Merge pull request #6556 from hvitved/csharp/insecure-sql-conn-flow

C#: Use data flow instead of taint tracking in `InsecureSQLConnection.ql`
Merge pull request #6548 from hvitved/csharp/dataflow/tests
2026-05-18 05:07:06 +02:00 · 2021-08-30 11:31:22 +02:00 · 2021-08-30 11:30:55 +02:00 · 2021-08-27 12:40:11 -07:00 · 2021-08-27 14:17:48 -04:00 · 2021-08-26 16:53:29 +01:00
4098 changed files with 120448 additions and 46687 deletions
--- a/.codeqlmanifest.json
+++ b/.codeqlmanifest.json
@@ -1,4 +1,5 @@
 { "provide": [ "*/ql/src/qlpack.yml",
+               "*/ql/lib/qlpack.yml",
               "*/ql/test/qlpack.yml",
               "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml",
               "*/ql/examples/qlpack.yml",
--- a/6
+++ b/6
@@ -17,3 +17,9 @@
 /java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll @github/codeql-java @github/codeql-go
 /java/ql/src/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go
 /java/ql/src/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll @github/codeql-java @github/codeql-go
+
+# CodeQL tools and associated docs
+/docs/codeql-cli/ @github/codeql-cli-reviewers
+/docs/codeql-for-visual-studio-code/ @github/codeql-vscode-reviewers
+/docs/ql-language-reference/ @github/codeql-frontend-reviewers
+/docs/query-*-style-guide.md @github/codeql-analysis-reviewers
--- a/config/identical-files.json
+++ b/config/identical-files.json
@@ -1,332 +1,333 @@
 {
  "DataFlow Java/C++/C#/Python": [
-    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll",
-    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll",
-    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll",
-    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll",
-    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll",
-    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl6.qll",
-    "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll",
-    "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll",
-    "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll",
-    "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll",
-    "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll",
-    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl.qll",
-    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
-    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
-    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl4.qll"
+    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl.qll",
+    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll",
+    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll",
+    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll",
+    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll",
+    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll",
+    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplForSerializability.qll",
+    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll",
+    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll",
+    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll",
+    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll",
+    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll",
+    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll",
+    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
+    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
+    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll"
  ],
  "DataFlow Java/C++/C#/Python Common": [
-    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll",
-    "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll",
-    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll"
+    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll",
+    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll",
+    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll"
  ],
  "TaintTracking::Configuration Java/C++/C#/Python": [
-    "cpp/ql/src/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
-    "cpp/ql/src/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll",
-    "java/ql/src/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
-    "java/ql/src/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
-    "python/ql/src/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll",
-    "python/ql/src/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll",
-    "python/ql/src/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll",
-    "python/ql/src/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll"
+    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
+    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll",
+    "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
+    "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
+    "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll",
+    "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll",
+    "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll",
+    "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll"
  ],
  "DataFlow Java/C++/C#/Python Consistency checks": [
-    "java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll",
-    "cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImplConsistency.qll",
-    "python/ql/src/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll"
+    "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll",
+    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplConsistency.qll",
+    "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll"
  ],
  "DataFlow Java/C# Flow Summaries": [
-    "java/ql/src/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll"
+    "java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll"
  ],
  "SsaReadPosition Java/C#": [
-    "java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll"
+    "java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll"
  ],
  "Sign Java/C#": [
-    "java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/Sign.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/rangeanalysis/Sign.qll"
+    "java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/Sign.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/Sign.qll"
  ],
  "SignAnalysis Java/C#": [
-    "java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll"
+    "java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll"
  ],
  "Bound Java/C#": [
-    "java/ql/src/semmle/code/java/dataflow/Bound.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/Bound.qll"
+    "java/ql/lib/semmle/code/java/dataflow/Bound.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll"
  ],
  "ModulusAnalysis Java/C#": [
-    "java/ql/src/semmle/code/java/dataflow/ModulusAnalysis.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/ModulusAnalysis.qll"
+    "java/ql/lib/semmle/code/java/dataflow/ModulusAnalysis.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/ModulusAnalysis.qll"
  ],
  "C++ SubBasicBlocks": [
-    "cpp/ql/src/semmle/code/cpp/controlflow/SubBasicBlocks.qll",
-    "cpp/ql/src/semmle/code/cpp/dataflow/internal/SubBasicBlocks.qll"
+    "cpp/ql/lib/semmle/code/cpp/controlflow/SubBasicBlocks.qll",
+    "cpp/ql/lib/semmle/code/cpp/dataflow/internal/SubBasicBlocks.qll"
  ],
  "IR Instruction": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Instruction.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll",
    "csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Instruction.qll"
  ],
  "IR IRBlock": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRBlock.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRBlock.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRBlock.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRBlock.qll",
    "csharp/ql/src/experimental/ir/implementation/raw/IRBlock.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRBlock.qll"
  ],
  "IR IRVariable": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRVariable.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRVariable.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRVariable.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRVariable.qll",
    "csharp/ql/src/experimental/ir/implementation/raw/IRVariable.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRVariable.qll"
  ],
  "IR IRFunction": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRFunction.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRFunction.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRFunction.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRFunction.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRFunction.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRFunction.qll",
    "csharp/ql/src/experimental/ir/implementation/raw/IRFunction.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRFunction.qll"
  ],
  "IR Operand": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/Operand.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Operand.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Operand.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Operand.qll",
    "csharp/ql/src/experimental/ir/implementation/raw/Operand.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/Operand.qll"
  ],
  "IR IRType": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/IRType.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/IRType.qll",
    "csharp/ql/src/experimental/ir/implementation/IRType.qll"
  ],
  "IR IRConfiguration": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/IRConfiguration.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/IRConfiguration.qll",
    "csharp/ql/src/experimental/ir/implementation/IRConfiguration.qll"
  ],
  "IR UseSoundEscapeAnalysis": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/UseSoundEscapeAnalysis.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/UseSoundEscapeAnalysis.qll",
    "csharp/ql/src/experimental/ir/implementation/UseSoundEscapeAnalysis.qll"
  ],
  "IR IRFunctionBase": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/IRFunctionBase.qll",
    "csharp/ql/src/experimental/ir/implementation/internal/IRFunctionBase.qll"
  ],
  "IR Operand Tag": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/internal/OperandTag.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/OperandTag.qll",
    "csharp/ql/src/experimental/ir/implementation/internal/OperandTag.qll"
  ],
  "IR TInstruction": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/internal/TInstruction.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TInstruction.qll",
    "csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll"
  ],
  "IR TIRVariable": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/internal/TIRVariable.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/internal/TIRVariable.qll",
    "csharp/ql/src/experimental/ir/implementation/internal/TIRVariable.qll"
  ],
  "IR IR": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IR.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IR.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IR.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IR.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IR.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IR.qll",
    "csharp/ql/src/experimental/ir/implementation/raw/IR.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IR.qll"
  ],
  "IR IRConsistency": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRConsistency.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRConsistency.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/IRConsistency.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/IRConsistency.qll",
    "csharp/ql/src/experimental/ir/implementation/raw/IRConsistency.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/IRConsistency.qll"
  ],
  "IR PrintIR": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/PrintIR.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/PrintIR.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/PrintIR.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/PrintIR.qll",
    "csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/PrintIR.qll"
  ],
  "IR IntegerConstant": [
-    "cpp/ql/src/semmle/code/cpp/ir/internal/IntegerConstant.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/internal/IntegerConstant.qll",
    "csharp/ql/src/experimental/ir/internal/IntegerConstant.qll"
  ],
  "IR IntegerInteval": [
-    "cpp/ql/src/semmle/code/cpp/ir/internal/IntegerInterval.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/internal/IntegerInterval.qll",
    "csharp/ql/src/experimental/ir/internal/IntegerInterval.qll"
  ],
  "IR IntegerPartial": [
-    "cpp/ql/src/semmle/code/cpp/ir/internal/IntegerPartial.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/internal/IntegerPartial.qll",
    "csharp/ql/src/experimental/ir/internal/IntegerPartial.qll"
  ],
  "IR Overlap": [
-    "cpp/ql/src/semmle/code/cpp/ir/internal/Overlap.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/internal/Overlap.qll",
    "csharp/ql/src/experimental/ir/internal/Overlap.qll"
  ],
  "IR EdgeKind": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/EdgeKind.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/EdgeKind.qll",
    "csharp/ql/src/experimental/ir/implementation/EdgeKind.qll"
  ],
  "IR MemoryAccessKind": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/MemoryAccessKind.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/MemoryAccessKind.qll",
    "csharp/ql/src/experimental/ir/implementation/MemoryAccessKind.qll"
  ],
  "IR TempVariableTag": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/TempVariableTag.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/TempVariableTag.qll",
    "csharp/ql/src/experimental/ir/implementation/TempVariableTag.qll"
  ],
  "IR Opcode": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/Opcode.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/Opcode.qll",
    "csharp/ql/src/experimental/ir/implementation/Opcode.qll"
  ],
  "IR SSAConsistency": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConsistency.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConsistency.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConsistency.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConsistency.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConsistency.qll"
  ],
  "C++ IR InstructionImports": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/InstructionImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/InstructionImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/InstructionImports.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/InstructionImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/InstructionImports.qll"
  ],
  "C++ IR IRImports": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRImports.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRImports.qll"
  ],
  "C++ IR IRBlockImports": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRBlockImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRBlockImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRBlockImports.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRBlockImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRBlockImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRBlockImports.qll"
  ],
  "C++ IR IRFunctionImports": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRFunctionImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRFunctionImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRFunctionImports.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRFunctionImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRFunctionImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRFunctionImports.qll"
  ],
  "C++ IR IRVariableImports": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/IRVariableImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRVariableImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRVariableImports.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/IRVariableImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/IRVariableImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/IRVariableImports.qll"
  ],
  "C++ IR OperandImports": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/OperandImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/OperandImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/OperandImports.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/OperandImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/OperandImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/OperandImports.qll"
  ],
  "C++ IR PrintIRImports": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/PrintIRImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintIRImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintIRImports.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/PrintIRImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintIRImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintIRImports.qll"
  ],
  "C++ SSA SSAConstructionImports": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstructionImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstructionImports.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstructionImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstructionImports.qll"
  ],
  "SSA AliasAnalysis": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysis.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysis.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/AliasAnalysis.qll"
  ],
  "SSA PrintAliasAnalysis": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintAliasAnalysis.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintAliasAnalysis.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintAliasAnalysis.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintAliasAnalysis.qll"
  ],
  "C++ SSA AliasAnalysisImports": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysisImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysisImports.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasAnalysisImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/AliasAnalysisImports.qll"
  ],
  "C++ IR ValueNumberingImports": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingImports.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingImports.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingImports.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingImports.qll"
  ],
  "IR SSA SimpleSSA": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SimpleSSA.qll"
  ],
  "IR AliasConfiguration (unaliased_ssa)": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/AliasConfiguration.qll"
  ],
  "IR SSA SSAConstruction": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll"
  ],
  "IR SSA PrintSSA": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintSSA.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintSSA.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/PrintSSA.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/internal/PrintSSA.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/internal/PrintSSA.qll"
  ],
  "IR ValueNumberInternal": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingInternal.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingInternal.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingInternal.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/internal/ValueNumberingInternal.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingInternal.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/internal/ValueNumberingInternal.qll",
    "csharp/ql/src/experimental/ir/implementation/raw/gvn/internal/ValueNumberingInternal.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingInternal.qll"
  ],
  "C++ IR ValueNumber": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll",
    "csharp/ql/src/experimental/ir/implementation/raw/gvn/ValueNumbering.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll"
  ],
  "C++ IR PrintValueNumbering": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/gvn/PrintValueNumbering.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/PrintValueNumbering.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/PrintValueNumbering.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/gvn/PrintValueNumbering.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/PrintValueNumbering.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/PrintValueNumbering.qll",
    "csharp/ql/src/experimental/ir/implementation/raw/gvn/PrintValueNumbering.qll",
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/PrintValueNumbering.qll"
  ],
  "C++ IR ConstantAnalysis": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/constant/ConstantAnalysis.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/constant/ConstantAnalysis.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/constant/ConstantAnalysis.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/constant/ConstantAnalysis.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/constant/ConstantAnalysis.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/constant/ConstantAnalysis.qll"
  ],
  "C++ IR PrintConstantAnalysis": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/constant/PrintConstantAnalysis.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/constant/PrintConstantAnalysis.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/constant/PrintConstantAnalysis.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/constant/PrintConstantAnalysis.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/constant/PrintConstantAnalysis.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/constant/PrintConstantAnalysis.qll"
  ],
  "C++ IR ReachableBlock": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/reachability/ReachableBlock.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/ReachableBlock.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/reachability/ReachableBlock.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/ReachableBlock.qll"
  ],
  "C++ IR PrintReachableBlock": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/reachability/PrintReachableBlock.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/PrintReachableBlock.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/reachability/PrintReachableBlock.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/PrintReachableBlock.qll"
  ],
  "C++ IR Dominance": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/reachability/Dominance.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/Dominance.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/reachability/Dominance.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/Dominance.qll"
  ],
  "C++ IR PrintDominance": [
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/raw/internal/reachability/PrintDominance.qll",
-    "cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/PrintDominance.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/reachability/PrintDominance.qll",
+    "cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/reachability/PrintDominance.qll"
  ],
  "C# IR InstructionImports": [
    "csharp/ql/src/experimental/ir/implementation/raw/internal/InstructionImports.qll",
@@ -361,8 +362,8 @@
    "csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingImports.qll"
  ],
  "C# ControlFlowReachability": [
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/ControlFlowReachability.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/rangeanalysis/ControlFlowReachability.qll"
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/ControlFlowReachability.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/ControlFlowReachability.qll"
  ],
  "Inline Test Expectations": [
    "cpp/ql/test/TestUtilities/InlineExpectationsTest.qll",
@@ -378,11 +379,11 @@
    "cpp/ql/src/Security/CWE/CWE-020/ir/SafeExternalAPIFunction.qll"
  ],
  "XML": [
-    "cpp/ql/src/semmle/code/cpp/XML.qll",
-    "csharp/ql/src/semmle/code/csharp/XML.qll",
-    "java/ql/src/semmle/code/xml/XML.qll",
-    "javascript/ql/src/semmle/javascript/XML.qll",
-    "python/ql/src/semmle/python/xml/XML.qll"
+    "cpp/ql/lib/semmle/code/cpp/XML.qll",
+    "csharp/ql/lib/semmle/code/csharp/XML.qll",
+    "java/ql/lib/semmle/code/xml/XML.qll",
+    "javascript/ql/lib/semmle/javascript/XML.qll",
+    "python/ql/lib/semmle/python/xml/XML.qll"
  ],
  "DuplicationProblems.inc.qhelp": [
    "cpp/ql/src/Metrics/Files/DuplicationProblems.inc.qhelp",
@@ -436,17 +437,29 @@
    "python/ql/src/analysis/IDEContextual.qll"
  ],
  "SSA C#": [
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/SsaImplCommon.qll",
-    "csharp/ql/src/semmle/code/csharp/controlflow/internal/pressa/SsaImplCommon.qll",
-    "csharp/ql/src/semmle/code/csharp/dataflow/internal/basessa/SsaImplCommon.qll",
-    "csharp/ql/src/semmle/code/cil/internal/SsaImplCommon.qll"
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImplCommon.qll",
+    "csharp/ql/lib/semmle/code/csharp/controlflow/internal/pressa/SsaImplCommon.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/basessa/SsaImplCommon.qll",
+    "csharp/ql/lib/semmle/code/cil/internal/SsaImplCommon.qll"
  ],
  "CryptoAlgorithms Python/JS": [
-    "javascript/ql/src/semmle/javascript/security/CryptoAlgorithms.qll",
-    "python/ql/src/semmle/python/concepts/CryptoAlgorithms.qll"
+    "javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll",
+    "python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll"
  ],
  "SensitiveDataHeuristics Python/JS": [
-    "javascript/ql/src/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
-    "python/ql/src/semmle/python/security/internal/SensitiveDataHeuristics.qll"
+    "javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
+    "python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll"
+  ],
+  "ReDoS Util Python/JS": [
+    "javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll",
+    "python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll"
+  ],
+  "ReDoS Exponential Python/JS": [
+    "javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll",
+    "python/ql/lib/semmle/python/security/performance/ExponentialBackTracking.qll"
+  ],
+  "ReDoS Polynomial Python/JS": [
+    "javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll",
+    "python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll"
  ]
 }
--- a/cpp/change-notes/2021-06-24-uncontrolled-arithmetic.md
+++ b/cpp/change-notes/2021-06-24-uncontrolled-arithmetic.md
@@ -0,0 +1,2 @@
+lgtm
+* The 'Uncontrolled data in arithmetic expression' (cpp/uncontrolled-arithmetic) query now recognizes more sources of randomness.
--- a/cpp/change-notes/2021-06-30-wrong-type-format-argument.md
+++ b/cpp/change-notes/2021-06-30-wrong-type-format-argument.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The 'Wrong type of arguments to formatting function' (cpp/wrong-type-format-argument) query is now more accepting of the string and character formatting differences between Microsoft and non-Microsoft platforms.  There are now fewer false positive results.
--- a/cpp/change-notes/2021-07-13-cleartext-storage-file.md
+++ b/cpp/change-notes/2021-07-13-cleartext-storage-file.md
@@ -0,0 +1,3 @@
+lgtm,codescanning
+* The "Cleartext storage of sensitive information in file" (cpp/cleartext-storage-file) query now uses dataflow to produce additional results.
+* Heuristics in the SensitiveExprs.qll library have been improved, making the "Cleartext storage of sensitive information in file" (cpp/cleartext-storage-file), "Cleartext storage of sensitive information in buffer" (cpp/cleartext-storage-buffer) and "Cleartext storage of sensitive information in an SQLite" (cpp/cleartext-storage-database) queries more accurate.
--- a/cpp/change-notes/2021-07-20-toctou-race-condition.md
+++ b/cpp/change-notes/2021-07-20-toctou-race-condition.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Improvements have been made to the `cpp/toctou-race-condition` query, both to find more correct results and fewer false positive results.
--- a/cpp/change-notes/2021-07-27-uncontrolled-arithmetic.md
+++ b/cpp/change-notes/2021-07-27-uncontrolled-arithmetic.md
@@ -0,0 +1,2 @@
+lgtm
+* Improvements made to the (`cpp/uncontrolled-arithmetic`) query, reducing the frequency of false positive results.
--- a/cpp/change-notes/2021-07-29-virtual-function-declaration-specifiers.md
+++ b/cpp/change-notes/2021-07-29-virtual-function-declaration-specifiers.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Virtual function specifiers are now accessible via the new predicates on `Function` (`.isDeclaredVirtual`, `.isOverride`, and `.isFinal`).
--- a/cpp/change-notes/2021-08-10-has-trailing-return-type.md
+++ b/cpp/change-notes/2021-08-10-has-trailing-return-type.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Added `Function.hasTrailingReturnType` predicate to check whether a function was declared with a trailing return type.
--- a/cpp/change-notes/2021-08-17-has-c-linkage.md
+++ b/cpp/change-notes/2021-08-17-has-c-linkage.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Added `RoutineType.hasCLinkage` predicate to check whether a function type has "C" language linkage.
--- a/cpp/change-notes/2021-08-23-ctime-weaken-claims.md
+++ b/cpp/change-notes/2021-08-23-ctime-weaken-claims.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Lowered the precision of `cpp/potentially-dangerous-function` so it is run but not displayed on LGTM by default and so it's only run and displayed on Code Scanning if a broader suite like `cpp-security-extended` is opted into.
--- a/cpp/change-notes/2021-08-23-getPrimaryQlClasses.md
+++ b/cpp/change-notes/2021-08-23-getPrimaryQlClasses.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Added `Element.getPrimaryQlClasses()` predicate, which gets a comma-separated list of the names of the primary CodeQL classes to which this element belongs.
--- a/cpp/change-notes/2021-08-24-implicit-downcast-from-bitfield.md
+++ b/cpp/change-notes/2021-08-24-implicit-downcast-from-bitfield.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The query `cpp/implicit-bitfield-downcast` now accounts for C++ reference types, which leads to more true positive results.
--- a/cpp/ql/examples/qlpack.yml
+++ b/cpp/ql/examples/qlpack.yml
@@ -1,3 +1,3 @@
 name: codeql-cpp-examples
 version: 0.0.0
-libraryPathDependencies: codeql-cpp
+libraryPathDependencies: codeql/cpp-all
--- a/cpp/ql/lib/DefaultOptions.qll
+++ b/cpp/ql/lib/DefaultOptions.qll
--- a/cpp/ql/lib/Options.qll
+++ b/cpp/ql/lib/Options.qll
--- a/cpp/ql/lib/cpp.qll
+++ b/cpp/ql/lib/cpp.qll
--- a/cpp/ql/lib/experimental/semmle/code/cpp/models/interfaces/SimpleRangeAnalysisDefinition.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/models/interfaces/SimpleRangeAnalysisDefinition.qll
--- a/cpp/ql/lib/experimental/semmle/code/cpp/models/interfaces/SimpleRangeAnalysisExpr.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/models/interfaces/SimpleRangeAnalysisExpr.qll
--- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/ArrayLengthAnalysis.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/ArrayLengthAnalysis.qll
--- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/Bound.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/Bound.qll
--- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/ExtendedRangeAnalysis.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/ExtendedRangeAnalysis.qll
--- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/InBoundsPointerDeref.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/InBoundsPointerDeref.qll
--- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll
--- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeUtils.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeUtils.qll
--- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/SignAnalysis.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/SignAnalysis.qll
--- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/ConstantBitwiseAndExprRange.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/ConstantBitwiseAndExprRange.qll
--- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/SubtractSelf.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/SubtractSelf.qll
--- a/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll
--- a/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateData.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateData.qll
--- a/cpp/ql/lib/external/ExternalArtifact.qll
+++ b/cpp/ql/lib/external/ExternalArtifact.qll
--- a/cpp/ql/lib/qlpack.lock.yml
+++ b/cpp/ql/lib/qlpack.lock.yml
@@ -0,0 +1,4 @@
+---
+dependencies: {}
+compiled: false
+lockVersion: 1.0.0
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -0,0 +1,5 @@
+name: codeql/cpp-all
+version: 0.0.2
+dbscheme: semmlecode.cpp.dbscheme
+extractor: cpp
+library: true
--- a/cpp/ql/lib/semmle/code/cpp/ASTConsistency.ql
+++ b/cpp/ql/lib/semmle/code/cpp/ASTConsistency.ql
--- a/cpp/ql/lib/semmle/code/cpp/AutogeneratedFile.qll
+++ b/cpp/ql/lib/semmle/code/cpp/AutogeneratedFile.qll
--- a/cpp/ql/lib/semmle/code/cpp/Class.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Class.qll
--- a/cpp/ql/lib/semmle/code/cpp/Comments.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Comments.qll
--- a/cpp/ql/lib/semmle/code/cpp/Compilation.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Compilation.qll
--- a/cpp/ql/lib/semmle/code/cpp/Declaration.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Declaration.qll
--- a/cpp/ql/lib/semmle/code/cpp/Diagnostics.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Diagnostics.qll
--- a/cpp/ql/lib/semmle/code/cpp/Element.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Element.qll
@@ -58,6 +58,11 @@ class ElementBase extends @element {
  /** DEPRECATED: use `getAPrimaryQlClass` instead. */
  deprecated string getCanonicalQLClass() { result = this.getAPrimaryQlClass() }

+  /**
+   * Gets a comma-separated list of the names of the primary CodeQL classes to which this element belongs.
+   */
+  final string getPrimaryQlClasses() { result = concat(getAPrimaryQlClass(), ",") }
+
  /**
   * Gets the name of a primary CodeQL class to which this element belongs.
   *
--- a/cpp/ql/lib/semmle/code/cpp/Enclosing.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Enclosing.qll
--- a/cpp/ql/lib/semmle/code/cpp/Enum.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Enum.qll
--- a/cpp/ql/lib/semmle/code/cpp/Field.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Field.qll
--- a/cpp/ql/lib/semmle/code/cpp/File.qll
+++ b/cpp/ql/lib/semmle/code/cpp/File.qll
@@ -272,20 +272,16 @@ class File extends Container, @file {
   * are compiled by a Microsoft compiler are detected by this predicate.
   */
  predicate compiledAsMicrosoft() {
-    exists(Compilation c |
-      c.getAFileCompiled() = this and
+    exists(File f, Compilation c |
+      c.getAFileCompiled() = f and
      (
        c.getAnArgument() = "--microsoft" or
        c.getAnArgument()
            .toLowerCase()
            .replaceAll("\\", "/")
            .matches(["%/cl.exe", "%/clang-cl.exe"])
-      )
-    )
-    or
-    exists(File parent |
-      parent.compiledAsMicrosoft() and
-      parent.getAnIncludedFile() = this
+      ) and
+      f.getAnIncludedFile*() = this
    )
  }

@@ -358,6 +354,11 @@ class File extends Container, @file {
  string getShortName() { files(underlyingElement(this), _, result, _, _) }
 }

+/**
+ * Holds if any file was compiled by a Microsoft compiler.
+ */
+predicate anyFileCompiledAsMicrosoft() { any(File f).compiledAsMicrosoft() }
+
 /**
 * A C/C++ header file, as determined (mainly) by file extension.
 *
--- a/cpp/ql/lib/semmle/code/cpp/FriendDecl.qll
+++ b/cpp/ql/lib/semmle/code/cpp/FriendDecl.qll
--- a/cpp/ql/lib/semmle/code/cpp/Function.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Function.qll
@@ -82,9 +82,23 @@ class Function extends Declaration, ControlFlowNode, AccessHolder, @function {
  /** Holds if this function is inline. */
  predicate isInline() { this.hasSpecifier("inline") }

-  /** Holds if this function is virtual. */
+  /**
+   * Holds if this function is virtual.
+   *
+   * Unlike `isDeclaredVirtual()`, `isVirtual()` holds even if the function
+   * is not explicitly declared with the `virtual` specifier.
+   */
  predicate isVirtual() { this.hasSpecifier("virtual") }

+  /** Holds if this function is declared with the `virtual` specifier. */
+  predicate isDeclaredVirtual() { this.hasSpecifier("declared_virtual") }
+
+  /** Holds if this function is declared with the `override` specifier. */
+  predicate isOverride() { this.hasSpecifier("override") }
+
+  /** Holds if this function is declared with the `final` specifier. */
+  predicate isFinal() { this.hasSpecifier("final") }
+
  /**
   * Holds if this function is deleted.
   * This may be because it was explicitly deleted with an `= delete`
@@ -137,6 +151,20 @@ class Function extends Declaration, ControlFlowNode, AccessHolder, @function {
   */
  predicate isNaked() { getAnAttribute().hasName("naked") }

+  /**
+   * Holds if this function has a trailing return type.
+   *
+   * Note that this is true whether or not deduction took place. For example,
+   * this holds for both `e` and `f`, but not `g` or `h`:
+   * ```
+   * auto e() -> int { return 0; }
+   * auto f() -> auto { return 0; }
+   * auto g() { return 0; }
+   * int h() { return 0; }
+   * ```
+   */
+  predicate hasTrailingReturnType() { this.hasSpecifier("has_trailing_return_type") }
+
  /** Gets the return type of this function. */
  Type getType() { function_return_type(underlyingElement(this), unresolveElement(result)) }

--- a/cpp/ql/lib/semmle/code/cpp/Include.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Include.qll
--- a/cpp/ql/lib/semmle/code/cpp/Initializer.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Initializer.qll
@@ -18,6 +18,12 @@ import semmle.code.cpp.controlflow.ControlFlowGraph
 *   ...
 * }
 * ```
+ * But _not_ `4` in the following code:
+ * ```
+ * int myUninitializedVariable;
+ * myUninitializedVariable = 4;
+ * ```
+ * Instead, this is an `Assignment`.
 */
 class Initializer extends ControlFlowNode, @initialiser {
  override Location getLocation() { initialisers(underlyingElement(this), _, _, result) }
--- a/cpp/ql/lib/semmle/code/cpp/Iteration.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Iteration.qll
--- a/cpp/ql/lib/semmle/code/cpp/Linkage.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Linkage.qll
--- a/cpp/ql/lib/semmle/code/cpp/Location.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Location.qll
--- a/cpp/ql/lib/semmle/code/cpp/Macro.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Macro.qll
--- a/cpp/ql/lib/semmle/code/cpp/Member.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Member.qll
--- a/cpp/ql/lib/semmle/code/cpp/MemberFunction.qll
+++ b/cpp/ql/lib/semmle/code/cpp/MemberFunction.qll
--- a/cpp/ql/lib/semmle/code/cpp/NameQualifiers.qll
+++ b/cpp/ql/lib/semmle/code/cpp/NameQualifiers.qll
--- a/cpp/ql/lib/semmle/code/cpp/Namespace.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Namespace.qll
--- a/cpp/ql/lib/semmle/code/cpp/NestedFields.qll
+++ b/cpp/ql/lib/semmle/code/cpp/NestedFields.qll
--- a/cpp/ql/lib/semmle/code/cpp/ObjectiveC.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ObjectiveC.qll
--- a/cpp/ql/lib/semmle/code/cpp/PODType03.qll
+++ b/cpp/ql/lib/semmle/code/cpp/PODType03.qll
--- a/cpp/ql/lib/semmle/code/cpp/Parameter.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Parameter.qll
--- a/cpp/ql/lib/semmle/code/cpp/Preprocessor.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Preprocessor.qll
--- a/cpp/ql/lib/semmle/code/cpp/Print.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Print.qll
--- a/cpp/ql/lib/semmle/code/cpp/PrintAST.ql
+++ b/cpp/ql/lib/semmle/code/cpp/PrintAST.ql
--- a/cpp/ql/lib/semmle/code/cpp/PrintAST.qll
+++ b/cpp/ql/lib/semmle/code/cpp/PrintAST.qll
@@ -46,7 +46,7 @@ private string escapeString(string s) {
 * string representation comes first in lexicographical order.
 */
 private Location getRepresentativeLocation(Locatable ast) {
-  result = rank[1](Location loc | loc = ast.getLocation() | loc order by loc.toString())
+  result = min(Location loc | loc = ast.getLocation() | loc order by loc.toString())
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/Specifier.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Specifier.qll
--- a/cpp/ql/lib/semmle/code/cpp/Struct.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Struct.qll
--- a/cpp/ql/lib/semmle/code/cpp/TestFile.qll
+++ b/cpp/ql/lib/semmle/code/cpp/TestFile.qll
--- a/cpp/ql/lib/semmle/code/cpp/Type.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Type.qll
@@ -1621,6 +1621,19 @@ class RoutineType extends Type, @routinetype {
   */
  Type getReturnType() { routinetypes(underlyingElement(this), unresolveElement(result)) }

+  /**
+   * Holds if this function type has "C" language linkage.
+   *
+   * This includes any function declared in a C source file, or explicitly marked as having "C" linkage:
+   * ```
+   * extern "C" void f();
+   * extern "C" {
+   * void g();
+   * }
+   * ```
+   */
+  predicate hasCLinkage() { this.hasSpecifier("c_linkage") }
+
  override string explain() {
    result =
      "function returning {" + this.getReturnType().explain() + "} with arguments (" +
--- a/cpp/ql/lib/semmle/code/cpp/TypedefType.qll
+++ b/cpp/ql/lib/semmle/code/cpp/TypedefType.qll
--- a/cpp/ql/lib/semmle/code/cpp/Union.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Union.qll
--- a/cpp/ql/lib/semmle/code/cpp/UserType.qll
+++ b/cpp/ql/lib/semmle/code/cpp/UserType.qll
--- a/cpp/ql/lib/semmle/code/cpp/Variable.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Variable.qll
@@ -136,6 +136,12 @@ class Variable extends Declaration, @variable {
  /**
   * Gets an assignment expression that assigns to this variable.
   * For example: `x=...` or `x+=...`.
+   *
+   * This does _not_ include the initialization of the variable. Use
+   * `Variable.getInitializer()` to get the variable's initializer,
+   * or use `Variable.getAnAssignedValue()` to get an expression that
+   * is the right-hand side of an assignment or an initialization of
+   * the varible.
   */
  Assignment getAnAssignment() { result.getLValue() = this.getAnAccess() }

--- a/cpp/ql/lib/semmle/code/cpp/XML.qll
+++ b/cpp/ql/lib/semmle/code/cpp/XML.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/Alloc.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/Alloc.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/Assertions.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/Assertions.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/CommonType.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/CommonType.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/DateTime.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/DateTime.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/Dependency.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/Dependency.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/Environment.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/Environment.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/Exclusions.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/Exclusions.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/File.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/File.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/NULL.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/NULL.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/NullTermination.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/NullTermination.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/PolymorphicClass.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/PolymorphicClass.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/Printf.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/Printf.qll
@@ -306,7 +306,7 @@ class FormatLiteral extends Literal {
   * Holds if this `FormatLiteral` is in a context that supports
   * Microsoft rules and extensions.
   */
-  predicate isMicrosoft() { any(File f).compiledAsMicrosoft() }
+  predicate isMicrosoft() { anyFileCompiledAsMicrosoft() }

  /**
   * Gets the format string, with '%%' and '%@' replaced by '_' (to avoid processing
@@ -869,6 +869,33 @@ class FormatLiteral extends Literal {
    )
  }

+  /**
+   * Gets an alternate argument type that would be required by the nth
+   * conversion specifier on a Microsoft or non-Microsoft platform, opposite
+   * to that of the snapshot. This may be useful for answering 'what might
+   * happen' questions.
+   */
+  Type getConversionTypeAlternate(int n) {
+    exists(string len, string conv |
+      this.parseConvSpec(n, _, _, _, _, _, len, conv) and
+      (len != "l" and len != "w" and len != "h") and
+      getUse().getTarget().(FormattingFunction).getFormatCharType().getSize() > 1 and // wide function
+      (
+        conv = "c" and
+        result = getNonDefaultCharType()
+        or
+        conv = "C" and
+        result = getDefaultCharType()
+        or
+        conv = "s" and
+        result.(PointerType).getBaseType() = getNonDefaultCharType()
+        or
+        conv = "S" and
+        result.(PointerType).getBaseType() = getDefaultCharType()
+      )
+    )
+  }
+
  /**
   * Holds if the nth conversion specifier of this format string (if `mode = 2`), it's
   * minimum field width (if `mode = 0`) or it's precision (if `mode = 1`) requires a
--- a/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/Scanf.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/Strcat.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/Strcat.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/StringAnalysis.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/StringAnalysis.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/StructLikeClass.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/StructLikeClass.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/Synchronization.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/Synchronization.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/VoidContext.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/VoidContext.qll
--- a/cpp/ql/lib/semmle/code/cpp/commons/unix/Constants.qll
+++ b/cpp/ql/lib/semmle/code/cpp/commons/unix/Constants.qll
--- a/cpp/ql/lib/semmle/code/cpp/controlflow/BasicBlocks.qll
+++ b/cpp/ql/lib/semmle/code/cpp/controlflow/BasicBlocks.qll
--- a/cpp/ql/lib/semmle/code/cpp/controlflow/ControlFlowGraph.qll
+++ b/cpp/ql/lib/semmle/code/cpp/controlflow/ControlFlowGraph.qll
--- a/cpp/ql/lib/semmle/code/cpp/controlflow/Dataflow.qll
+++ b/cpp/ql/lib/semmle/code/cpp/controlflow/Dataflow.qll
--- a/cpp/ql/lib/semmle/code/cpp/controlflow/DefinitionsAndUses.qll
+++ b/cpp/ql/lib/semmle/code/cpp/controlflow/DefinitionsAndUses.qll
--- a/cpp/ql/lib/semmle/code/cpp/controlflow/Dereferenced.qll
+++ b/cpp/ql/lib/semmle/code/cpp/controlflow/Dereferenced.qll
--- a/Show More
+++ b/Show More