 0 | object | extensions.cs:26:20:26:20 | t |
-| extensions.cs:32:21:32:35 | GenericStaticM1 | extensions.cs:26:20:26:20 | t | 0 | string | extensions.cs:26:20:26:20 | t |
-| extensions.cs:33:28:33:45 | GenericStaticM2`1 | extensions.cs:33:49:33:53 | other | 0 | S | extensions.cs:33:49:33:53 | other |
-| extensions.cs:33:28:33:45 | GenericStaticM2`1 | extensions.cs:33:49:33:53 | other | 0 | S | extensions.cs:33:49:33:53 | other |
-| extensions.cs:33:28:33:45 | GenericStaticM2`1 | extensions.cs:33:49:33:53 | other | 0 | S | extensions.cs:33:49:33:53 | other |
-| extensions.cs:40:24:40:25 | M3 | extensions.cs:40:39:40:39 | s | 0 | string | extensions.cs:40:39:40:39 | s |
+| extensions.cs:24:27:24:40 | StaticObjectM2 | extensions.cs:24:49:24:49 | s | 0 | string | extensions.cs:24:49:24:49 | s |
+| extensions.cs:32:21:32:29 | GenericM1 | extensions.cs:28:20:28:20 | t | 0 | T | extensions.cs:28:20:28:20 | t |
+| extensions.cs:32:21:32:29 | GenericM1 | extensions.cs:28:20:28:20 | t | 0 | object | extensions.cs:28:20:28:20 | t |
+| extensions.cs:32:21:32:29 | GenericM1 | extensions.cs:28:20:28:20 | t | 0 | string | extensions.cs:28:20:28:20 | t |
+| extensions.cs:33:21:33:32 | GenericM2<Int32> | extensions.cs:28:20:28:20 | t | 0 | object | extensions.cs:28:20:28:20 | t |
+| extensions.cs:33:21:33:32 | GenericM2<Int32> | extensions.cs:33:36:33:40 | other | 1 | int | extensions.cs:33:36:33:40 | other |
+| extensions.cs:33:21:33:32 | GenericM2`1 | extensions.cs:28:20:28:20 | t | 0 | T | extensions.cs:28:20:28:20 | t |
+| extensions.cs:33:21:33:32 | GenericM2`1 | extensions.cs:28:20:28:20 | t | 0 | object | extensions.cs:28:20:28:20 | t |
+| extensions.cs:33:21:33:32 | GenericM2`1 | extensions.cs:28:20:28:20 | t | 0 | string | extensions.cs:28:20:28:20 | t |
+| extensions.cs:33:21:33:32 | GenericM2`1 | extensions.cs:33:36:33:40 | other | 1 | S | extensions.cs:33:36:33:40 | other |
+| extensions.cs:33:21:33:32 | GenericM2`1 | extensions.cs:33:36:33:40 | other | 1 | S | extensions.cs:33:36:33:40 | other |
+| extensions.cs:33:21:33:32 | GenericM2`1 | extensions.cs:33:36:33:40 | other | 1 | S | extensions.cs:33:36:33:40 | other |
+| extensions.cs:34:21:34:35 | GenericStaticM1 | extensions.cs:28:20:28:20 | t | 0 | T | extensions.cs:28:20:28:20 | t |
+| extensions.cs:34:21:34:35 | GenericStaticM1 | extensions.cs:28:20:28:20 | t | 0 | object | extensions.cs:28:20:28:20 | t |
+| extensions.cs:34:21:34:35 | GenericStaticM1 | extensions.cs:28:20:28:20 | t | 0 | string | extensions.cs:28:20:28:20 | t |
+| extensions.cs:35:28:35:45 | GenericStaticM2`1 | extensions.cs:35:49:35:53 | other | 0 | S | extensions.cs:35:49:35:53 | other |
+| extensions.cs:35:28:35:45 | GenericStaticM2`1 | extensions.cs:35:49:35:53 | other | 0 | S | extensions.cs:35:49:35:53 | other |
+| extensions.cs:35:28:35:45 | GenericStaticM2`1 | extensions.cs:35:49:35:53 | other | 0 | S | extensions.cs:35:49:35:53 | other |
+| extensions.cs:42:24:42:25 | M3 | extensions.cs:42:39:42:39 | s | 0 | string | extensions.cs:42:39:42:39 | s |
 extensionOperatorCallArgument
-| extensions.cs:15:39:15:39 | * | extensions.cs:65:19:65:23 | call to operator * | extensions.cs:15:45:15:45 | a | 0 | extensions.cs:65:19:65:19 | 3 |
-| extensions.cs:15:39:15:39 | * | extensions.cs:65:19:65:23 | call to operator * | extensions.cs:15:55:15:55 | b | 1 | extensions.cs:65:23:65:23 | access to local variable s |
-| extensions.cs:15:39:15:39 | * | extensions.cs:79:9:79:38 | call to operator * | extensions.cs:15:45:15:45 | a | 0 | extensions.cs:79:34:79:34 | 3 |
-| extensions.cs:15:39:15:39 | * | extensions.cs:79:9:79:38 | call to operator * | extensions.cs:15:55:15:55 | b | 1 | extensions.cs:79:37:79:37 | access to local variable s |
+| extensions.cs:15:39:15:39 | * | extensions.cs:67:19:67:23 | call to operator * | extensions.cs:15:45:15:45 | a | 0 | extensions.cs:67:19:67:19 | 3 |
+| extensions.cs:15:39:15:39 | * | extensions.cs:67:19:67:23 | call to operator * | extensions.cs:15:55:15:55 | b | 1 | extensions.cs:67:23:67:23 | access to local variable s |
+| extensions.cs:15:39:15:39 | * | extensions.cs:83:9:83:38 | call to operator * | extensions.cs:15:45:15:45 | a | 0 | extensions.cs:83:34:83:34 | 3 |
+| extensions.cs:15:39:15:39 | * | extensions.cs:83:9:83:38 | call to operator * | extensions.cs:15:55:15:55 | b | 1 | extensions.cs:83:37:83:37 | access to local variable s |
+| extensions.cs:17:30:17:31 | ++ | extensions.cs:68:9:68:11 | call to operator ++ | extensions.cs:6:22:6:22 | s | 0 | extensions.cs:68:9:68:9 | access to local variable s |
+| extensions.cs:17:30:17:31 | ++ | extensions.cs:84:9:84:46 | call to operator ++ | extensions.cs:6:22:6:22 | s | 0 | extensions.cs:84:45:84:45 | access to local variable s |
+| extensions.cs:18:39:18:40 | -- | extensions.cs:69:9:69:11 | call to operator -- | extensions.cs:18:49:18:49 | o | 0 | extensions.cs:69:9:69:9 | access to local variable s |
+| extensions.cs:18:39:18:40 | -- | extensions.cs:85:9:85:36 | call to operator -- | extensions.cs:18:49:18:49 | o | 0 | extensions.cs:85:35:85:35 | access to local variable s |
 extensionOperatorCalls
-| extensions.cs:65:19:65:23 | call to operator * | extensions.cs:15:39:15:39 | * | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).op_Multiply |
-| extensions.cs:79:9:79:38 | call to operator * | extensions.cs:15:39:15:39 | * | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).op_Multiply |
+| extensions.cs:67:19:67:23 | call to operator * | extensions.cs:15:39:15:39 | * | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).op_Multiply |
+| extensions.cs:68:9:68:11 | call to operator ++ | extensions.cs:17:30:17:31 | ++ | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).op_IncrementAssignment |
+| extensions.cs:69:9:69:11 | call to operator -- | extensions.cs:18:39:18:40 | -- | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).op_Decrement |
+| extensions.cs:83:9:83:38 | call to operator * | extensions.cs:15:39:15:39 | * | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).op_Multiply |
+| extensions.cs:84:9:84:46 | call to operator ++ | extensions.cs:17:30:17:31 | ++ | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).op_IncrementAssignment |
+| extensions.cs:85:9:85:36 | call to operator -- | extensions.cs:18:39:18:40 | -- | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).op_Decrement |
 extensionProperty
-| extensions.cs:8:21:8:25 | Prop1 | extensions.cs:6:5:17:5 | extension(String) |
-| extensions.cs:9:21:9:25 | Prop2 | extensions.cs:6:5:17:5 | extension(String) |
-| extensions.cs:10:28:10:38 | StaticProp1 | extensions.cs:6:5:17:5 | extension(String) |
-| extensions.cs:23:28:23:37 | StaticProp | extensions.cs:19:5:24:5 | extension(Object) |
-| extensions.cs:28:21:28:32 | GenericProp1 | extensions.cs:26:5:35:5 | extension(Object)<Object> |
-| extensions.cs:28:21:28:32 | GenericProp1 | extensions.cs:26:5:35:5 | extension(String)<String> |
-| extensions.cs:28:21:28:32 | GenericProp1 | extensions.cs:26:5:35:5 | extension(T)`1 |
-| extensions.cs:29:21:29:32 | GenericProp2 | extensions.cs:26:5:35:5 | extension(Object)<Object> |
-| extensions.cs:29:21:29:32 | GenericProp2 | extensions.cs:26:5:35:5 | extension(String)<String> |
-| extensions.cs:29:21:29:32 | GenericProp2 | extensions.cs:26:5:35:5 | extension(T)`1 |
+| extensions.cs:8:21:8:25 | Prop1 | extensions.cs:6:5:19:5 | extension(String) |
+| extensions.cs:9:21:9:25 | Prop2 | extensions.cs:6:5:19:5 | extension(String) |
+| extensions.cs:10:28:10:38 | StaticProp1 | extensions.cs:6:5:19:5 | extension(String) |
+| extensions.cs:25:28:25:37 | StaticProp | extensions.cs:21:5:26:5 | extension(Object) |
+| extensions.cs:30:21:30:32 | GenericProp1 | extensions.cs:28:5:37:5 | extension(Object)<Object> |
+| extensions.cs:30:21:30:32 | GenericProp1 | extensions.cs:28:5:37:5 | extension(String)<String> |
+| extensions.cs:30:21:30:32 | GenericProp1 | extensions.cs:28:5:37:5 | extension(T)`1 |
+| extensions.cs:31:21:31:32 | GenericProp2 | extensions.cs:28:5:37:5 | extension(Object)<Object> |
+| extensions.cs:31:21:31:32 | GenericProp2 | extensions.cs:28:5:37:5 | extension(String)<String> |
+| extensions.cs:31:21:31:32 | GenericProp2 | extensions.cs:28:5:37:5 | extension(T)`1 |
 extensionPropertyCall
-| extensions.cs:50:19:50:25 | access to property Prop1 | extensions.cs:8:21:8:25 | Prop1 | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).Prop1 |
-| extensions.cs:51:19:51:25 | access to property Prop2 | extensions.cs:9:21:9:25 | Prop2 | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).Prop2 |
-| extensions.cs:52:9:52:15 | access to property Prop2 | extensions.cs:9:21:9:25 | Prop2 | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).Prop2 |
-| extensions.cs:53:19:53:36 | access to property StaticProp1 | extensions.cs:10:28:10:38 | StaticProp1 | extensions.cs:6:5:17:5 | extension(String) | MyExtensions+extension(System.String).StaticProp1 |
-| extensions.cs:54:19:54:35 | access to property StaticProp | extensions.cs:23:28:23:37 | StaticProp | extensions.cs:19:5:24:5 | extension(Object) | MyExtensions+extension(System.Object).StaticProp |
+| extensions.cs:52:19:52:25 | access to property Prop1 | extensions.cs:8:21:8:25 | Prop1 | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).Prop1 |
+| extensions.cs:53:19:53:25 | access to property Prop2 | extensions.cs:9:21:9:25 | Prop2 | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).Prop2 |
+| extensions.cs:54:9:54:15 | access to property Prop2 | extensions.cs:9:21:9:25 | Prop2 | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).Prop2 |
+| extensions.cs:55:19:55:36 | access to property StaticProp1 | extensions.cs:10:28:10:38 | StaticProp1 | extensions.cs:6:5:19:5 | extension(String) | MyExtensions+extension(System.String).StaticProp1 |
+| extensions.cs:56:19:56:35 | access to property StaticProp | extensions.cs:25:28:25:37 | StaticProp | extensions.cs:21:5:26:5 | extension(Object) | MyExtensions+extension(System.Object).StaticProp |
 extensionAccessorCall
-| extensions.cs:82:9:82:33 | call to extension accessor get_Prop1 | extensions.cs:8:30:8:41 | get_Prop1 | extensions.cs:8:21:8:25 | Prop1 | MyExtensions+extension(System.String).get_Prop1 |
-| extensions.cs:83:9:83:33 | call to extension accessor get_Prop2 | extensions.cs:9:29:9:31 | get_Prop2 | extensions.cs:9:21:9:25 | Prop2 | MyExtensions+extension(System.String).get_Prop2 |
-| extensions.cs:84:9:84:40 | call to extension accessor set_Prop2 | extensions.cs:9:50:9:52 | set_Prop2 | extensions.cs:9:21:9:25 | Prop2 | MyExtensions+extension(System.String).set_Prop2 |
-| extensions.cs:85:9:85:37 | call to extension accessor get_StaticProp | extensions.cs:23:42:23:45 | get_StaticProp | extensions.cs:23:28:23:37 | StaticProp | MyExtensions+extension(System.Object).get_StaticProp |
+| extensions.cs:88:9:88:33 | call to extension accessor get_Prop1 | extensions.cs:8:30:8:41 | get_Prop1 | extensions.cs:8:21:8:25 | Prop1 | MyExtensions+extension(System.String).get_Prop1 |
+| extensions.cs:89:9:89:33 | call to extension accessor get_Prop2 | extensions.cs:9:29:9:31 | get_Prop2 | extensions.cs:9:21:9:25 | Prop2 | MyExtensions+extension(System.String).get_Prop2 |
+| extensions.cs:90:9:90:40 | call to extension accessor set_Prop2 | extensions.cs:9:50:9:52 | set_Prop2 | extensions.cs:9:21:9:25 | Prop2 | MyExtensions+extension(System.String).set_Prop2 |
+| extensions.cs:91:9:91:37 | call to extension accessor get_StaticProp | extensions.cs:25:42:25:45 | get_StaticProp | extensions.cs:25:28:25:37 | StaticProp | MyExtensions+extension(System.Object).get_StaticProp |

csharp/ql/test/library-tests/operators/Operators3.expected

@@ -1 +1 @@
-| operators.cs:96:32:96:39 | implicit conversion |
+| operators.cs:118:36:118:43 | implicit conversion |

csharp/ql/test/library-tests/operators/Operators4.expected

@@ -1 +1 @@
-| operators.cs:101:32:101:39 | explicit conversion |
+| operators.cs:123:36:123:43 | explicit conversion |

csharp/ql/test/library-tests/operators/Operators5.expected

@@ -1,15 +1,15 @@
-| operators.cs:23:30:23:31 | += | operators.cs:61:13:61:22 | ... += ... |
-| operators.cs:31:38:31:39 | checked += | operators.cs:77:17:77:26 | ... += ... |
-| operators.cs:33:38:33:39 | checked -= | operators.cs:78:17:78:26 | ... -= ... |
-| operators.cs:34:30:34:31 | -= | operators.cs:64:13:64:22 | ... -= ... |
-| operators.cs:36:38:36:39 | checked *= | operators.cs:79:17:79:26 | ... *= ... |
-| operators.cs:37:30:37:31 | *= | operators.cs:65:13:65:22 | ... *= ... |
-| operators.cs:39:38:39:39 | checked /= | operators.cs:80:17:80:26 | ... /= ... |
-| operators.cs:40:30:40:31 | /= | operators.cs:66:13:66:22 | ... /= ... |
-| operators.cs:42:30:42:31 | %= | operators.cs:67:13:67:22 | ... %= ... |
-| operators.cs:43:30:43:31 | &= | operators.cs:68:13:68:22 | ... &= ... |
-| operators.cs:44:30:44:31 | \|= | operators.cs:69:13:69:22 | ... \|= ... |
-| operators.cs:45:30:45:31 | ^= | operators.cs:70:13:70:22 | ... ^= ... |
-| operators.cs:46:30:46:32 | <<= | operators.cs:71:13:71:23 | ... <<= ... |
-| operators.cs:47:30:47:32 | >>= | operators.cs:72:13:72:23 | ... >>= ... |
-| operators.cs:48:30:48:33 | >>>= | operators.cs:73:13:73:24 | ... >>>= ... |
+| operators.cs:23:30:23:31 | += | operators.cs:70:13:70:22 | ... += ... |
+| operators.cs:31:38:31:39 | checked += | operators.cs:86:17:86:26 | ... += ... |
+| operators.cs:33:38:33:39 | checked -= | operators.cs:87:17:87:26 | ... -= ... |
+| operators.cs:34:30:34:31 | -= | operators.cs:73:13:73:22 | ... -= ... |
+| operators.cs:36:38:36:39 | checked *= | operators.cs:88:17:88:26 | ... *= ... |
+| operators.cs:37:30:37:31 | *= | operators.cs:74:13:74:22 | ... *= ... |
+| operators.cs:39:38:39:39 | checked /= | operators.cs:89:17:89:26 | ... /= ... |
+| operators.cs:40:30:40:31 | /= | operators.cs:75:13:75:22 | ... /= ... |
+| operators.cs:42:30:42:31 | %= | operators.cs:76:13:76:22 | ... %= ... |
+| operators.cs:43:30:43:31 | &= | operators.cs:77:13:77:22 | ... &= ... |
+| operators.cs:44:30:44:31 | \|= | operators.cs:78:13:78:22 | ... \|= ... |
+| operators.cs:45:30:45:31 | ^= | operators.cs:79:13:79:22 | ... ^= ... |
+| operators.cs:46:30:46:32 | <<= | operators.cs:80:13:80:23 | ... <<= ... |
+| operators.cs:47:30:47:32 | >>= | operators.cs:81:13:81:23 | ... >>= ... |
+| operators.cs:48:30:48:33 | >>>= | operators.cs:82:13:82:24 | ... >>>= ... |

csharp/ql/test/library-tests/operators/Operators6.expected

@@ -0,0 +1,10 @@
+| operators.cs:15:42:15:43 | ++ | operators.cs:66:19:66:23 | call to operator ++ |
+| operators.cs:15:42:15:43 | ++ | operators.cs:67:19:67:23 | call to operator ++ |
+| operators.cs:54:38:54:39 | checked ++ | operators.cs:100:17:100:19 | call to operator checked ++ |
+| operators.cs:54:38:54:39 | checked ++ | operators.cs:101:17:101:19 | call to operator checked ++ |
+| operators.cs:55:30:55:31 | ++ | operators.cs:93:13:93:15 | call to operator ++ |
+| operators.cs:55:30:55:31 | ++ | operators.cs:94:13:94:15 | call to operator ++ |
+| operators.cs:56:38:56:39 | checked -- | operators.cs:102:17:102:19 | call to operator checked -- |
+| operators.cs:56:38:56:39 | checked -- | operators.cs:103:17:103:19 | call to operator checked -- |
+| operators.cs:57:30:57:31 | -- | operators.cs:95:13:95:15 | call to operator -- |
+| operators.cs:57:30:57:31 | -- | operators.cs:96:13:96:15 | call to operator -- |

csharp/ql/test/library-tests/operators/Operators6.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Test for operators
+ */
+
+import csharp
+
+from Operator op, OperatorCall call
+where
+  op.fromSource() and
+  (
+    op instanceof IncrementOperator or
+    op instanceof CheckedIncrementOperator or
+    op instanceof DecrementOperator or
+    op instanceof CheckedDecrementOperator
+  ) and
+  call.getTarget() = op
+select op, call

csharp/ql/test/library-tests/operators/PrintAst.expected

@@ -181,159 +181,204 @@ operators.cs:
 #   48|         0: [Parameter] n
 #   48|           -1: [TypeMention] IntVector
 #   48|       4: [BlockStmt] {...}
-#   51|   2: [Class] TestOperator
-#   53|     6: [Method] Main
-#   53|       -1: [TypeMention] Void
+#   51|   2: [Class] C
+#   54|     6: [CheckedIncrementOperator] checked ++
+#   54|       -1: [TypeMention] Void
 #   54|       4: [BlockStmt] {...}
-#   55|         0: [LocalVariableDeclStmt] ... ...;
-#   55|           0: [LocalVariableDeclAndInitExpr] IntVector iv1 = ...
-#   55|             -1: [TypeMention] IntVector
-#   55|             0: [LocalVariableAccess] access to local variable iv1
-#   55|             1: [ObjectCreation] object creation of type IntVector
-#   55|               -1: [TypeMention] IntVector
-#   55|               0: [IntLiteral] 4
-#   56|         1: [LocalVariableDeclStmt] ... ...;
-#   56|           0: [LocalVariableDeclExpr] IntVector iv2
-#   56|             0: [TypeMention] IntVector
-#   57|         2: [ExprStmt] ...;
-#   57|           0: [AssignExpr] ... = ...
-#   57|             0: [LocalVariableAccess] access to local variable iv2
-#   57|             1: [OperatorCall] call to operator ++
-#   57|               0: [LocalVariableAccess] access to local variable iv1
-#   58|         3: [ExprStmt] ...;
-#   58|           0: [AssignExpr] ... = ...
-#   58|             0: [LocalVariableAccess] access to local variable iv2
-#   58|             1: [OperatorCall] call to operator ++
-#   58|               0: [LocalVariableAccess] access to local variable iv1
-#   60|         4: [LocalVariableDeclStmt] ... ...;
-#   60|           0: [LocalVariableDeclAndInitExpr] IntVector iv3 = ...
-#   60|             -1: [TypeMention] IntVector
-#   60|             0: [LocalVariableAccess] access to local variable iv3
-#   60|             1: [ObjectCreation] object creation of type IntVector
-#   60|               -1: [TypeMention] IntVector
-#   60|               0: [IntLiteral] 4
-#   61|         5: [ExprStmt] ...;
-#   61|           0: [AssignAddExpr] ... += ...
-#   61|             0: [LocalVariableAccess] access to local variable iv3
-#   61|             1: [LocalVariableAccess] access to local variable iv2
-#   64|         6: [ExprStmt] ...;
-#   64|           0: [AssignSubExpr] ... -= ...
-#   64|             0: [LocalVariableAccess] access to local variable iv3
-#   64|             1: [LocalVariableAccess] access to local variable iv2
-#   65|         7: [ExprStmt] ...;
-#   65|           0: [AssignMulExpr] ... *= ...
-#   65|             0: [LocalVariableAccess] access to local variable iv3
-#   65|             1: [LocalVariableAccess] access to local variable iv2
-#   66|         8: [ExprStmt] ...;
-#   66|           0: [AssignDivExpr] ... /= ...
-#   66|             0: [LocalVariableAccess] access to local variable iv3
-#   66|             1: [LocalVariableAccess] access to local variable iv2
-#   67|         9: [ExprStmt] ...;
-#   67|           0: [AssignRemExpr] ... %= ...
-#   67|             0: [LocalVariableAccess] access to local variable iv3
-#   67|             1: [LocalVariableAccess] access to local variable iv2
-#   68|         10: [ExprStmt] ...;
-#   68|           0: [AssignAndExpr] ... &= ...
-#   68|             0: [LocalVariableAccess] access to local variable iv3
-#   68|             1: [LocalVariableAccess] access to local variable iv2
-#   69|         11: [ExprStmt] ...;
-#   69|           0: [AssignOrExpr] ... |= ...
+#   55|     7: [IncrementOperator] ++
+#   55|       -1: [TypeMention] Void
+#   55|       4: [BlockStmt] {...}
+#   56|     8: [CheckedDecrementOperator] checked --
+#   56|       -1: [TypeMention] Void
+#   56|       4: [BlockStmt] {...}
+#   57|     9: [DecrementOperator] --
+#   57|       -1: [TypeMention] Void
+#   57|       4: [BlockStmt] {...}
+#   60|   3: [Class] TestOperator
+#   62|     6: [Method] Main
+#   62|       -1: [TypeMention] Void
+#   63|       4: [BlockStmt] {...}
+#   64|         0: [LocalVariableDeclStmt] ... ...;
+#   64|           0: [LocalVariableDeclAndInitExpr] IntVector iv1 = ...
+#   64|             -1: [TypeMention] IntVector
+#   64|             0: [LocalVariableAccess] access to local variable iv1
+#   64|             1: [ObjectCreation] object creation of type IntVector
+#   64|               -1: [TypeMention] IntVector
+#   64|               0: [IntLiteral] 4
+#   65|         1: [LocalVariableDeclStmt] ... ...;
+#   65|           0: [LocalVariableDeclExpr] IntVector iv2
+#   65|             0: [TypeMention] IntVector
+#   66|         2: [ExprStmt] ...;
+#   66|           0: [AssignExpr] ... = ...
+#   66|             0: [LocalVariableAccess] access to local variable iv2
+#   66|             1: [OperatorCall] call to operator ++
+#   66|               0: [LocalVariableAccess] access to local variable iv1
+#   67|         3: [ExprStmt] ...;
+#   67|           0: [AssignExpr] ... = ...
+#   67|             0: [LocalVariableAccess] access to local variable iv2
+#   67|             1: [OperatorCall] call to operator ++
+#   67|               0: [LocalVariableAccess] access to local variable iv1
+#   69|         4: [LocalVariableDeclStmt] ... ...;
+#   69|           0: [LocalVariableDeclAndInitExpr] IntVector iv3 = ...
+#   69|             -1: [TypeMention] IntVector
 #   69|             0: [LocalVariableAccess] access to local variable iv3
-#   69|             1: [LocalVariableAccess] access to local variable iv2
-#   70|         12: [ExprStmt] ...;
-#   70|           0: [AssignXorExpr] ... ^= ...
+#   69|             1: [ObjectCreation] object creation of type IntVector
+#   69|               -1: [TypeMention] IntVector
+#   69|               0: [IntLiteral] 4
+#   70|         5: [ExprStmt] ...;
+#   70|           0: [AssignAddExpr] ... += ...
 #   70|             0: [LocalVariableAccess] access to local variable iv3
 #   70|             1: [LocalVariableAccess] access to local variable iv2
-#   71|         13: [ExprStmt] ...;
-#   71|           0: [AssignLeftShiftExpr] ... <<= ...
-#   71|             0: [LocalVariableAccess] access to local variable iv3
-#   71|             1: [LocalVariableAccess] access to local variable iv2
-#   72|         14: [ExprStmt] ...;
-#   72|           0: [AssignRightShiftExpr] ... >>= ...
-#   72|             0: [LocalVariableAccess] access to local variable iv3
-#   72|             1: [LocalVariableAccess] access to local variable iv2
-#   73|         15: [ExprStmt] ...;
-#   73|           0: [AssignUnsignedRightShiftExpr] ... >>>= ...
+#   73|         6: [ExprStmt] ...;
+#   73|           0: [AssignSubExpr] ... -= ...
 #   73|             0: [LocalVariableAccess] access to local variable iv3
 #   73|             1: [LocalVariableAccess] access to local variable iv2
-#   75|         16: [CheckedStmt] checked {...}
-#   76|           0: [BlockStmt] {...}
-#   77|             0: [ExprStmt] ...;
-#   77|               0: [AssignAddExpr] ... += ...
-#   77|                 0: [LocalVariableAccess] access to local variable iv3
-#   77|                 1: [LocalVariableAccess] access to local variable iv2
-#   78|             1: [ExprStmt] ...;
-#   78|               0: [AssignSubExpr] ... -= ...
-#   78|                 0: [LocalVariableAccess] access to local variable iv3
-#   78|                 1: [LocalVariableAccess] access to local variable iv2
-#   79|             2: [ExprStmt] ...;
-#   79|               0: [AssignMulExpr] ... *= ...
-#   79|                 0: [LocalVariableAccess] access to local variable iv3
-#   79|                 1: [LocalVariableAccess] access to local variable iv2
-#   80|             3: [ExprStmt] ...;
-#   80|               0: [AssignDivExpr] ... /= ...
-#   80|                 0: [LocalVariableAccess] access to local variable iv3
-#   80|                 1: [LocalVariableAccess] access to local variable iv2
-#   85|   3: [Struct] Digit
-#   87|     6: [Field] value
-#   87|       -1: [TypeMention] byte
-#   89|     7: [InstanceConstructor] Digit
-#-----|       2: (Parameters)
-#   89|         0: [Parameter] value
-#   89|           -1: [TypeMention] byte
-#   90|       4: [BlockStmt] {...}
-#   91|         0: [IfStmt] if (...) ...
-#   91|           0: [LogicalOrExpr] ... || ...
-#   91|             0: [LTExpr] ... < ...
-#   91|               0: [CastExpr] (...) ...
-#   91|                 1: [ParameterAccess] access to parameter value
-#   91|               1: [IntLiteral] 0
-#   91|             1: [GTExpr] ... > ...
-#   91|               0: [CastExpr] (...) ...
-#   91|                 1: [ParameterAccess] access to parameter value
-#   91|               1: [IntLiteral] 9
-#   92|           1: [ThrowStmt] throw ...;
-#   92|             0: [ObjectCreation] object creation of type ArgumentException
-#   92|               0: [TypeMention] ArgumentException
-#   93|         1: [ExprStmt] ...;
-#   93|           0: [AssignExpr] ... = ...
-#   93|             0: [FieldAccess] access to field value
-#   93|               -1: [ThisAccess] this access
-#   93|             1: [ParameterAccess] access to parameter value
-#   96|     8: [ImplicitConversionOperator] implicit conversion
-#   96|       -1: [TypeMention] byte
-#-----|       2: (Parameters)
-#   96|         0: [Parameter] d
-#   96|           -1: [TypeMention] Digit
-#   97|       4: [BlockStmt] {...}
-#   98|         0: [ReturnStmt] return ...;
-#   98|           0: [FieldAccess] access to field value
-#   98|             -1: [ParameterAccess] access to parameter d
-#  101|     9: [ExplicitConversionOperator] explicit conversion
-#  101|       -1: [TypeMention] Digit
-#-----|       2: (Parameters)
-#  101|         0: [Parameter] b
-#  101|           -1: [TypeMention] byte
-#  102|       4: [BlockStmt] {...}
-#  103|         0: [ReturnStmt] return ...;
-#  103|           0: [ObjectCreation] object creation of type Digit
-#  103|             -1: [TypeMention] Digit
-#  103|             0: [ParameterAccess] access to parameter b
-#  108|   4: [Class] TestConversionOperator
-#  111|     6: [Method] Main
-#  111|       -1: [TypeMention] Void
-#  112|       4: [BlockStmt] {...}
-#  113|         0: [LocalVariableDeclStmt] ... ...;
-#  113|           0: [LocalVariableDeclAndInitExpr] Digit d = ...
-#  113|             -1: [TypeMention] Digit
-#  113|             0: [LocalVariableAccess] access to local variable d
-#  113|             1: [OperatorCall] call to operator explicit conversion
-#  113|               -1: [TypeMention] Digit
-#  113|               0: [CastExpr] (...) ...
-#  113|                 1: [IntLiteral] 8
-#  114|         1: [LocalVariableDeclStmt] ... ...;
-#  114|           0: [LocalVariableDeclAndInitExpr] Byte b = ...
-#  114|             -1: [TypeMention] byte
-#  114|             0: [LocalVariableAccess] access to local variable b
-#  114|             1: [OperatorCall] call to operator implicit conversion
-#  114|               0: [LocalVariableAccess] access to local variable d
+#   74|         7: [ExprStmt] ...;
+#   74|           0: [AssignMulExpr] ... *= ...
+#   74|             0: [LocalVariableAccess] access to local variable iv3
+#   74|             1: [LocalVariableAccess] access to local variable iv2
+#   75|         8: [ExprStmt] ...;
+#   75|           0: [AssignDivExpr] ... /= ...
+#   75|             0: [LocalVariableAccess] access to local variable iv3
+#   75|             1: [LocalVariableAccess] access to local variable iv2
+#   76|         9: [ExprStmt] ...;
+#   76|           0: [AssignRemExpr] ... %= ...
+#   76|             0: [LocalVariableAccess] access to local variable iv3
+#   76|             1: [LocalVariableAccess] access to local variable iv2
+#   77|         10: [ExprStmt] ...;
+#   77|           0: [AssignAndExpr] ... &= ...
+#   77|             0: [LocalVariableAccess] access to local variable iv3
+#   77|             1: [LocalVariableAccess] access to local variable iv2
+#   78|         11: [ExprStmt] ...;
+#   78|           0: [AssignOrExpr] ... |= ...
+#   78|             0: [LocalVariableAccess] access to local variable iv3
+#   78|             1: [LocalVariableAccess] access to local variable iv2
+#   79|         12: [ExprStmt] ...;
+#   79|           0: [AssignXorExpr] ... ^= ...
+#   79|             0: [LocalVariableAccess] access to local variable iv3
+#   79|             1: [LocalVariableAccess] access to local variable iv2
+#   80|         13: [ExprStmt] ...;
+#   80|           0: [AssignLeftShiftExpr] ... <<= ...
+#   80|             0: [LocalVariableAccess] access to local variable iv3
+#   80|             1: [LocalVariableAccess] access to local variable iv2
+#   81|         14: [ExprStmt] ...;
+#   81|           0: [AssignRightShiftExpr] ... >>= ...
+#   81|             0: [LocalVariableAccess] access to local variable iv3
+#   81|             1: [LocalVariableAccess] access to local variable iv2
+#   82|         15: [ExprStmt] ...;
+#   82|           0: [AssignUnsignedRightShiftExpr] ... >>>= ...
+#   82|             0: [LocalVariableAccess] access to local variable iv3
+#   82|             1: [LocalVariableAccess] access to local variable iv2
+#   84|         16: [CheckedStmt] checked {...}
+#   85|           0: [BlockStmt] {...}
+#   86|             0: [ExprStmt] ...;
+#   86|               0: [AssignAddExpr] ... += ...
+#   86|                 0: [LocalVariableAccess] access to local variable iv3
+#   86|                 1: [LocalVariableAccess] access to local variable iv2
+#   87|             1: [ExprStmt] ...;
+#   87|               0: [AssignSubExpr] ... -= ...
+#   87|                 0: [LocalVariableAccess] access to local variable iv3
+#   87|                 1: [LocalVariableAccess] access to local variable iv2
+#   88|             2: [ExprStmt] ...;
+#   88|               0: [AssignMulExpr] ... *= ...
+#   88|                 0: [LocalVariableAccess] access to local variable iv3
+#   88|                 1: [LocalVariableAccess] access to local variable iv2
+#   89|             3: [ExprStmt] ...;
+#   89|               0: [AssignDivExpr] ... /= ...
+#   89|                 0: [LocalVariableAccess] access to local variable iv3
+#   89|                 1: [LocalVariableAccess] access to local variable iv2
+#   92|         17: [LocalVariableDeclStmt] ... ...;
+#   92|           0: [LocalVariableDeclAndInitExpr] C c = ...
+#   92|             -1: [TypeMention] C
+#   92|             0: [LocalVariableAccess] access to local variable c
+#   92|             1: [ObjectCreation] object creation of type C
+#   92|               0: [TypeMention] C
+#   93|         18: [ExprStmt] ...;
+#   93|           0: [OperatorCall] call to operator ++
+#   93|             0: [LocalVariableAccess] access to local variable c
+#   94|         19: [ExprStmt] ...;
+#   94|           0: [OperatorCall] call to operator ++
+#   94|             0: [LocalVariableAccess] access to local variable c
+#   95|         20: [ExprStmt] ...;
+#   95|           0: [OperatorCall] call to operator --
+#   95|             0: [LocalVariableAccess] access to local variable c
+#   96|         21: [ExprStmt] ...;
+#   96|           0: [OperatorCall] call to operator --
+#   96|             0: [LocalVariableAccess] access to local variable c
+#   98|         22: [CheckedStmt] checked {...}
+#   99|           0: [BlockStmt] {...}
+#  100|             0: [ExprStmt] ...;
+#  100|               0: [OperatorCall] call to operator checked ++
+#  100|                 0: [LocalVariableAccess] access to local variable c
+#  101|             1: [ExprStmt] ...;
+#  101|               0: [OperatorCall] call to operator checked ++
+#  101|                 0: [LocalVariableAccess] access to local variable c
+#  102|             2: [ExprStmt] ...;
+#  102|               0: [OperatorCall] call to operator checked --
+#  102|                 0: [LocalVariableAccess] access to local variable c
+#  103|             3: [ExprStmt] ...;
+#  103|               0: [OperatorCall] call to operator checked --
+#  103|                 0: [LocalVariableAccess] access to local variable c
+#  107|     7: [Struct] Digit
+#  109|       6: [Field] value
+#  109|         -1: [TypeMention] byte
+#  111|       7: [InstanceConstructor] Digit
+#-----|         2: (Parameters)
+#  111|           0: [Parameter] value
+#  111|             -1: [TypeMention] byte
+#  112|         4: [BlockStmt] {...}
+#  113|           0: [IfStmt] if (...) ...
+#  113|             0: [LogicalOrExpr] ... || ...
+#  113|               0: [LTExpr] ... < ...
+#  113|                 0: [CastExpr] (...) ...
+#  113|                   1: [ParameterAccess] access to parameter value
+#  113|                 1: [IntLiteral] 0
+#  113|               1: [GTExpr] ... > ...
+#  113|                 0: [CastExpr] (...) ...
+#  113|                   1: [ParameterAccess] access to parameter value
+#  113|                 1: [IntLiteral] 9
+#  114|             1: [ThrowStmt] throw ...;
+#  114|               0: [ObjectCreation] object creation of type ArgumentException
+#  114|                 0: [TypeMention] ArgumentException
+#  115|           1: [ExprStmt] ...;
+#  115|             0: [AssignExpr] ... = ...
+#  115|               0: [FieldAccess] access to field value
+#  115|                 -1: [ThisAccess] this access
+#  115|               1: [ParameterAccess] access to parameter value
+#  118|       8: [ImplicitConversionOperator] implicit conversion
+#  118|         -1: [TypeMention] byte
+#-----|         2: (Parameters)
+#  118|           0: [Parameter] d
+#  118|             -1: [TypeMention] Digit
+#  119|         4: [BlockStmt] {...}
+#  120|           0: [ReturnStmt] return ...;
+#  120|             0: [FieldAccess] access to field value
+#  120|               -1: [ParameterAccess] access to parameter d
+#  123|       9: [ExplicitConversionOperator] explicit conversion
+#  123|         -1: [TypeMention] Digit
+#-----|         2: (Parameters)
+#  123|           0: [Parameter] b
+#  123|             -1: [TypeMention] byte
+#  124|         4: [BlockStmt] {...}
+#  125|           0: [ReturnStmt] return ...;
+#  125|             0: [ObjectCreation] object creation of type Digit
+#  125|               -1: [TypeMention] Digit
+#  125|               0: [ParameterAccess] access to parameter b
+#  130|     8: [Class] TestConversionOperator
+#  133|       6: [Method] Main
+#  133|         -1: [TypeMention] Void
+#  134|         4: [BlockStmt] {...}
+#  135|           0: [LocalVariableDeclStmt] ... ...;
+#  135|             0: [LocalVariableDeclAndInitExpr] Digit d = ...
+#  135|               -1: [TypeMention] Digit
+#  135|               0: [LocalVariableAccess] access to local variable d
+#  135|               1: [OperatorCall] call to operator explicit conversion
+#  135|                 -1: [TypeMention] Digit
+#  135|                 0: [CastExpr] (...) ...
+#  135|                   1: [IntLiteral] 8
+#  136|           1: [LocalVariableDeclStmt] ... ...;
+#  136|             0: [LocalVariableDeclAndInitExpr] Byte b = ...
+#  136|               -1: [TypeMention] byte
+#  136|               0: [LocalVariableAccess] access to local variable b
+#  136|               1: [OperatorCall] call to operator implicit conversion
+#  136|                 0: [LocalVariableAccess] access to local variable d

csharp/ql/test/library-tests/operators/operators.cs

@@ -48,6 +48,15 @@ namespace Operators
         public void operator >>>=(IntVector n) { }
     }
 
+    public class C
+    {
+        // Unary instance operators.
+        public void operator checked ++() { }
+        public void operator ++() { }
+        public void operator checked --() { }
+        public void operator --() { }
+    }
+
     class TestOperator
     {
         void Main()
@@ -79,41 +88,55 @@ namespace Operators
                 iv3 *= iv2;
                 iv3 /= iv2;
             }
-        }
-    }
 
-    public struct Digit
-    {
-        byte value;
+            var c = new C();
+            c++;
+            ++c;
+            c--;
+            --c;
 
-        public Digit(byte value)
-        {
-            if (value < 0 || value > 9)
-                throw new ArgumentException();
-            this.value = value;
+            checked
+            {
+                c++;
+                ++c;
+                c--;
+                --c;
+            }
         }
 
-        public static implicit operator byte(Digit d)
+        public struct Digit
         {
-            return d.value;
+            byte value;
+
+            public Digit(byte value)
+            {
+                if (value < 0 || value > 9)
+                    throw new ArgumentException();
+                this.value = value;
+            }
+
+            public static implicit operator byte(Digit d)
+            {
+                return d.value;
+            }
+
+            public static explicit operator Digit(byte b)
+            {
+                return new Digit(b);
+            }
+
         }
 
-        public static explicit operator Digit(byte b)
+        class TestConversionOperator
         {
-            return new Digit(b);
+
+            void Main()
+            {
+                Digit d = (Digit)8;
+                byte b = d;
+            }
+
         }
 
     }
-
-    class TestConversionOperator
-    {
-
-        void Main()
-        {
-            Digit d = (Digit)8;
-            byte b = d;
-        }
-
-    }
-
 }

java/documentation/library-coverage/coverage.csv

@@ -1,296 +1,297 @@
-package,sink,source,summary,sink:bean-validation,sink:command-injection,sink:credentials-key,sink:credentials-password,sink:credentials-username,sink:encryption-iv,sink:encryption-salt,sink:environment-injection,sink:file-content-store,sink:fragment-injection,sink:groovy-injection,sink:hostname-verification,sink:html-injection,sink:information-leak,sink:intent-redirection,sink:jexl-injection,sink:jndi-injection,sink:js-injection,sink:ldap-injection,sink:log-injection,sink:mvel-injection,sink:notification,sink:ognl-injection,sink:path-injection,sink:path-injection[read],sink:pending-intents,sink:regex-use,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:request-forgery,sink:response-splitting,sink:sql-injection,sink:template-injection,sink:trust-boundary-violation,sink:unsafe-deserialization,sink:url-forward,sink:url-redirection,sink:xpath-injection,sink:xslt-injection,source:android-external-storage-dir,source:contentprovider,source:database,source:environment,source:file,source:remote,summary:taint,summary:value
-actions.osgi,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
-android.app,77,,103,,,,,,,,,,11,,,,,7,,,,,,,42,,,,17,,,,,,,,,,,,,,,,,,,,,,,,18,85
-android.content,24,31,154,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,8,,,,,,,,4,27,,,,,63,91
-android.database,59,,41,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,,,,,,,41,
-android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15
-android.os,1,2,122,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,2,,,,,,41,81
-android.support.v4.app,11,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-android.util,6,16,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,16,,
-android.webkit,3,2,,,,,,,,,,,,,,2,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,
-android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,1,
-androidx.core.app,47,,95,,,,,,,,,,,,,,,,,,,,,,41,,,,6,,,,,,,,,,,,,,,,,,,,,,,,12,83
-androidx.fragment.app,11,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-androidx.slice,2,5,88,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,5,,,,,27,61
-antlr,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-ch.ethz.ssh2,2,,,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.alibaba.com.caucho.hessian.io,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
-com.alibaba.druid.sql,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,1,
-com.alibaba.fastjson2,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.amazonaws.auth,2,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.auth0.jwt.algorithms,6,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.azure.identity,3,,,,,1,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.caucho.burlap.io,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
-com.caucho.hessian.io,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
-com.cedarsoftware.util.io,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
-com.couchbase.client.core.env,15,,1,,,,9,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.couchbase.client.java,10,,,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,
-com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.esotericsoftware.yamlbeans,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
-com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-com.fasterxml.jackson.databind,2,,8,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,8,
-com.google.common.base,4,,87,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,,,,,,,63,24
-com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17
-com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551
-com.google.common.flogger,29,,,,,,,,,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.google.common.io,10,,73,,,,,,,,,1,,,,,,,,,,,,,,,4,5,,,,,,,,,,,,,,,,,,,,,,,,,72,1
-com.google.gson,,,52,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,38,14
-com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,
-com.jcraft.jsch,5,,1,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,1,
-com.microsoft.sqlserver.jdbc,4,,,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,
-com.mongodb,10,,,,,,4,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.opensymphony.xwork2,56,,961,,,,,,,,,,,,,,,,,,,,,,,56,,,,,,,,,,,,,,,,,,,,,,,,,,,867,94
-com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7,
-com.sshtools.j2ssh.authentication,3,,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.sun.crypto.provider,19,,,,,17,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.sun.jndi.ldap,4,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.sun.net.httpserver,3,,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.sun.net.ssl,3,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.sun.rowset,3,,,,,,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.sun.security.auth.module,2,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.sun.security.ntlm,5,,,,,,3,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.sun.security.sasl.digest,3,,,,,,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.thoughtworks.xstream,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.trilead.ssh2,13,,,,,2,4,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.unboundid.ldap.sdk,17,,,,,,,,,,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-com.zaxxer.hikari,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,
-flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
-freemarker.cache,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,
-freemarker.template,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,,,
-groovy.lang,26,,,,,,,,,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-groovy.text,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-groovy.util,5,,,,,,,,,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-hudson,75,9,2648,,4,,,,,,3,2,,,,4,,,,,,,,,,,39,17,,,,,,,,,6,,,,,,,,,,,,,,5,4,2572,76
-io.jsonwebtoken,,2,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4,
-io.netty.bootstrap,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,
-io.netty.buffer,,,207,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,77
-io.netty.channel,9,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,,,,,2,,
-io.netty.handler.codec,4,13,259,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,3,,,,,,,,,,,,,,,13,143,116
-io.netty.handler.ssl,4,,,,,,,,,,,,,,,,,,,,,,,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,
-io.netty.handler.stream,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,
-io.netty.resolver,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-io.netty.util,2,,23,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,1,,,,,,,,,,,,,,,,21,2
-io.undertow.server.handlers.resource,1,,3,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-jakarta.activation,2,,2,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,1,,,,,,,,,,,,,,,,2,
-jakarta.faces.context,4,7,,,,,,,,,,,,,,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,7,,
-jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
-jakarta.persistence,2,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,1,
-jakarta.servlet,2,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,26,,
-jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
-jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
-jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,94,55
-jakarta.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,
-java.applet,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,11,
-java.awt,1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,3
-java.beans,1,,177,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,82,95
-java.io,66,1,225,,,,,,,,,22,,,,,,,,,,,,,,,29,15,,,,,,,,,,,,,,,,,,,,,,,1,,202,23
-java.lang,38,3,790,,13,,,,,,1,,,,,,,,,,,,8,,,,2,9,,,4,,,1,,,,,,,,,,,,,,,,3,,,510,280
-java.math,,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9
-java.net,23,3,347,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,,,,,,,,,,,,,,,3,248,99
-java.nio,47,,499,,,,,,,,,5,,,,,,,,,,,,,,,25,16,,,,,,,,,1,,,,,,,,,,,,,,,,302,197
-java.rmi,,,68,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,23
-java.security,21,,583,,,11,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,285,298
-java.sql,15,1,292,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,,,1,,,,274,18
-java.text,,,154,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,72,82
-java.time,,,131,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,27,104
-java.util,48,2,1340,,,,,,,,,1,,,,,,,,,,,34,,,,3,,,,,5,2,,1,2,,,,,,,,,,,,,,2,,,558,782
-javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
-javax.accessibility,,,63,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,28,35
-javax.activation,2,,7,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,1,,,,,,,,,,,,,,,,7,
-javax.annotation.processing,,,28,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,3
-javax.crypto,19,,140,,,12,3,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,76,64
-javax.faces.context,4,7,,,,,,,,,,,,,,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,7,,
-javax.imageio,1,,304,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,138,166
-javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
-javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
-javax.lang.model,,,277,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,217,60
-javax.management,2,,766,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,363,403
-javax.naming,7,,341,,,,,,,,,,,,,,,,,6,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,191,150
-javax.net,4,,136,,,,2,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,87,49
-javax.portlet,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
-javax.print,2,,133,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,102,31
-javax.rmi.ssl,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6
-javax.script,1,,50,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,14,36
-javax.security.auth,7,,147,,,4,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,50,97
-javax.security.cert,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,
-javax.security.sasl,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,42,7
-javax.servlet,10,29,3,,,,,,,,,,,,,,1,,,,,,,,,,,2,,,,,,,,,,3,,,2,,2,,,,,,,,,29,3,
-javax.smartcardio,,,34,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,24,10
-javax.sound.midi,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,51,9
-javax.sound.sampled,,,90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,53,37
-javax.sql,7,,126,,,,4,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,68,58
-javax.tools,,,66,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,62,4
-javax.transaction.xa,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
-javax.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
-javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
-javax.ws.rs.core,3,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,2,,,,,,,,,94,55
-javax.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,
-javax.xml.catalog,,,12,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,11,1
-javax.xml.crypto,,,269,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,172,97
-javax.xml.datatype,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,1
-javax.xml.namespace,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,10
-javax.xml.parsers,,,37,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35,2
-javax.xml.stream,,,221,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,201,20
-javax.xml.transform,2,,134,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,1,,,,,,,72,62
-javax.xml.validation,,,29,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,29,
-javax.xml.xpath,3,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,26,
-jenkins,,,523,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,500,23
-jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10
-kotlin,16,,1849,,,,,,,,,,,,,,,,,,,,,,,,11,3,,,,,,,,,2,,,,,,,,,,,,,,,,1836,13
-liquibase.database.jvm,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,
-liquibase.statement.core,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,
-net.lingala.zip4j,2,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,
-net.schmizz.sshj,4,,,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-net.sf.json,2,,338,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,321,17
-net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,,,
-ognl,6,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-okhttp3,4,,50,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,23,27
-org.acegisecurity,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,49,
-org.antlr.runtime,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
-org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
-org.apache.commons.collections4,,,806,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,789
-org.apache.commons.compress.archivers.tar,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,
-org.apache.commons.exec,10,,,,6,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.fileupload,,11,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,11,4,
-org.apache.commons.httpclient.util,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.apache.commons.io,124,,570,,,,,,,,,4,,,,,,,,,,,,,,,102,3,,,,,,,,,15,,,,,,,,,,,,,,,,556,14
-org.apache.commons.jelly,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,
-org.apache.commons.jexl2,15,,,,,,,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.jexl3,15,,,,,,,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.lang,1,,767,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,596,171
-org.apache.commons.lang3,7,,425,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,1,,,,,,,,,,,294,131
-org.apache.commons.logging,6,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.net,13,12,,,,,2,2,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,6,,,,,,,,,,,,,,,12,,
-org.apache.commons.ognl,6,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52
-org.apache.cxf.catalog,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
-org.apache.cxf.common.classloader,3,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,2,,,,,,,,,,,,,,,,,
-org.apache.cxf.common.jaxb,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.cxf.common.logging,6,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.cxf.configuration.jsse,2,,,,,,,,,,,,,,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.cxf.helpers,10,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,,,,,,,,,,,,,5,,,,,,,,,
-org.apache.cxf.resource,9,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,5,,,,,,,,,,,,,,,,,
-org.apache.cxf.staxutils,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.cxf.tools.corba.utils,4,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.cxf.tools.util,10,,,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.cxf.transform,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,
-org.apache.directory.ldap.client.api,1,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.hadoop.fs,3,,11,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,11,
-org.apache.hadoop.hive.metastore,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,
-org.apache.hadoop.hive.ql.exec,1,,1,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.apache.hadoop.hive.ql.metadata,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.hc.client5.http.async.methods,84,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,84,,,,,,,,,,,,,,,,,
-org.apache.hc.client5.http.classic.methods,37,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,37,,,,,,,,,,,,,,,,,
-org.apache.hc.client5.http.fluent,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,,,,,,,
-org.apache.hc.core5.benchmark,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
-org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.apache.hc.core5.http,73,2,45,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,72,,,,,,,,,,,,,,,2,45,
-org.apache.hc.core5.net,,,18,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,
-org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6
-org.apache.hive.hcatalog.templeton,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,
-org.apache.http,48,3,95,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,46,,,,,,,,,,,,,,,3,86,9
-org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,57,
-org.apache.ibatis.mapping,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.apache.log4j,11,,,,,,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.logging.log4j,359,,8,,,,,,,,,,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,4
-org.apache.shiro.authc,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
-org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.apache.shiro.jndi,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.shiro.mgt,1,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.sshd.client.session,3,,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.struts.beanvalidation.validation.interceptor,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,
-org.apache.struts2,14,,3873,,,,,,,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,3,,,,,,,,,,,,3839,34
-org.apache.tools.ant,14,,,,1,,,,,,,,,,,,,,,,,,,,,,5,8,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.apache.tools.zip,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.apache.velocity.app,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,
-org.apache.velocity.runtime,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,
-org.codehaus.cargo.container.installer,3,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,1,,,,,,,,,,,,,,,,,
-org.codehaus.groovy.control,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,,,,
-org.eclipse.jetty.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,
-org.exolab.castor.xml,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
-org.fusesource.leveldbjni,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.geogebra.web.full.main,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,
-org.gradle.api.file,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-org.hibernate,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,
-org.ho.yaml,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,,,,,,,,,,,
-org.influxdb,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
-org.jabsorb,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
-org.jboss.logging,324,,,,,,,,,,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.jboss.vfs,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.jdbi.v3.core,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,
-org.jenkins.ui.icon,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48,1
-org.jenkins.ui.symbol,,,33,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,8
-org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,
-org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38
-org.keycloak.models.map.storage,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,
-org.kohsuke.stapler,20,24,363,,,,,,,,,,,,,2,,,,,,,,,,,8,1,,,,,,,,,3,,,,,,1,5,,,,,,,,24,352,11
-org.lastaflute.web,,1,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,4,
-org.mvel2,16,,,,,,,,,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.openjdk.jmh.runner.options,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.owasp.esapi,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.pac4j.jwt.config.encryption,4,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.pac4j.jwt.config.signature,4,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.scijava.log,13,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.slf4j,55,,6,,,,,,,,,,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4
-org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30
-org.springframework.boot.jdbc,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
-org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
-org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-org.springframework.core.io,17,,6,,,,,,,,,,,,,,,,,,,,,,,,16,,,,,,,,,,1,,,,,,,,,,,,,,,,6,
-org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
-org.springframework.http,14,,77,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,,,,,,,,67,10
-org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,,,,,
-org.springframework.jdbc.datasource,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,
-org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,,,,,
-org.springframework.jndi,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.ldap,47,,,,,,,,,,,,,,,,,,,33,,14,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.security.core.userdetails,2,,,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,
-org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32
-org.springframework.util,10,,142,,,,,,,,,,,,,,,,,,,,,,,,9,1,,,,,,,,,,,,,,,,,,,,,,,,,90,52
-org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,
-org.springframework.web.client,13,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,3,,
-org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,
-org.springframework.web.multipart,,12,12,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,12,
-org.springframework.web.portlet,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
-org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,
-org.springframework.web.servlet,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,
-org.springframework.web.socket,,8,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,6,
-org.springframework.web.util,,9,159,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,134,25
-org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,2,
-org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,
-org.yaml.snakeyaml,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
-play.libs.ws,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,
-play.mvc,1,13,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,13,24,
-ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
-ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
-ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48
-ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
-ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
-ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
-ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
-ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
-retrofit2,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,1,
-software.amazon.awssdk.transfer.s3.model,8,,,,,,,,,,,,,,,,,,,,,,,,,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.jvmstat.perfdata.monitor.protocol.local,3,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.jvmstat.perfdata.monitor.protocol.rmi,1,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.misc,3,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.net.ftp,5,,,,,,2,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.net.www.protocol.http,3,,,,,,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.security.acl,1,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.security.jgss.krb5,2,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.security.krb5,9,,,,,3,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.security.pkcs,4,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.security.pkcs11,3,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.security.provider,2,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.security.ssl,3,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.security.x509,1,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
-sun.tools.jconsole,28,,,,,,13,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+package,sink,source,summary,sink:bean-validation,sink:command-injection,sink:credentials-key,sink:credentials-password,sink:credentials-username,sink:encryption-iv,sink:encryption-salt,sink:environment-injection,sink:file-content-store,sink:fragment-injection,sink:groovy-injection,sink:hostname-verification,sink:html-injection,sink:information-leak,sink:intent-redirection,sink:jexl-injection,sink:jndi-injection,sink:js-injection,sink:ldap-injection,sink:log-injection,sink:mvel-injection,sink:notification,sink:ognl-injection,sink:path-injection,sink:path-injection[read],sink:pending-intents,sink:regex-use,sink:regex-use[-1],sink:regex-use[0],sink:regex-use[],sink:regex-use[f-1],sink:regex-use[f1],sink:regex-use[f],sink:request-forgery,sink:response-splitting,sink:sql-injection,sink:template-injection,sink:trust-boundary-violation,sink:unsafe-deserialization,sink:url-forward,sink:url-redirection,sink:xpath-injection,sink:xslt-injection,source:android-external-storage-dir,source:commandargs,source:contentprovider,source:database,source:environment,source:file,source:remote,summary:taint,summary:value
+actions.osgi,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
+android.app,77,,103,,,,,,,,,,11,,,,,7,,,,,,,42,,,,17,,,,,,,,,,,,,,,,,,,,,,,,,18,85
+android.content,24,31,154,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,8,,,,,,,,4,,27,,,,,63,91
+android.database,59,,41,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,59,,,,,,,,,,,,,,,41,
+android.net,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,15
+android.os,1,2,122,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,2,,,,,,,41,81
+android.support.v4.app,11,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+android.util,6,16,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,16,,
+android.webkit,3,2,,,,,,,,,,,,,,2,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,
+android.widget,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,1,
+androidx.core.app,47,,95,,,,,,,,,,,,,,,,,,,,,,41,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,12,83
+androidx.fragment.app,11,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+androidx.slice,2,5,88,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,5,,,,,27,61
+antlr,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+ch.ethz.ssh2,2,,,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+cn.hutool.core.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.alibaba.com.caucho.hessian.io,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,
+com.alibaba.druid.sql,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,1,
+com.alibaba.fastjson2,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.amazonaws.auth,2,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.auth0.jwt.algorithms,6,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.azure.identity,3,,,,,1,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.caucho.burlap.io,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,
+com.caucho.hessian.io,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,
+com.cedarsoftware.util.io,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,
+com.couchbase.client.core.env,15,,1,,,,9,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.couchbase.client.java,10,,,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,
+com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.esotericsoftware.yamlbeans,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,
+com.fasterxml.jackson.core,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+com.fasterxml.jackson.databind,2,,8,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,8,
+com.google.common.base,4,,87,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,1,,,,,,,,,,,,,,,,,,,,,63,24
+com.google.common.cache,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17
+com.google.common.collect,,,553,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,551
+com.google.common.flogger,29,,,,,,,,,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.google.common.io,10,,73,,,,,,,,,1,,,,,,,,,,,,,,,4,5,,,,,,,,,,,,,,,,,,,,,,,,,,72,1
+com.google.gson,,,52,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,38,14
+com.hubspot.jinjava,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,
+com.jcraft.jsch,5,,1,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,1,
+com.microsoft.sqlserver.jdbc,4,,,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.mitchellbosecke.pebble,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,
+com.mongodb,10,,,,,,4,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.opensymphony.xwork2,56,,961,,,,,,,,,,,,,,,,,,,,,,,56,,,,,,,,,,,,,,,,,,,,,,,,,,,,867,94
+com.rabbitmq.client,,21,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,7,
+com.sshtools.j2ssh.authentication,3,,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.sun.crypto.provider,19,,,,,17,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.sun.jndi.ldap,4,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.sun.net.httpserver,3,,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.sun.net.ssl,3,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.sun.rowset,3,,,,,,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.sun.security.auth.module,2,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.sun.security.ntlm,5,,,,,,3,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.sun.security.sasl.digest,3,,,,,,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.thoughtworks.xstream,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.trilead.ssh2,13,,,,,2,4,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.unboundid.ldap.sdk,17,,,,,,,,,,,,,,,,,,,,,17,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+com.zaxxer.hikari,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,
+flexjson,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
+freemarker.cache,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,
+freemarker.template,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,,,,
+groovy.lang,26,,,,,,,,,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+groovy.text,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+groovy.util,5,,,,,,,,,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+hudson,75,9,2648,,4,,,,,,3,2,,,,4,,,,,,,,,,,39,17,,,,,,,,,6,,,,,,,,,,,,,,,5,4,2572,76
+io.jsonwebtoken,,2,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4,
+io.netty.bootstrap,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,
+io.netty.buffer,,,207,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,77
+io.netty.channel,9,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,,,,,,2,,
+io.netty.handler.codec,4,13,259,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,3,,,,,,,,,,,,,,,,13,143,116
+io.netty.handler.ssl,4,,,,,,,,,,,,,,,,,,,,,,,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,
+io.netty.handler.stream,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,
+io.netty.resolver,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+io.netty.util,2,,23,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,1,,,,,,,,,,,,,,,,,21,2
+io.undertow.server.handlers.resource,1,,3,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+jakarta.activation,2,,2,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,1,,,,,,,,,,,,,,,,,2,
+jakarta.faces.context,4,7,,,,,,,,,,,,,,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,7,,
+jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
+jakarta.persistence,2,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,1,
+jakarta.servlet,2,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,26,,
+jakarta.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,
+jakarta.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
+jakarta.ws.rs.core,2,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,94,55
+jakarta.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,
+java.applet,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,11,
+java.awt,1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,3
+java.beans,1,,177,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,82,95
+java.io,66,1,225,,,,,,,,,22,,,,,,,,,,,,,,,29,15,,,,,,,,,,,,,,,,,,,,,,,,1,,202,23
+java.lang,38,3,790,,13,,,,,,1,,,,,,,,,,,,8,,,,2,9,,,4,,,1,,,,,,,,,,,,,,,,,3,,,510,280
+java.math,,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9
+java.net,23,3,347,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,,,,,,,,,,,,,,,,3,248,99
+java.nio,47,,499,,,,,,,,,5,,,,,,,,,,,,,,,25,16,,,,,,,,,1,,,,,,,,,,,,,,,,,302,197
+java.rmi,,,68,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,45,23
+java.security,21,,583,,,11,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,285,298
+java.sql,15,1,292,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,,,,1,,,,274,18
+java.text,,,154,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,72,82
+java.time,,,131,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,27,104
+java.util,48,2,1340,,,,,,,,,1,,,,,,,,,,,34,,,,3,,,,,5,2,,1,2,,,,,,,,,,,,,,,2,,,558,782
+javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,
+javax.accessibility,,,63,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,28,35
+javax.activation,2,,7,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,1,,,,,,,,,,,,,,,,,7,
+javax.annotation.processing,,,28,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,3
+javax.crypto,19,,140,,,12,3,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,76,64
+javax.faces.context,4,7,,,,,,,,,,,,,,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,7,,
+javax.imageio,1,,304,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,138,166
+javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
+javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
+javax.lang.model,,,277,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,217,60
+javax.management,2,,766,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,363,403
+javax.naming,7,,341,,,,,,,,,,,,,,,,,6,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,191,150
+javax.net,4,,136,,,,2,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,87,49
+javax.portlet,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,
+javax.print,2,,133,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,102,31
+javax.rmi.ssl,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6
+javax.script,1,,50,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,14,36
+javax.security.auth,7,,147,,,4,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,50,97
+javax.security.cert,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,
+javax.security.sasl,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,42,7
+javax.servlet,10,29,3,,,,,,,,,,,,,,1,,,,,,,,,,,2,,,,,,,,,,3,,,2,,2,,,,,,,,,,29,3,
+javax.smartcardio,,,34,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,24,10
+javax.sound.midi,,,60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,51,9
+javax.sound.sampled,,,90,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,53,37
+javax.sql,7,,126,,,,4,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,68,58
+javax.tools,,,66,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,62,4
+javax.transaction.xa,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+javax.validation,1,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
+javax.ws.rs.client,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,
+javax.ws.rs.container,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,
+javax.ws.rs.core,3,,149,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,2,,,,,,,,,,94,55
+javax.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,
+javax.xml.catalog,,,12,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,11,1
+javax.xml.crypto,,,269,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,172,97
+javax.xml.datatype,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,1
+javax.xml.namespace,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,10
+javax.xml.parsers,,,37,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35,2
+javax.xml.stream,,,221,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,201,20
+javax.xml.transform,2,,134,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,72,62
+javax.xml.validation,,,29,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,29,
+javax.xml.xpath,3,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,26,
+jenkins,,,523,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,500,23
+jodd.json,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10
+kotlin,16,,1849,,,,,,,,,,,,,,,,,,,,,,,,11,3,,,,,,,,,2,,,,,,,,,,,,,,,,,1836,13
+liquibase.database.jvm,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
+liquibase.statement.core,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
+net.lingala.zip4j,2,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+net.schmizz.sshj,4,,,,,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+net.sf.json,2,,338,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,321,17
+net.sf.saxon.s9api,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,,,,
+ognl,6,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+okhttp3,4,,50,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,23,27
+org.acegisecurity,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,49,
+org.antlr.runtime,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.avro,18,19,,,,,,,,,,,,,,,,,,,,,,,,,17,,,,,,,,,,1,,,,,,,,,,,1,,,,17,1,,
+org.apache.commons.codec,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,
+org.apache.commons.collections,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,783
+org.apache.commons.collections4,,,806,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,17,789
+org.apache.commons.compress.archivers.tar,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,
+org.apache.commons.exec,10,,,,6,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.fileupload,,11,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,11,4,
+org.apache.commons.httpclient.util,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.apache.commons.io,124,,570,,,,,,,,,4,,,,,,,,,,,,,,,102,3,,,,,,,,,15,,,,,,,,,,,,,,,,,556,14
+org.apache.commons.jelly,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,
+org.apache.commons.jexl2,15,,,,,,,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.jexl3,15,,,,,,,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.lang,1,,767,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,596,171
+org.apache.commons.lang3,7,,425,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,1,,,,,,,,,,,,294,131
+org.apache.commons.logging,6,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.net,13,12,,,,,2,2,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,6,,,,,,,,,,,,,,,,12,,
+org.apache.commons.ognl,6,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.commons.text,,,272,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,220,52
+org.apache.cxf.catalog,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,
+org.apache.cxf.common.classloader,3,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,2,,,,,,,,,,,,,,,,,,
+org.apache.cxf.common.jaxb,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.cxf.common.logging,6,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.cxf.configuration.jsse,2,,,,,,,,,,,,,,1,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.cxf.helpers,10,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,,,,,,,,,,,,,5,,,,,,,,,,
+org.apache.cxf.resource,9,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,5,,,,,,,,,,,,,,,,,,
+org.apache.cxf.staxutils,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.cxf.tools.corba.utils,4,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.cxf.tools.util,10,,,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.cxf.transform,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,
+org.apache.directory.ldap.client.api,1,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.hadoop.fs,3,,11,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,11,
+org.apache.hadoop.hive.metastore,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,
+org.apache.hadoop.hive.ql.exec,1,,1,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.apache.hadoop.hive.ql.metadata,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.hc.client5.http.async.methods,84,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,84,,,,,,,,,,,,,,,,,,
+org.apache.hc.client5.http.classic.methods,37,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,37,,,,,,,,,,,,,,,,,,
+org.apache.hc.client5.http.fluent,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,,,,,,,,
+org.apache.hc.core5.benchmark,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,
+org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.apache.hc.core5.http,73,2,45,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,72,,,,,,,,,,,,,,,,2,45,
+org.apache.hc.core5.net,,,18,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,
+org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,18,6
+org.apache.hive.hcatalog.templeton,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
+org.apache.http,48,3,95,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,46,,,,,,,,,,,,,,,,3,86,9
+org.apache.ibatis.jdbc,6,,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,57,
+org.apache.ibatis.mapping,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.apache.log4j,11,,,,,,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.logging.log4j,359,,8,,,,,,,,,,,,,,,,,,,,359,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,4
+org.apache.shiro.authc,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,
+org.apache.shiro.codec,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.apache.shiro.jndi,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.shiro.mgt,1,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.sshd.client.session,3,,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.struts.beanvalidation.validation.interceptor,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,
+org.apache.struts2,14,,3873,,,,,,,,,,,,,,,,,,,,,,,11,,,,,,,,,,,,,,,3,,,,,,,,,,,,,3839,34
+org.apache.tools.ant,14,,,,1,,,,,,,,,,,,,,,,,,,,,,5,8,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.apache.tools.zip,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.apache.velocity.app,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,
+org.apache.velocity.runtime,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,
+org.codehaus.cargo.container.installer,3,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,1,,,,,,,,,,,,,,,,,,
+org.codehaus.groovy.control,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.dom4j,20,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,20,,,,,,,,,,
+org.eclipse.jetty.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,
+org.exolab.castor.xml,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,
+org.fusesource.leveldbjni,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.geogebra.web.full.main,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,
+org.gradle.api.file,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+org.hibernate,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,
+org.ho.yaml,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,,,,,,,,,,,,
+org.influxdb,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,
+org.jabsorb,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,
+org.jboss.logging,324,,,,,,,,,,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.jboss.vfs,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.jdbi.v3.core,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,
+org.jenkins.ui.icon,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48,1
+org.jenkins.ui.symbol,,,33,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,8
+org.jooq,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
+org.json,,,236,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,198,38
+org.keycloak.models.map.storage,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
+org.kohsuke.stapler,20,24,363,,,,,,,,,,,,,2,,,,,,,,,,,8,1,,,,,,,,,3,,,,,,1,5,,,,,,,,,24,352,11
+org.lastaflute.web,,1,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,4,
+org.mvel2,16,,,,,,,,,,,,,,,,,,,,,,,16,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.openjdk.jmh.runner.options,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.owasp.esapi,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.pac4j.jwt.config.encryption,4,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.pac4j.jwt.config.signature,4,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.scijava.log,13,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.slf4j,55,,6,,,,,,,,,,,,,,,,,,,,55,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4
+org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30
+org.springframework.boot.jdbc,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,
+org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
+org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+org.springframework.core.io,17,,6,,,,,,,,,,,,,,,,,,,,,,,,16,,,,,,,,,,1,,,,,,,,,,,,,,,,,6,
+org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
+org.springframework.http,14,,77,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,,,,,,,,,67,10
+org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,,,,,,
+org.springframework.jdbc.datasource,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,
+org.springframework.jdbc.object,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,,,,,,,,,,,,,,,,
+org.springframework.jndi,1,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.ldap,47,,,,,,,,,,,,,,,,,,,33,,14,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.security.core.userdetails,2,,,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,
+org.springframework.ui,,,32,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,32
+org.springframework.util,10,,142,,,,,,,,,,,,,,,,,,,,,,,,9,1,,,,,,,,,,,,,,,,,,,,,,,,,,90,52
+org.springframework.validation,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,
+org.springframework.web.client,13,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13,,,,,,,,,,,,,,,,3,,
+org.springframework.web.context.request,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,,
+org.springframework.web.multipart,,12,12,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,12,12,
+org.springframework.web.portlet,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
+org.springframework.web.reactive.function.client,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,
+org.springframework.web.servlet,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,
+org.springframework.web.socket,,8,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,8,6,
+org.springframework.web.util,,9,159,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,134,25
+org.thymeleaf,2,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,2,
+org.xml.sax,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+org.xmlpull.v1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,
+org.yaml.snakeyaml,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
+play.libs.ws,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,
+play.mvc,1,13,24,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,13,24,
+ratpack.core.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+ratpack.core.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
+ratpack.core.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
+ratpack.exec,,,48,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48
+ratpack.form,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
+ratpack.func,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
+ratpack.handling,,6,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,4,
+ratpack.http,,10,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,10,10,
+ratpack.util,,,35,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35
+retrofit2,1,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,1,
+software.amazon.awssdk.transfer.s3.model,8,,,,,,,,,,,,,,,,,,,,,,,,,,8,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+sun.jvmstat.perfdata.monitor.protocol.local,3,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+sun.jvmstat.perfdata.monitor.protocol.rmi,1,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+sun.misc,3,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+sun.net.ftp,5,,,,,,2,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+sun.net.www.protocol.http,3,,,,,,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+sun.security.acl,1,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+sun.security.jgss.krb5,2,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+sun.security.krb5,9,,,,,3,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+sun.security.pkcs,4,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+sun.security.pkcs11,3,,,,,1,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+sun.security.provider,2,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+sun.security.ssl,3,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+sun.security.x509,1,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
+sun.tools.jconsole,28,,,,,,13,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

java/documentation/library-coverage/coverage.rst

@@ -40,6 +40,6 @@ Java framework & library support
    `Spring <https://spring.io/>`_,``org.springframework.*``,46,494,143,26,,28,14,,35
    `Thymeleaf <https://www.thymeleaf.org/>`_,``org.thymeleaf``,,2,2,,,,,,
    `jOOQ <https://www.jooq.org/>`_,``org.jooq``,,,1,,,1,,,
-   Others,"``actions.osgi``, ``antlr``, ``ch.ethz.ssh2``, ``cn.hutool.core.codec``, ``com.alibaba.com.caucho.hessian.io``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.amazonaws.auth``, ``com.auth0.jwt.algorithms``, ``com.azure.identity``, ``com.caucho.burlap.io``, ``com.caucho.hessian.io``, ``com.cedarsoftware.util.io``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.esotericsoftware.yamlbeans``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.microsoft.sqlserver.jdbc``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2``, ``com.sshtools.j2ssh.authentication``, ``com.sun.crypto.provider``, ``com.sun.jndi.ldap``, ``com.sun.net.httpserver``, ``com.sun.net.ssl``, ``com.sun.rowset``, ``com.sun.security.auth.module``, ``com.sun.security.ntlm``, ``com.sun.security.sasl.digest``, ``com.thoughtworks.xstream``, ``com.trilead.ssh2``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``hudson``, ``io.jsonwebtoken``, ``io.undertow.server.handlers.resource``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``liquibase.database.jvm``, ``liquibase.statement.core``, ``net.lingala.zip4j``, ``net.schmizz.sshj``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.fileupload``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hadoop.hive.ql.exec``, ``org.apache.hadoop.hive.ql.metadata``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.ibatis.mapping``, ``org.apache.log4j``, ``org.apache.shiro.authc``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.shiro.mgt``, ``org.apache.sshd.client.session``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.codehaus.cargo.container.installer``, ``org.dom4j``, ``org.exolab.castor.xml``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.ho.yaml``, ``org.influxdb``, ``org.jabsorb``, ``org.jboss.vfs``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.keycloak.models.map.storage``, ``org.kohsuke.stapler``, ``org.lastaflute.web``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.pac4j.jwt.config.encryption``, ``org.pac4j.jwt.config.signature``, ``org.scijava.log``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``software.amazon.awssdk.transfer.s3.model``, ``sun.jvmstat.perfdata.monitor.protocol.local``, ``sun.jvmstat.perfdata.monitor.protocol.rmi``, ``sun.misc``, ``sun.net.ftp``, ``sun.net.www.protocol.http``, ``sun.security.acl``, ``sun.security.jgss.krb5``, ``sun.security.krb5``, ``sun.security.pkcs``, ``sun.security.pkcs11``, ``sun.security.provider``, ``sun.security.ssl``, ``sun.security.x509``, ``sun.tools.jconsole``",108,6034,757,131,6,14,18,,185
-   Totals,,363,26381,2684,404,16,137,33,1,409
+   Others,"``actions.osgi``, ``antlr``, ``ch.ethz.ssh2``, ``cn.hutool.core.codec``, ``com.alibaba.com.caucho.hessian.io``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.amazonaws.auth``, ``com.auth0.jwt.algorithms``, ``com.azure.identity``, ``com.caucho.burlap.io``, ``com.caucho.hessian.io``, ``com.cedarsoftware.util.io``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.esotericsoftware.yamlbeans``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.microsoft.sqlserver.jdbc``, ``com.mitchellbosecke.pebble``, ``com.opensymphony.xwork2``, ``com.sshtools.j2ssh.authentication``, ``com.sun.crypto.provider``, ``com.sun.jndi.ldap``, ``com.sun.net.httpserver``, ``com.sun.net.ssl``, ``com.sun.rowset``, ``com.sun.security.auth.module``, ``com.sun.security.ntlm``, ``com.sun.security.sasl.digest``, ``com.thoughtworks.xstream``, ``com.trilead.ssh2``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``hudson``, ``io.jsonwebtoken``, ``io.undertow.server.handlers.resource``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``liquibase.database.jvm``, ``liquibase.statement.core``, ``net.lingala.zip4j``, ``net.schmizz.sshj``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.avro``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.fileupload``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hadoop.hive.ql.exec``, ``org.apache.hadoop.hive.ql.metadata``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.ibatis.mapping``, ``org.apache.log4j``, ``org.apache.shiro.authc``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.shiro.mgt``, ``org.apache.sshd.client.session``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.codehaus.cargo.container.installer``, ``org.dom4j``, ``org.exolab.castor.xml``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.ho.yaml``, ``org.influxdb``, ``org.jabsorb``, ``org.jboss.vfs``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.keycloak.models.map.storage``, ``org.kohsuke.stapler``, ``org.lastaflute.web``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.pac4j.jwt.config.encryption``, ``org.pac4j.jwt.config.signature``, ``org.scijava.log``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``software.amazon.awssdk.transfer.s3.model``, ``sun.jvmstat.perfdata.monitor.protocol.local``, ``sun.jvmstat.perfdata.monitor.protocol.rmi``, ``sun.misc``, ``sun.net.ftp``, ``sun.net.www.protocol.http``, ``sun.security.acl``, ``sun.security.jgss.krb5``, ``sun.security.krb5``, ``sun.security.pkcs``, ``sun.security.pkcs11``, ``sun.security.provider``, ``sun.security.ssl``, ``sun.security.x509``, ``sun.tools.jconsole``",127,6034,775,148,6,14,18,,186
+   Totals,,382,26381,2702,421,16,137,33,1,410
 

java/ql/integration-tests/java/buildless-maven-existing-settings-xml/maven-fetches.expected

@@ -1,18 +1,18 @@
 Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.11/junit-4.11.pom
 Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.pom
 Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-parent/1.3/hamcrest-parent-1.3.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-base/2.14.1/jackson-base-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.14.1/jackson-bom-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.14/jackson-parent-2.14.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/48/oss-parent-48.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL/depgraph-maven-plugin-4.0.3-CodeQL.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL/depgraph-maven-plugin-4.0.3-CodeQL.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.18.6/jackson-annotations-2.18.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.18.6/jackson-annotations-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.18.6/jackson-core-2.18.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.18.6/jackson-core-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.18.6/jackson-databind-2.18.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.18.6/jackson-databind-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-base/2.18.6/jackson-base-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.18.6/jackson-bom-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.18.4/jackson-parent-2.18.4.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/69/oss-parent-69.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar

java/ql/integration-tests/java/buildless-maven-mirrorof/maven-fetches.expected

@@ -1,15 +1,15 @@
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-base/2.14.1/jackson-base-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.14.1/jackson-bom-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.14/jackson-parent-2.14.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/48/oss-parent-48.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL/depgraph-maven-plugin-4.0.3-CodeQL.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL/depgraph-maven-plugin-4.0.3-CodeQL.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.18.6/jackson-annotations-2.18.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.18.6/jackson-annotations-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.18.6/jackson-core-2.18.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.18.6/jackson-core-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.18.6/jackson-databind-2.18.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.18.6/jackson-databind-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-base/2.18.6/jackson-base-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.18.6/jackson-bom-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.18.4/jackson-parent-2.18.4.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/69/oss-parent-69.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar

java/ql/integration-tests/java/buildless-maven-timeout/diagnostics.expected

@@ -83,7 +83,7 @@
   }
 }
 {
-  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3-CodeQL:graph` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
+  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3-CodeQL-2:graph` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
   "severity": "note",
   "source": {
     "extractorName": "java",

java/ql/integration-tests/java/buildless-maven-tolerate-unavailable-dependency/diagnostics.expected

@@ -97,7 +97,7 @@
   }
 }
 {
-  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3-CodeQL:graph` yielded an artifact transfer exception. This means some dependency information will be unavailable, and so some dependencies will be guessed based on Java package names. Consider investigating why this plugin encountered errors retrieving dependencies.",
+  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3-CodeQL-2:graph` yielded an artifact transfer exception. This means some dependency information will be unavailable, and so some dependencies will be guessed based on Java package names. Consider investigating why this plugin encountered errors retrieving dependencies.",
   "severity": "note",
   "source": {
     "extractorName": "java",

java/ql/integration-tests/java/buildless-maven/maven-fetches.expected

@@ -1,18 +1,18 @@
 Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/4.11/junit-4.11.pom
 Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.pom
 Downloaded from central: https://repo.maven.apache.org/maven2/org/hamcrest/hamcrest-parent/1.3/hamcrest-parent-1.3.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-base/2.14.1/jackson-base-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.14.1/jackson-bom-2.14.1.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.14/jackson-parent-2.14.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/48/oss-parent-48.pom
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL/depgraph-maven-plugin-4.0.3-CodeQL.jar
-Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL/depgraph-maven-plugin-4.0.3-CodeQL.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.18.6/jackson-annotations-2.18.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.18.6/jackson-annotations-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.18.6/jackson-core-2.18.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-core/2.18.6/jackson-core-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.18.6/jackson-databind-2.18.6.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/core/jackson-databind/2.18.6/jackson-databind-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-base/2.18.6/jackson-base-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.18.6/jackson-bom-2.18.6.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.18.4/jackson-parent-2.18.4.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/69/oss-parent-69.pom
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.jar
+Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom
 Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar

java/ql/integration-tests/update-ferstl-depgraph-dependencies.sh

@@ -0,0 +1,330 @@
+#!/usr/bin/env bash
+# Upgrades the ferstl-depgraph-dependencies bundle used by the buildless Java extractor.
+#
+# This script:
+#   1. Clones ferstl/depgraph-maven-plugin at the upstream 4.0.3 tag.
+#   2. Applies the CodeQL patches: version suffix, Guava bump, Jackson bump.
+#   3. Builds the plugin (skipping tests) into a throwaway build repo.
+#   4. Resolves only the plugin's runtime deps into a clean dist repo and zips it.
+#   5. Updates the *.expected integration-test files in this directory.
+#
+# The generated zip file must be placed (in the companion semmle-code PR) at:
+#   resources/lib/ferstl-depgraph-dependencies/ferstl-depgraph-dependencies.zip
+#
+# Usage:
+#   ./update-ferstl-depgraph-dependencies.sh [JACKSON_VERSION [GUAVA_VERSION]]
+#
+# Output:
+#   ferstl-depgraph-dependencies.zip  (written to the current working directory)
+#
+# Defaults:
+#   JACKSON_VERSION = 2.18.6
+#   GUAVA_VERSION   = 33.4.0-jre
+#
+# Requirements:
+#   - JDK 17 (or JDK 11+; the plugin targets Java 8+)
+#   - Maven 3.9.x  (do NOT use Maven 4.x)
+#   - git, python3, zip, sha1sum (or shasum on macOS)
+
+set -euo pipefail
+
+# ---------------------------------------------------------------------------
+# Configuration
+# ---------------------------------------------------------------------------
+JACKSON_VERSION="${1:-2.18.6}"
+GUAVA_VERSION="${2:-33.4.0-jre}"
+
+PLUGIN_UPSTREAM_VERSION="4.0.3"
+PLUGIN_CODEQL_VERSION="${PLUGIN_UPSTREAM_VERSION}-CodeQL-2"
+UPSTREAM_TAG="depgraph-maven-plugin-${PLUGIN_UPSTREAM_VERSION}"
+UPSTREAM_REPO="https://github.com/ferstl/depgraph-maven-plugin.git"
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+WORK_DIR="$(mktemp -d)"
+# The zip is written to the caller's working directory so the cleanup trap can
+# safely remove the entire temporary work tree.
+ZIP_OUT="$(pwd)/ferstl-depgraph-dependencies.zip"
+trap 'rm -rf "${WORK_DIR}"' EXIT
+
+echo "=== ferstl-depgraph-dependencies update ==="
+echo "  Jackson:        ${JACKSON_VERSION}"
+echo "  Guava:          ${GUAVA_VERSION}"
+echo "  Plugin version: ${PLUGIN_CODEQL_VERSION}"
+echo "  Work dir:       ${WORK_DIR}"
+echo ""
+
+# ---------------------------------------------------------------------------
+# Step 1 — Clone plugin source
+# ---------------------------------------------------------------------------
+echo "[1/5] Cloning ${UPSTREAM_REPO} at tag ${UPSTREAM_TAG} ..."
+git clone --depth=1 --branch "${UPSTREAM_TAG}" "${UPSTREAM_REPO}" "${WORK_DIR}/plugin-src"
+
+# ---------------------------------------------------------------------------
+# Step 2 — Patch pom.xml
+# ---------------------------------------------------------------------------
+echo "[2/5] Patching pom.xml ..."
+python3 - \
+    "${WORK_DIR}/plugin-src/pom.xml" \
+    "${PLUGIN_UPSTREAM_VERSION}" \
+    "${PLUGIN_CODEQL_VERSION}" \
+    "${GUAVA_VERSION}" \
+    "${JACKSON_VERSION}" << 'PYEOF'
+import sys
+
+pom_path, old_version, new_version, new_guava, new_jackson = sys.argv[1:]
+
+with open(pom_path) as f:
+    content = f.read()
+
+# 1. Version suffix: 4.0.3 -> 4.0.3-CodeQL-2  (first occurrence only — the <version> element)
+content = content.replace(f'<version>{old_version}</version>', f'<version>{new_version}</version>', 1)
+
+# 2. Guava
+content = content.replace('<version>31.1-jre</version>', f'<version>{new_guava}</version>')
+
+# 3. Jackson (jackson-databind drives the transitive jackson-core / jackson-annotations versions)
+content = content.replace('<version>2.14.1</version>', f'<version>{new_jackson}</version>')
+
+with open(pom_path, 'w') as f:
+    f.write(content)
+
+print(f'  pom.xml patched: version={new_version}, guava={new_guava}, jackson={new_jackson}')
+PYEOF
+
+# ---------------------------------------------------------------------------
+# Step 3 — Build the plugin, then resolve its runtime deps into a clean repo
+# ---------------------------------------------------------------------------
+#
+# Two separate local repos:
+#
+#   BUILD_REPO  Throwaway cache for the plugin's own `mvn package install` —
+#               accumulates build-lifecycle plugins (compiler, surefire, jar,
+#               plugin-plugin, etc.) that the extractor never invokes at
+#               runtime.  Discarded after this step.
+#
+#   DIST_REPO   Clean repo seeded with the freshly built plugin, then
+#               populated only with the plugin's runtime transitive deps by
+#               invoking the :graph goal against a minimal stub project.
+#               This is what gets zipped.
+#
+BUILD_REPO="${WORK_DIR}/build-repo"
+DIST_REPO="${WORK_DIR}/dist-repo"
+
+echo "[3/5] Building plugin (mvn package + install, skipping tests) ..."
+cd "${WORK_DIR}/plugin-src"
+mvn package install -DskipTests -q -Dmaven.repo.local="${BUILD_REPO}"
+
+echo "      Resolving runtime dependencies into clean dist repo ..."
+
+# Seed DIST_REPO with the freshly built plugin jar+pom so the :graph
+# invocation below can resolve its transitive runtime deps without hitting
+# Central for the plugin artifact itself.
+PLUGIN_REL="com/github/ferstl/depgraph-maven-plugin/${PLUGIN_CODEQL_VERSION}"
+mkdir -p "${DIST_REPO}/${PLUGIN_REL}"
+cp "${BUILD_REPO}/${PLUGIN_REL}/depgraph-maven-plugin-${PLUGIN_CODEQL_VERSION}.jar" \
+   "${BUILD_REPO}/${PLUGIN_REL}/depgraph-maven-plugin-${PLUGIN_CODEQL_VERSION}.pom" \
+   "${DIST_REPO}/${PLUGIN_REL}/"
+
+# Create a minimal stub project with no dependencies.  Using an empty project
+# avoids polluting DIST_REPO with the stub's own deps (e.g. junit from the
+# quickstart archetype).  The sole purpose of this project is to give Maven a
+# valid reactor context in which to load and execute the plugin.
+mkdir -p "${WORK_DIR}/stub-project"
+cat > "${WORK_DIR}/stub-project/pom.xml" << 'STUBPOM'
+<project>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.example</groupId>
+  <artifactId>stub</artifactId>
+  <version>1.0-SNAPSHOT</version>
+</project>
+STUBPOM
+
+cd "${WORK_DIR}/stub-project"
+mvn -q "com.github.ferstl:depgraph-maven-plugin:${PLUGIN_CODEQL_VERSION}:graph" \
+    -Dmaven.repo.local="${DIST_REPO}"
+
+# ---------------------------------------------------------------------------
+# Step 4 — Package local-repo zip
+# ---------------------------------------------------------------------------
+echo "[4/5] Packaging local Maven repo into zip ..."
+
+# Remove build-time-only noise (but keep _remote.repositories for Maven
+# cache-validation compatibility).
+find "${DIST_REPO}" \( \
+    -name "resolver-status.properties" \
+    -o -name "*.lastUpdated" \
+    -o -name "m2e-lastUpdated.properties" \
+    \) -delete
+
+# Add missing SHA-1 files (mvn install doesn't always write them for locally
+# built artifacts; they are needed to suppress Maven checksum warnings).
+if command -v sha1sum &>/dev/null; then
+    SHA1_CMD="sha1sum"
+elif command -v shasum &>/dev/null; then
+    SHA1_CMD="shasum -a 1"
+else
+    echo "WARNING: Neither sha1sum nor shasum found; .sha1 files will not be generated." >&2
+    SHA1_CMD=""
+fi
+
+if [[ -n "${SHA1_CMD}" ]]; then
+    while IFS= read -r -d '' f; do
+        if [[ ! -f "${f}.sha1" ]]; then
+            ${SHA1_CMD} "${f}" | awk '{print $1}' > "${f}.sha1"
+        fi
+    done < <(find "${DIST_REPO}" \( -name "*.jar" -o -name "*.pom" \) -print0)
+fi
+
+(cd "${DIST_REPO}" && zip -r -q "${ZIP_OUT}" .)
+
+echo ""
+echo "  Zip created: ${ZIP_OUT}"
+echo ""
+echo "  *** Place this file in semmle-code at:"
+echo "      resources/lib/ferstl-depgraph-dependencies/ferstl-depgraph-dependencies.zip"
+echo ""
+
+# ---------------------------------------------------------------------------
+# Step 5 — Update integration-test *.expected files
+# ---------------------------------------------------------------------------
+echo "[5/5] Updating integration-test expected files ..."
+
+# Python helpers are written to files to avoid heredocs inside $(...), which
+# are not reliably parsed by macOS bash 3.2.
+EXPECTED_FILE="${SCRIPT_DIR}/java/buildless-maven/maven-fetches.expected"
+
+# Script: extract current versions from the expected file
+cat > "${WORK_DIR}/extract_versions.py" << 'PYEOF'
+import sys, re
+
+with open(sys.argv[1]) as f:
+    content = f.read()
+
+def extract(pattern):
+    m = re.search(pattern, content)
+    return m.group(1) if m else ''
+
+print(
+    extract(r'jackson-core/([^/]+)/'),
+    extract(r'depgraph-maven-plugin/([^/]+)/'),
+    extract(r'fasterxml/oss-parent/([^/]+)/'),
+    extract(r'jackson-parent/([^/]+)/'),
+)
+PYEOF
+
+read -r OLD_JACKSON OLD_PLUGIN OLD_OSS_PARENT OLD_JACKSON_PARENT \
+    <<< "$(python3 "${WORK_DIR}/extract_versions.py" "${EXPECTED_FILE}")"
+
+# Script: find the highest-version POM in each parent directory
+cat > "${WORK_DIR}/max_versions.py" << 'PYEOF'
+import sys, os, re
+
+def max_version(directory, name_prefix, name_suffix):
+    try:
+        entries = os.listdir(directory)
+    except FileNotFoundError:
+        return ''
+    versions = []
+    for e in entries:
+        pom = os.path.join(directory, e, f'{name_prefix}{e}{name_suffix}')
+        if os.path.isfile(pom):
+            versions.append(e)
+    if not versions:
+        return ''
+    def version_key(v):
+        parts = re.split(r'[.\-]', v)
+        numeric = tuple(int(p) for p in parts if p.isdigit())
+        # A release version (all-numeric parts) beats a snapshot/qualifier with
+        # the same numeric prefix; append 1 for pure-release, 0 otherwise.
+        is_release = int(all(p.isdigit() for p in parts if p))
+        return (numeric, is_release)
+    return max(versions, key=version_key)
+
+jackson_parent_dir, oss_parent_dir = sys.argv[1], sys.argv[2]
+print(
+    max_version(jackson_parent_dir, 'jackson-parent-', '.pom'),
+    max_version(oss_parent_dir,     'oss-parent-',     '.pom'),
+)
+PYEOF
+
+# Capture python output into a variable first to avoid backslash continuation
+# inside $(...), which is not reliably handled by macOS bash 3.2.
+_max_versions_out="$(python3 "${WORK_DIR}/max_versions.py" "${DIST_REPO}/com/fasterxml/jackson/jackson-parent" "${DIST_REPO}/com/fasterxml/oss-parent")"
+read -r NEW_JACKSON_PARENT NEW_OSS_PARENT <<< "${_max_versions_out}"
+
+echo "  Jackson:        ${OLD_JACKSON} -> ${JACKSON_VERSION}"
+echo "  jackson-parent: ${OLD_JACKSON_PARENT} -> ${NEW_JACKSON_PARENT}"
+echo "  oss-parent:     ${OLD_OSS_PARENT} -> ${NEW_OSS_PARENT}"
+echo "  Plugin:         ${OLD_PLUGIN} -> ${PLUGIN_CODEQL_VERSION}"
+
+# Script: update all *.expected files in-place
+cat > "${WORK_DIR}/update_expected.py" << 'PYEOF'
+import os, sys, glob
+
+(script_dir,
+ old_jackson, new_jackson,
+ old_jackson_parent, new_jackson_parent,
+ old_oss_parent, new_oss_parent,
+ old_plugin, new_plugin) = sys.argv[1:]
+
+# Substitutions applied to maven-fetches.expected files
+fetch_substitutions = [
+    (f"jackson-annotations/{old_jackson}/jackson-annotations-{old_jackson}",
+     f"jackson-annotations/{new_jackson}/jackson-annotations-{new_jackson}"),
+    (f"jackson-core/{old_jackson}/jackson-core-{old_jackson}",
+     f"jackson-core/{new_jackson}/jackson-core-{new_jackson}"),
+    (f"jackson-databind/{old_jackson}/jackson-databind-{old_jackson}",
+     f"jackson-databind/{new_jackson}/jackson-databind-{new_jackson}"),
+    (f"jackson-base/{old_jackson}/jackson-base-{old_jackson}",
+     f"jackson-base/{new_jackson}/jackson-base-{new_jackson}"),
+    (f"jackson-bom/{old_jackson}/jackson-bom-{old_jackson}",
+     f"jackson-bom/{new_jackson}/jackson-bom-{new_jackson}"),
+    (f"jackson-parent/{old_jackson_parent}/jackson-parent-{old_jackson_parent}.pom",
+     f"jackson-parent/{new_jackson_parent}/jackson-parent-{new_jackson_parent}.pom"),
+    (f"com/fasterxml/oss-parent/{old_oss_parent}/oss-parent-{old_oss_parent}.pom",
+     f"com/fasterxml/oss-parent/{new_oss_parent}/oss-parent-{new_oss_parent}.pom"),
+    (f"depgraph-maven-plugin/{old_plugin}/depgraph-maven-plugin-{old_plugin}.",
+     f"depgraph-maven-plugin/{new_plugin}/depgraph-maven-plugin-{new_plugin}."),
+]
+
+# Substitutions applied to diagnostics.expected files
+diagnostics_substitutions = [
+    (f"depgraph-maven-plugin:{old_plugin}:graph",
+     f"depgraph-maven-plugin:{new_plugin}:graph"),
+]
+
+def update(filepath, substitutions):
+    with open(filepath) as f:
+        content = f.read()
+    updated = content
+    for old, new in substitutions:
+        updated = updated.replace(old, new)
+    if updated != content:
+        with open(filepath, 'w') as f:
+            f.write(updated)
+        print(f"  Updated: {os.path.relpath(filepath, script_dir)}")
+
+for fp in glob.glob(os.path.join(script_dir, "java", "**", "maven-fetches.expected"), recursive=True):
+    update(fp, fetch_substitutions)
+
+for fp in glob.glob(os.path.join(script_dir, "java", "**", "diagnostics.expected"), recursive=True):
+    update(fp, diagnostics_substitutions)
+
+print("  Expected files updated.")
+PYEOF
+
+python3 "${WORK_DIR}/update_expected.py" \
+    "${SCRIPT_DIR}" \
+    "${OLD_JACKSON}" "${JACKSON_VERSION}" \
+    "${OLD_JACKSON_PARENT}" "${NEW_JACKSON_PARENT}" \
+    "${OLD_OSS_PARENT}" "${NEW_OSS_PARENT}" \
+    "${OLD_PLUGIN}" "${PLUGIN_CODEQL_VERSION}"
+
+echo ""
+echo "=== Update complete ==="
+echo ""
+echo "Next steps:"
+echo "  1. Copy ${ZIP_OUT} -> semmle-code resources/lib/ferstl-depgraph-dependencies/ferstl-depgraph-dependencies.zip"
+echo "  2. In semmle-code, update autobuild/src/com/semmle/util/build/Maven.java:"
+echo "     bump the plugin version constant to '${PLUGIN_CODEQL_VERSION}'"
+echo "  3. Commit and raise PRs in both repositories."

java/ql/lib/change-notes/2026-05-19-avro-mads.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added LLM-generated source and sink models for `org.apache.avro`.

java/ql/lib/ext/generated/llmgenerator/org.apache.avro.file.model.yml

@@ -0,0 +1,29 @@
+# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Generated from https://github.com/apache/avro.git#68da8fb99da5c482f17853e01e79f714e3717b42 by codeql-mads-via-llm
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.avro.file", "DataFileReader", True, "openReader", "(File,DatumReader)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileWriter", True, "appendTo", "(File)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileWriter", True, "create", "(Schema,File)", "", "Argument[1]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "SeekableFileInput", True, "SeekableFileInput", "(File)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "SyncableFileOutputStream", True, "SyncableFileOutputStream", "(File)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "SyncableFileOutputStream", True, "SyncableFileOutputStream", "(File,boolean)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "SyncableFileOutputStream", True, "SyncableFileOutputStream", "(String)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "SyncableFileOutputStream", True, "SyncableFileOutputStream", "(String,boolean)", "", "Argument[0]", "path-injection", "ai-generated"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.apache.avro.file", "DataFileReader12", True, "getMeta", "(String)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileReader12", True, "getMetaString", "(String)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileReader12", True, "next", "()", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileReader12", True, "next", "(Object)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileStream", True, "getMeta", "(String)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileStream", True, "getMetaString", "(String)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileStream", True, "next", "()", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileStream", True, "next", "(Object)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileStream", True, "nextBlock", "()", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "FileReader", True, "next", "(Object)", "", "ReturnValue", "file", "ai-generated"]

java/ql/lib/ext/generated/llmgenerator/org.apache.avro.model.yml

@@ -0,0 +1,29 @@
+# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Generated from https://github.com/apache/avro.git#68da8fb99da5c482f17853e01e79f714e3717b42 by codeql-mads-via-llm
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.avro", "Protocol", True, "parse", "(File)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "Schema", True, "parse", "(File)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "Schema$Parser", True, "parse", "(File)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(File)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(Path)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(URI,Charset)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(URI,Charset)", "", "Argument[0]", "request-forgery", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parseSingle", "(Path)", "", "Argument[0]", "path-injection", "ai-generated"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.apache.avro", "Protocol", True, "parse", "(File)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro", "Schema", True, "parse", "(File)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(File)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(File,Charset)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(Path)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(Path,Charset)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(URI,Charset)", "", "ReturnValue", "remote", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parseSingle", "(Path)", "", "ReturnValue", "file", "ai-generated"]

java/ql/lib/ext/generated/llmgenerator/org.apache.avro.util.model.yml

@@ -0,0 +1,8 @@
+# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Generated from https://github.com/apache/avro.git#68da8fb99da5c482f17853e01e79f714e3717b42 by codeql-mads-via-llm
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.apache.avro.util", "RandomData", True, "main", "(String[])", "", "Argument[0]", "commandargs", "ai-generated"]

java/ql/lib/semmle/code/java/ControlFlowGraph.qll

@@ -84,7 +84,13 @@ private module Ast implements AstSig<Location> {
 
   class DoStmt = J::DoStmt;
 
-  class ForStmt = J::ForStmt;
+  final private class FinalForStmt = J::ForStmt;
+
+  class ForStmt extends FinalForStmt {
+    AstNode getInit(int index) { result = super.getInit(index) }
+
+    AstNode getUpdate(int index) { result = super.getUpdate(index) }
+  }
 
   final private class FinalEnhancedForStmt = J::EnhancedForStmt;
 

javascript/ql/lib/change-notes/2026-05-14-sensitive-data.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The sensitive data heuristics used to identify code that handles passwords and private data have been improved. Most of the changes permit more variations of established patterns, thereby finding more sensitive data. Queries that use the sensitive data library (for example `js/clear-text-logging`) may find more correct results and fewer false positive results after these changes.

python/extractor/cli-integration-test/writing-diagnostics/diagnostics.expected

@@ -17,13 +17,13 @@
     ]
   },
   "location": {
-    "file": "<test-root-directory>/repo_dir/syntaxerror3.py",
+    "file": "syntaxerror3.py",
     "startColumn": 0,
     "endColumn": 0,
     "startLine": 1,
     "endLine": 1
   },
-  "markdownMessage": "A parse error occurred while processing `<test-root-directory>/repo_dir/syntaxerror3.py`, and as a result this file could not be analyzed. Check the syntax of the file using the `python -m py_compile` command and correct any invalid syntax.",
+  "markdownMessage": "A parse error occurred while processing `syntaxerror3.py`, and as a result this file could not be analyzed. Check the syntax of the file using the `python -m py_compile` command and correct any invalid syntax.",
   "severity": "warning",
   "source": {
     "extractorName": "python",
@@ -56,13 +56,13 @@
     ]
   },
   "location": {
-    "file": "<test-root-directory>/repo_dir/syntaxerror1.py",
+    "file": "syntaxerror1.py",
     "startColumn": 0,
     "endColumn": 0,
     "startLine": 3,
     "endLine": 3
   },
-  "markdownMessage": "A parse error occurred while processing `<test-root-directory>/repo_dir/syntaxerror1.py`, and as a result this file could not be analyzed. Check the syntax of the file using the `python -m py_compile` command and correct any invalid syntax.",
+  "markdownMessage": "A parse error occurred while processing `syntaxerror1.py`, and as a result this file could not be analyzed. Check the syntax of the file using the `python -m py_compile` command and correct any invalid syntax.",
   "severity": "warning",
   "source": {
     "extractorName": "python",
@@ -95,13 +95,13 @@
     ]
   },
   "location": {
-    "file": "<test-root-directory>/repo_dir/syntaxerror2.py",
+    "file": "syntaxerror2.py",
     "startColumn": 0,
     "endColumn": 0,
     "startLine": 5,
     "endLine": 5
   },
-  "markdownMessage": "A parse error occurred while processing `<test-root-directory>/repo_dir/syntaxerror2.py`, and as a result this file could not be analyzed. Check the syntax of the file using the `python -m py_compile` command and correct any invalid syntax.",
+  "markdownMessage": "A parse error occurred while processing `syntaxerror2.py`, and as a result this file could not be analyzed. Check the syntax of the file using the `python -m py_compile` command and correct any invalid syntax.",
   "severity": "warning",
   "source": {
     "extractorName": "python",
@@ -145,7 +145,7 @@
     ]
   },
   "location": {
-    "file": "<test-root-directory>/repo_dir/recursion_error.py"
+    "file": "recursion_error.py"
   },
   "plaintextMessage": "maximum recursion depth exceeded while calling a Python object",
   "severity": "error",

python/extractor/semmle/logging.py

@@ -359,11 +359,30 @@ def get_stack_trace_lines():
             return lines[:i]
     return lines
 
+def _get_source_root():
+    """Get the source root directory for relativizing diagnostic paths."""
+    return os.environ.get("LGTM_SRC", os.getcwd())
+
+def _relative_path(path):
+    """Make a path relative to the source root for use in diagnostic locations.
+    If the path is not under the source root, return it unchanged."""
+    source_root = os.path.abspath(_get_source_root())
+    abs_path = os.path.abspath(path)
+    try:
+        relpath = os.path.relpath(abs_path, source_root)
+    except ValueError:
+        # On Windows, relpath raises ValueError for paths on different drives
+        return path
+    if relpath.startswith(os.pardir):
+        return path
+    return relpath.replace(os.sep, "/")
+
 def syntax_error_message(exception, unit):
-    l = Location(file=unit.path, startLine=exception.lineno, startColumn=exception.offset)
+    diag_path = _relative_path(unit.path)
+    l = Location(file=diag_path, startLine=exception.lineno, startColumn=exception.offset)
     error = (DiagnosticMessage(Source("py/diagnostics/syntax-error", "Could not process some files due to syntax errors"), Severity.WARNING)
              .with_location(l)
-             .markdown("A parse error occurred while processing `{}`, and as a result this file could not be analyzed. Check the syntax of the file using the `python -m py_compile` command and correct any invalid syntax.".format(unit.path))
+             .markdown("A parse error occurred while processing `{}`, and as a result this file could not be analyzed. Check the syntax of the file using the `python -m py_compile` command and correct any invalid syntax.".format(diag_path))
              .attribute("traceback", get_stack_trace_lines())
              .attribute("args", exception.args)
              .status_page()
@@ -374,7 +393,7 @@ def syntax_error_message(exception, unit):
 
 def recursion_error_message(exception, unit):
     # if unit is a BuiltinModuleExtractable, there will be no path attribute
-    l = Location(file=unit.path) if hasattr(unit, "path") else None
+    l = Location(file=_relative_path(unit.path)) if hasattr(unit, "path") else None
     return (DiagnosticMessage(Source("py/diagnostics/recursion-error", "Recursion error in Python extractor"), Severity.ERROR)
             .with_location(l)
             .text(exception.args[0])
@@ -385,7 +404,7 @@ def recursion_error_message(exception, unit):
 
 def internal_error_message(exception, unit):
     # if unit is a BuiltinModuleExtractable, there will be no path attribute
-    l = Location(file=unit.path) if hasattr(unit, "path") else None
+    l = Location(file=_relative_path(unit.path)) if hasattr(unit, "path") else None
     return (DiagnosticMessage(Source("py/diagnostics/internal-error", "Internal error in Python extractor"), Severity.ERROR)
             .with_location(l)
             .text("Internal error")

python/ql/lib/change-notes/2026-05-14-sensitive-data.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The sensitive data heuristics used to identify code that handles passwords and private data have been improved. Most of the changes permit more variations of established patterns, thereby finding more sensitive data. Queries that use the sensitive data library (for example `py/clear-text-logging-sensitive-data`) may find more correct results and less fewer positive results after these changes.

python/ql/lib/semmle/python/frameworks/PEP249.qll

@@ -8,6 +8,7 @@ private import semmle.python.dataflow.new.DataFlow
 private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.Concepts
 private import semmle.python.ApiGraphs
+private import semmle.python.dataflow.new.internal.DataFlowDispatch as DataFlowDispatch
 
 /**
  * Provides classes modeling database interfaces following PEP 249.
@@ -212,6 +213,74 @@ module PEP249 {
       ConnectCall() { this.getFunction() = connect() }
     }
 
+    /**
+     * Holds if class `cls` stores a PEP 249 database connection to `self.<attrName>`
+     * in its `__init__` method, via a direct call to a `connect` function.
+     */
+    private predicate classStoresConnectionInInit(Class cls, string attrName) {
+      exists(Function init, DataFlow::AttrWrite store |
+        cls.getAMethod() = init and
+        init.getName() = "__init__" and
+        store.getAttributeName() = attrName and
+        store.getObject().asCfgNode().getNode().(Name).getVariable() =
+          init.getArg(0).asName().getVariable() and
+        store.getValue() instanceof ConnectCall
+      )
+    }
+
+    /**
+     * A read of a connection-holding attribute within a method of a class whose
+     * `__init__` stores a PEP 249 connection in that attribute.
+     *
+     * This recognizes patterns such as:
+     * ```python
+     * class Wrapper:
+     *     def __init__(self):
+     *         self._conn = dbapi.connect(...)
+     *     def get_connection(self):
+     *         return self._conn  # <-- recognized as a connection source
+     * ```
+     * Because the `AttrRead` node for `self._conn` inside `get_connection` is
+     * also the `ExtractedReturnNode` for that statement, the existing TypeTracker
+     * `returnStep` automatically propagates the connection type to all call sites
+     * of `get_connection`.
+     */
+    private class ConnectionGetterAttributeRead extends InstanceSource, DataFlow::AttrRead {
+      ConnectionGetterAttributeRead() {
+        exists(Class cls, Function method, string attrName |
+          classStoresConnectionInInit(cls, attrName) and
+          cls.getAMethod() = method and
+          method.getName() != "__init__" and
+          this.getAttributeName() = attrName and
+          this.getObject().asCfgNode().getNode().(Name).getVariable() =
+            method.getArg(0).asName().getVariable()
+        )
+      }
+    }
+
+    /**
+     * An attribute access on a constructor-call result that directly reads the
+     * connection-holding attribute.
+     *
+     * This recognizes patterns such as:
+     * ```python
+     * class Wrapper:
+     *     def __init__(self):
+     *         self._conn = dbapi.connect(...)
+     *
+     * conn = Wrapper()._conn  # <-- recognized as a connection source
+     * ```
+     */
+    private class ConnectionConstructorAttributeRead extends InstanceSource, DataFlow::AttrRead {
+      ConnectionConstructorAttributeRead() {
+        exists(Class cls, string attrName |
+          classStoresConnectionInInit(cls, attrName) and
+          this.getAttributeName() = attrName and
+          DataFlowDispatch::resolveClassCall(this.getObject().asCfgNode().(CallNode), cls)
+        )
+      }
+    }
+
     /** Gets a reference to a database connection (following PEP 249). */
     private DataFlow::TypeTrackingNode instance(DataFlow::TypeTracker t) {
       t.start() and

python/ql/src/change-notes/2026-05-21-pep249-class-wrapper-connections.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Improved detection of SQL injection and other PEP 249 database-related vulnerabilities when a database connection is stored in a class instance attribute and accessed through a getter method or direct attribute read. For example, patterns like `self._conn = dbapi.connect(...)` in `__init__` followed by `return self._conn` in a getter method, or `MyClass()._conn`, are now correctly recognized as PEP 249 connection sources.

python/ql/test/library-tests/frameworks/hdbcli/pep249.py

@@ -7,3 +7,49 @@ cursor.execute("some sql", (42,))  # $ getSql="some sql"
 cursor.executemany("some sql", (42,))  # $ getSql="some sql"
     
 cursor.close()
+
+
+# ---------------------------------------------------------------------------
+# Connection stored in a class attribute and accessed via various patterns
+# ---------------------------------------------------------------------------
+
+
+class WrapperA:
+    def __init__(self):
+        self._conn = dbapi.connect(address="hostname", port=300, user="username", pass_arg="testpass")
+
+    def get_connection(self):
+        return self._conn
+
+
+# Getter called on a fresh constructor result
+conn_a1 = WrapperA().get_connection()
+cursor_a1 = conn_a1.cursor()
+cursor_a1.execute("some sql", (42,))  # $ getSql="some sql"
+
+# Getter called via a stored wrapper instance
+wrapper_instance = WrapperA()
+conn_a2 = wrapper_instance.get_connection()
+cursor_a2 = conn_a2.cursor()
+cursor_a2.execute("some sql", (42,))  # $ getSql="some sql"
+
+# Direct attribute access on a fresh constructor result
+conn_b = WrapperA()._conn
+cursor_b = conn_b.cursor()
+cursor_b.execute("some sql", (42,))  # $ getSql="some sql"
+
+
+class WrapperB:
+    """Stores the connection under a different attribute name."""
+
+    def __init__(self):
+        self._hana = dbapi.connect(address="hostname", port=300, user="username", pass_arg="testpass")
+
+    def cursor(self):
+        return self._hana.cursor()
+
+
+# Direct attribute access on a stored instance (mirrors hdb_con3 in the issue)
+conn_c = WrapperB()._hana
+cursor_c = conn_c.cursor()
+cursor_c.execute("some sql", (42,))  # $ getSql="some sql"

python/ql/test/query-tests/Security/CWE-312-CleartextLogging/CleartextLogging.expected

@@ -10,6 +10,8 @@ edges
 | test.py:48:14:48:35 | ControlFlowNode for social_security_number | test.py:49:15:49:36 | ControlFlowNode for social_security_number | provenance |  |
 | test.py:48:38:48:40 | ControlFlowNode for ssn | test.py:50:15:50:17 | ControlFlowNode for ssn | provenance |  |
 | test.py:48:54:48:63 | ControlFlowNode for passportNo | test.py:52:15:52:24 | ControlFlowNode for passportNo | provenance |  |
+| test.py:54:14:54:22 | ControlFlowNode for post_code | test.py:55:15:55:23 | ControlFlowNode for post_code | provenance |  |
+| test.py:54:25:54:31 | ControlFlowNode for zipCode | test.py:56:15:56:21 | ControlFlowNode for zipCode | provenance |  |
 | test.py:54:34:54:45 | ControlFlowNode for home_address | test.py:57:15:57:26 | ControlFlowNode for home_address | provenance |  |
 | test.py:59:14:59:26 | ControlFlowNode for user_latitude | test.py:60:15:60:27 | ControlFlowNode for user_latitude | provenance |  |
 | test.py:59:29:59:42 | ControlFlowNode for user_longitude | test.py:61:15:61:28 | ControlFlowNode for user_longitude | provenance |  |
@@ -42,7 +44,11 @@ nodes
 | test.py:49:15:49:36 | ControlFlowNode for social_security_number | semmle.label | ControlFlowNode for social_security_number |
 | test.py:50:15:50:17 | ControlFlowNode for ssn | semmle.label | ControlFlowNode for ssn |
 | test.py:52:15:52:24 | ControlFlowNode for passportNo | semmle.label | ControlFlowNode for passportNo |
+| test.py:54:14:54:22 | ControlFlowNode for post_code | semmle.label | ControlFlowNode for post_code |
+| test.py:54:25:54:31 | ControlFlowNode for zipCode | semmle.label | ControlFlowNode for zipCode |
 | test.py:54:34:54:45 | ControlFlowNode for home_address | semmle.label | ControlFlowNode for home_address |
+| test.py:55:15:55:23 | ControlFlowNode for post_code | semmle.label | ControlFlowNode for post_code |
+| test.py:56:15:56:21 | ControlFlowNode for zipCode | semmle.label | ControlFlowNode for zipCode |
 | test.py:57:15:57:26 | ControlFlowNode for home_address | semmle.label | ControlFlowNode for home_address |
 | test.py:59:14:59:26 | ControlFlowNode for user_latitude | semmle.label | ControlFlowNode for user_latitude |
 | test.py:59:29:59:42 | ControlFlowNode for user_longitude | semmle.label | ControlFlowNode for user_longitude |
@@ -79,6 +85,8 @@ subpaths
 | test.py:49:15:49:36 | ControlFlowNode for social_security_number | test.py:48:14:48:35 | ControlFlowNode for social_security_number | test.py:49:15:49:36 | ControlFlowNode for social_security_number | This expression logs $@ as clear text. | test.py:48:14:48:35 | ControlFlowNode for social_security_number | sensitive data (private) |
 | test.py:50:15:50:17 | ControlFlowNode for ssn | test.py:48:38:48:40 | ControlFlowNode for ssn | test.py:50:15:50:17 | ControlFlowNode for ssn | This expression logs $@ as clear text. | test.py:48:38:48:40 | ControlFlowNode for ssn | sensitive data (private) |
 | test.py:52:15:52:24 | ControlFlowNode for passportNo | test.py:48:54:48:63 | ControlFlowNode for passportNo | test.py:52:15:52:24 | ControlFlowNode for passportNo | This expression logs $@ as clear text. | test.py:48:54:48:63 | ControlFlowNode for passportNo | sensitive data (private) |
+| test.py:55:15:55:23 | ControlFlowNode for post_code | test.py:54:14:54:22 | ControlFlowNode for post_code | test.py:55:15:55:23 | ControlFlowNode for post_code | This expression logs $@ as clear text. | test.py:54:14:54:22 | ControlFlowNode for post_code | sensitive data (private) |
+| test.py:56:15:56:21 | ControlFlowNode for zipCode | test.py:54:25:54:31 | ControlFlowNode for zipCode | test.py:56:15:56:21 | ControlFlowNode for zipCode | This expression logs $@ as clear text. | test.py:54:25:54:31 | ControlFlowNode for zipCode | sensitive data (private) |
 | test.py:57:15:57:26 | ControlFlowNode for home_address | test.py:54:34:54:45 | ControlFlowNode for home_address | test.py:57:15:57:26 | ControlFlowNode for home_address | This expression logs $@ as clear text. | test.py:54:34:54:45 | ControlFlowNode for home_address | sensitive data (private) |
 | test.py:60:15:60:27 | ControlFlowNode for user_latitude | test.py:59:14:59:26 | ControlFlowNode for user_latitude | test.py:60:15:60:27 | ControlFlowNode for user_latitude | This expression logs $@ as clear text. | test.py:59:14:59:26 | ControlFlowNode for user_latitude | sensitive data (private) |
 | test.py:61:15:61:28 | ControlFlowNode for user_longitude | test.py:59:29:59:42 | ControlFlowNode for user_longitude | test.py:61:15:61:28 | ControlFlowNode for user_longitude | This expression logs $@ as clear text. | test.py:59:29:59:42 | ControlFlowNode for user_longitude | sensitive data (private) |

python/ql/test/query-tests/Security/CWE-312-CleartextLogging/test.py

@@ -52,8 +52,8 @@ def log_private():
         print(passportNo) # NOT OK
 
     def log2(post_code, zipCode, home_address):
-        print(post_code) # NOT OK, but NOT FOUND - "code" is treated as encrypted and thus not sensitive
-        print(zipCode) # NOT OK, but NOT FOUND - "code" is treated as encrypted and thus not sensitive
+        print(post_code) # NOT OK
+        print(zipCode) # NOT OK
         print(home_address) # NOT OK
 
     def log3(user_latitude, user_longitude):

ruby/extractor/src/extractor.rs

@@ -94,11 +94,14 @@ pub fn run(options: Options) -> std::io::Result<()> {
         node_types::read_node_types_str("erb", tree_sitter_embedded_template::NODE_TYPES)?;
     let lines: std::io::Result<Vec<String>> = std::io::BufReader::new(file_list).lines().collect();
     let lines = lines?;
+    let source_root = std::env::current_dir().ok().and_then(|d| d.canonicalize().ok());
     lines
         .par_iter()
         .try_for_each(|line| {
             let mut diagnostics_writer = diagnostics.logger();
             let path = PathBuf::from(line).canonicalize()?;
+            let diagnostics_file_path =
+                file_paths::relativize_for_diagnostic(&path, source_root.as_deref());
             match &overlay_changed_files {
                 Some(changed_files) if !changed_files.contains(&path) => {
                     // We are extracting an overlay and this file is not in the list of changes files, so we should skip it.
@@ -165,7 +168,7 @@ pub fn run(options: Options) -> std::io::Result<()> {
                                                     "character-decoding-error",
                                                     "Character decoding error",
                                                 )
-                                                .file(&file_paths::normalize_and_transform_path(&path, path_transformer.as_ref()))
+                                                .file(&diagnostics_file_path)
                                                 .message(
                                                     "Could not decode the file contents as {}: {}. The contents of the file must match the character encoding specified in the {} {}.",
                                                     &[
@@ -185,7 +188,7 @@ pub fn run(options: Options) -> std::io::Result<()> {
                             diagnostics_writer.write(
                                 diagnostics_writer
                                     .new_entry("unknown-character-encoding", "Could not process some files due to an unknown character encoding")
-                                    .file(&file_paths::normalize_and_transform_path(&path, path_transformer.as_ref()))
+                                    .file(&diagnostics_file_path)
                                     .message(
                                         "Unknown character encoding {} in {} {}.",
                                         &[

ruby/ql/integration-tests/diagnostics/syntax-error/diagnostics.expected

@@ -5,7 +5,7 @@
   "location": {
     "endColumn": 5,
     "endLine": 1,
-    "file": "<test-root-directory>/bad.rb",
+    "file": "bad.rb",
     "startColumn": 4,
     "startLine": 1
   },
@@ -28,7 +28,7 @@
   "location": {
     "endColumn": 7,
     "endLine": 3,
-    "file": "<test-root-directory>/bad.rb",
+    "file": "bad.rb",
     "startColumn": 8,
     "startLine": 3
   },

ruby/ql/integration-tests/diagnostics/unknown-encoding/diagnostics.expected

@@ -3,7 +3,7 @@
     "https://docs.ruby-lang.org/en/master/syntax/comments_rdoc.html#label-encoding+Directive"
   ],
   "location": {
-    "file": "<test-root-directory>/encoding.rb"
+    "file": "encoding.rb"
   },
   "markdownMessage": "Unknown character encoding `silly` in `#encoding:` [directive](https://docs.ruby-lang.org/en/master/syntax/comments_rdoc.html#label-encoding+Directive).",
   "plaintextMessage": "Unknown character encoding silly in #encoding: directive.",

rust/ql/lib/change-notes/2026-05-14-sensitive-data.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The sensitive data heuristics used to identify code that handles passwords and private data have been improved. Most of the changes permit more variations of established patterns, thereby finding more sensitive data. Queries that use the sensitive data library (for example `rust/cleartext-logging`) may find more correct results and fewer false positive results after these changes.

rust/ql/test/library-tests/sensitivedata/test.rs

@@ -23,11 +23,14 @@ impl MyStruct {
 fn get_password() -> String { get_string() }
 
 fn test_passwords(
-	password: &str, pass_word: &str, passwd: &str, my_password: &str, password_str: &str, password_confirmation: &str,
+	password: &str, pass_word: &str, passwd: &str, my_password: &str, password_str: &str, password_confirmation: &str, profile_password: &str,
 	pass_phrase: &str, passphrase: &str, passPhrase: &str, backup_code: &str,
 	auth_key: &str, authkey: &str, authKey: &str, authentication_key: &str, authenticationkey: &str, authenticationKey: &str, oauth: &str,
-	one_time_code: &str,
-	harmless: &str, encrypted_password: &str, password_hash: &str, passwordFile: &str,
+	one_time_code: &str, api_token: &str, api_tok: &str,
+	harmless: &str,
+	encrypted_password: &str, unencrypted_password: &str, encoded_password: &str, unencoded_password: &str,
+	password_hash: &str, passwordFile: &str, coauthor: &str,
+
 	ms: &MyStruct
 ) {
 	// passwords
@@ -38,6 +41,9 @@ fn test_passwords(
 	sink(my_password); // $ sensitive=password
 	sink(password_str); // $ sensitive=password
 	sink(password_confirmation); // $ sensitive=password
+	sink(profile_password); // $ sensitive=password
+	sink(unencrypted_password); // $ sensitive=password
+	sink(unencoded_password); // $ sensitive=password
 	sink(pass_phrase); // $ sensitive=password
 	sink(passphrase); // $ sensitive=password
 	sink(passPhrase); // $ sensitive=password
@@ -51,6 +57,8 @@ fn test_passwords(
 	sink(authenticationKey); // $ sensitive=password
 	sink(oauth); // $ sensitive=password
 	sink(one_time_code); // $ MISSING: sensitive=password
+	sink(api_token); // $ sensitive=password
+	sink(api_tok); // $ sensitive=password
 
 	sink(ms); // $ MISSING: sensitive=password
 	sink(ms.password.as_str()); // $ sensitive=password
@@ -67,8 +75,10 @@ fn test_passwords(
 
 	sink(harmless);
 	sink(encrypted_password);
+	sink(encoded_password);
 	sink(password_hash);
 	sink(passwordFile);
+	sink(coauthor);
 
 	sink(ms.harmless.as_str());
 	sink(ms.password_file_path.as_str());
@@ -187,6 +197,10 @@ struct Financials {
 	harmless: String,
 	my_bank_account_number: String,
 	credit_card_no: String,
+	card_no: String,
+	cardNumber: String,
+	card_security_code: String,
+
 	credit_rating: i32,
 	user_ccn: String,
 	cvv: String,
@@ -201,6 +215,7 @@ struct Financials {
 	accounting: i32,
 	unaccounted: bool,
 	multiband: bool,
+	wildcard_not_matched: bool,
 }
 
 enum Gender {
@@ -298,6 +313,9 @@ fn test_private_info(
 
 	sink(info.financials.my_bank_account_number.as_str()); // $ sensitive=private SPURIOUS: sensitive=id
 	sink(info.financials.credit_card_no.as_str()); // $ sensitive=private
+	sink(info.financials.card_no.as_str()); // $ sensitive=private
+	sink(info.financials.cardNumber.as_str()); // $ sensitive=private
+	sink(info.financials.card_security_code.as_str()); // $ sensitive=private
 	sink(info.financials.credit_rating); // $ sensitive=private
 	sink(info.financials.user_ccn.as_str()); // $ sensitive=private
 	sink(info.financials.cvv.as_str()); // $ sensitive=private
@@ -350,6 +368,7 @@ fn test_private_info(
 	sink(info.financials.accounting);
 	sink(info.financials.unaccounted);
 	sink(info.financials.multiband);
+	sink(info.financials.wildcard_not_matched);
 
 	sink(ContactDetails::FavouriteColor("blue".to_string()));
 }

shared/concepts/codeql/concepts/internal/SensitiveDataHeuristics.qll

@@ -76,7 +76,7 @@ module HeuristicNames {
   string maybePassword() {
     result =
       "(?is).*(pass(wd|word|code|.?phrase)(?!.*question)|(auth(entication|ori[sz]ation)?).?key|oauth|"
-        + "api.?(key|token)|([_-]|\\b)mfa([_-]|\\b)).*"
+        + "api.?(key|tok)|([_-]|\\b)mfa([_-]|\\b)).*"
   }
 
   /**
@@ -104,8 +104,9 @@ module HeuristicNames {
         // Geographic location - where the user is (or was)
         "latitude|longitude|nationality|" +
         // Financial data - such as credit card numbers, salary, bank accounts, and debts
-        "(credit|debit|bank|visa).?(card|num|no|acc(ou)?nt)|acc(ou)?nt.?(no|num|credit)|routing.?num|"
+        "(credit|debit|bank|visa).?(card|num|no|acc(ou)?nt)|(card|acc(ou)?nt).?(no|num|credit)|routing.?num|"
         + "salary|billing|beneficiary|credit.?(rating|score)|([_-]|\\b)(ccn|cvv|iban)([_-]|\\b)|" +
+        "security.?code|" +
         // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
         // "e(mail|_mail)|" + // this seems too noisy
         // Health - medical conditions, insurance status, prescription records
@@ -145,13 +146,13 @@ module HeuristicNames {
    * suggesting nouns within the string do not represent the meaning of the whole string (e.g. a URL or a SQL query).
    *
    * We also filter out common words like `certain` and `concert`, since otherwise these could
-   * be matched by the certificate regular expressions. Same for `accountable` (account), or
-   * `secretarial` (secret).
+   * be matched by the certificate regular expressions. Same for `accountable` (account),
+   * `secretarial` (secret), `wildcard` (card), `coauthor` (oauth).
    */
   string notSensitiveRegexp() {
     result =
-      "(?is).*([^\\w$.-]|redact|censor|obfuscate|hash|md5|sha|random|((?<!un)(en))?(crypt|(?<!pass)code)|"
-        + "certain|concert|secretar|account(ant|ab|ing|ed)|file|path|([_-]|\\b)url).*"
+      "(?is).*([^\\w$.-]|redact|censor|obfuscate|hash|md5|sha|random|(?<!unen)crypt|(?<!un)encode|" +
+        "certain|concert|secretar|wildcard|coauthor|account(ant|ab|ing|ed)|(?<!pro)file|path|([_-]|\\b)url).*"
   }
 
   /**