Python: deprecate Function.getAReturnValueFlowNode() and rewrite internal callers

Follow-up to the getAFlowNode deprecation in the same PR: same AST→legacy-CFG
bridge pattern. The 11 internal call sites (across objects/, types/,
frameworks/, and TypeTrackingImpl) are rewritten to bind a `Return ret`
explicitly, then constrain via `ret.getScope() = f and n.getNode() = ret.getValue()`.

The predicate itself is preserved with a deprecation note so external
users do not experience churn.

Semantic noop.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

.github/workflows/go-version-update.yml

@@ -1,208 +0,0 @@
-name: Update Go version
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 3 * * 1"  # Run weekly on Mondays at 3 AM UTC (1 = Monday)
-
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  update-go-version:
-    name: Check and update Go version
-    if: github.repository == 'github/codeql'
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v5
-        with:
-          fetch-depth: 0
-
-      - name: Set up Git
-        run: |
-          git config user.name "github-actions[bot]"
-          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-
-      - name: Fetch latest Go version
-        id: fetch-version
-        run: |
-          LATEST_GO_VERSION=$(curl -s https://go.dev/dl/?mode=json | jq -r '.[0].version')
-          
-          if [ -z "$LATEST_GO_VERSION" ] || [ "$LATEST_GO_VERSION" = "null" ]; then
-            echo "Error: Failed to fetch latest Go version from go.dev"
-            exit 1
-          fi
-          
-          echo "Latest Go version from go.dev: $LATEST_GO_VERSION"
-          echo "version=$LATEST_GO_VERSION" >> $GITHUB_OUTPUT
-          
-          # Extract version numbers (e.g., go1.26.0 -> 1.26.0)
-          LATEST_VERSION_NUM=$(echo $LATEST_GO_VERSION | sed 's/^go//')
-          echo "version_num=$LATEST_VERSION_NUM" >> $GITHUB_OUTPUT
-          
-          # Extract major.minor version (e.g., 1.26.0 -> 1.26)
-          LATEST_MAJOR_MINOR=$(echo $LATEST_VERSION_NUM | sed -E 's/^([0-9]+\.[0-9]+).*/\1/')
-          echo "major_minor=$LATEST_MAJOR_MINOR" >> $GITHUB_OUTPUT
-
-      - name: Check current Go version
-        id: current-version
-        run: |
-          CURRENT_VERSION=$(sed -n 's/.*go_sdk\.download(version = \"\([^\"]*\)\".*/\1/p' MODULE.bazel)
-          
-          if [ -z "$CURRENT_VERSION" ]; then
-            echo "Error: Could not extract Go version from MODULE.bazel"
-            exit 1
-          fi
-          
-          echo "Current Go version in MODULE.bazel: $CURRENT_VERSION"
-          echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
-          
-          # Extract major.minor version
-          CURRENT_MAJOR_MINOR=$(echo $CURRENT_VERSION | sed -E 's/^([0-9]+\.[0-9]+).*/\1/')
-          echo "major_minor=$CURRENT_MAJOR_MINOR" >> $GITHUB_OUTPUT
-
-      - name: Compare versions
-        id: compare
-        run: |
-          LATEST="${{ steps.fetch-version.outputs.version_num }}"
-          CURRENT="${{ steps.current-version.outputs.version }}"
-          
-          echo "Latest: $LATEST"
-          echo "Current: $CURRENT"
-          
-          if [ "$LATEST" = "$CURRENT" ]; then
-            echo "Go version is up to date"
-            echo "needs_update=false" >> $GITHUB_OUTPUT
-          else
-            echo "Go version needs update from $CURRENT to $LATEST"
-            echo "needs_update=true" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Update Go version in files
-        if: steps.compare.outputs.needs_update == 'true'
-        run: |
-          LATEST_VERSION_NUM="${{ steps.fetch-version.outputs.version_num }}"
-          LATEST_MAJOR_MINOR="${{ steps.fetch-version.outputs.major_minor }}"
-          CURRENT_VERSION="${{ steps.current-version.outputs.version }}"
-          CURRENT_MAJOR_MINOR="${{ steps.current-version.outputs.major_minor }}"
-          
-          echo "Updating from $CURRENT_VERSION to $LATEST_VERSION_NUM"
-          
-          # Escape dots in current version strings for use in sed patterns
-          CURRENT_VERSION_ESCAPED=$(echo "$CURRENT_VERSION" | sed 's/\./\\./g')
-          CURRENT_MAJOR_MINOR_ESCAPED=$(echo "$CURRENT_MAJOR_MINOR" | sed 's/\./\\./g')
-          
-          # Update MODULE.bazel
-          sed -i "s/go_sdk\.download(version = \"$CURRENT_VERSION_ESCAPED\")/go_sdk.download(version = \"$LATEST_VERSION_NUM\")/" MODULE.bazel
-          if ! grep -q "go_sdk.download(version = \"$LATEST_VERSION_NUM\")" MODULE.bazel; then
-            echo "Error: Failed to update MODULE.bazel"
-            exit 1
-          fi
-          
-          # Update go/extractor/go.mod
-          if ! sed -i "s/^go $CURRENT_MAJOR_MINOR_ESCAPED\$/go $LATEST_MAJOR_MINOR/" go/extractor/go.mod; then
-            echo "Warning: Failed to update go directive in go.mod"
-          fi
-          if ! sed -i "s/^toolchain go$CURRENT_VERSION_ESCAPED\$/toolchain go$LATEST_VERSION_NUM/" go/extractor/go.mod; then
-            echo "Warning: Failed to update toolchain in go.mod"
-          fi
-          
-          # Update go/extractor/autobuilder/build-environment.go
-          if ! sed -i "s/var maxGoVersion = util\.NewSemVer(\"$CURRENT_MAJOR_MINOR_ESCAPED\")/var maxGoVersion = util.NewSemVer(\"$LATEST_MAJOR_MINOR\")/" go/extractor/autobuilder/build-environment.go; then
-            echo "Warning: Failed to update build-environment.go"
-          fi
-          
-          # Update go/actions/test/action.yml
-          if ! sed -i "s/default: \"~$CURRENT_VERSION_ESCAPED\"/default: \"~$LATEST_VERSION_NUM\"/" go/actions/test/action.yml; then
-            echo "Warning: Failed to update action.yml"
-          fi
-          
-          # Show what changed
-          git diff
-
-      - name: Check for changes
-        id: check-changes
-        if: steps.compare.outputs.needs_update == 'true'
-        run: |
-          if git diff --quiet; then
-            echo "No changes detected"
-            echo "has_changes=false" >> $GITHUB_OUTPUT
-          else
-            echo "Changes detected"
-            echo "has_changes=true" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Check for existing PR
-        if: steps.check-changes.outputs.has_changes == 'true'
-        id: check-pr
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          BRANCH_NAME="workflow/go-version-update"
-          PR_NUMBER=$(gh pr list --head "$BRANCH_NAME" --state open --json number --jq '.[0].number')
-          
-          if [ -n "$PR_NUMBER" ]; then
-            echo "Existing PR found: #$PR_NUMBER"
-            echo "pr_exists=true" >> $GITHUB_OUTPUT
-            echo "pr_number=$PR_NUMBER" >> $GITHUB_OUTPUT
-          else
-            echo "No existing PR found"
-            echo "pr_exists=false" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Commit and push changes
-        if: steps.check-changes.outputs.has_changes == 'true'
-        run: |
-          BRANCH_NAME="workflow/go-version-update"
-          LATEST_VERSION_NUM="${{ steps.fetch-version.outputs.version_num }}"
-          LATEST_MAJOR_MINOR="${{ steps.fetch-version.outputs.major_minor }}"
-          
-          # Create or switch to branch
-          git checkout -B "$BRANCH_NAME"
-          
-          # Stage and commit changes
-          git add MODULE.bazel go/extractor/go.mod go/extractor/autobuilder/build-environment.go go/actions/test/action.yml
-          git commit -m "Go: Update to $LATEST_VERSION_NUM"
-          
-          # Push changes
-          git push --force-with-lease origin "$BRANCH_NAME"
-
-      - name: Create or update PR
-        if: steps.check-changes.outputs.has_changes == 'true'
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          BRANCH_NAME="workflow/go-version-update"
-          LATEST_VERSION_NUM="${{ steps.fetch-version.outputs.version_num }}"
-          CURRENT_VERSION="${{ steps.current-version.outputs.version }}"
-          
-          PR_TITLE="Go: Update to $LATEST_VERSION_NUM"
-          
-          PR_BODY=$(cat <<EOF
-          This PR updates Go from $CURRENT_VERSION to $LATEST_VERSION_NUM.
-
-          Updated files:
-          - \`MODULE.bazel\` - go_sdk.download version
-          - \`go/extractor/go.mod\` - go directive and toolchain
-          - \`go/extractor/autobuilder/build-environment.go\` - maxGoVersion (only if MAJOR.MINOR changes)
-          - \`go/actions/test/action.yml\` - default go-test-version
-
-          This PR was automatically created by the [Go version update workflow](https://github.com/${{ github.repository }}/blob/main/.github/workflows/go-version-update.yml).
-          EOF
-          )
-          
-          if [ "${{ steps.check-pr.outputs.pr_exists }}" = "true" ]; then
-            echo "Updating existing PR #${{ steps.check-pr.outputs.pr_number }}"
-            gh pr edit "${{ steps.check-pr.outputs.pr_number }}" --title "$PR_TITLE" --body "$PR_BODY"
-          else
-            echo "Creating new PR"
-            gh pr create \
-              --title "$PR_TITLE" \
-              --body "$PR_BODY" \
-              --base main \
-              --head "$BRANCH_NAME" \
-              --label "Go"
-          fi

MODULE.bazel

@@ -273,7 +273,7 @@ use_repo(
 )
 
 go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
-go_sdk.download(version = "1.26.4")
+go_sdk.download(version = "1.26.0")
 
 go_deps = use_extension("@gazelle//:extensions.bzl", "go_deps")
 go_deps.from_file(go_mod = "//go/extractor:go.mod")

actions/ql/test/query-tests/Models/CompositeActionsSinks.qlref

@@ -1 +1 @@
-query: Models/CompositeActionsSinks.ql
+Models/CompositeActionsSinks.ql

actions/ql/test/query-tests/Models/CompositeActionsSources.qlref

@@ -1 +1,2 @@
-query: Models/CompositeActionsSources.ql
+Models/CompositeActionsSources.ql
+

actions/ql/test/query-tests/Models/CompositeActionsSummaries.qlref

@@ -1 +1,2 @@
-query: Models/CompositeActionsSummaries.ql
+Models/CompositeActionsSummaries.ql
+

actions/ql/test/query-tests/Models/ReusableWorkflowsSinks.qlref

@@ -1 +1,2 @@
-query: Models/ReusableWorkflowsSinks.ql
+Models/ReusableWorkflowsSinks.ql
+

actions/ql/test/query-tests/Models/ReusableWorkflowsSources.qlref

@@ -1 +1,2 @@
-query: Models/ReusableWorkflowsSources.ql
+Models/ReusableWorkflowsSources.ql
+

actions/ql/test/query-tests/Models/ReusableWorkflowsSummaries.qlref

@@ -1 +1,2 @@
-query: Models/ReusableWorkflowsSummaries.ql
+Models/ReusableWorkflowsSummaries.ql
+

actions/ql/test/query-tests/Security/CWE-074/OutputClobberingHigh.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE-074/OutputClobberingHigh.ql
+experimental/Security/CWE-074/OutputClobberingHigh.ql

actions/ql/test/query-tests/Security/CWE-077/EnvPathInjectionCritical.qlref

@@ -1 +1 @@
-query: Security/CWE-077/EnvPathInjectionCritical.ql
+Security/CWE-077/EnvPathInjectionCritical.ql

actions/ql/test/query-tests/Security/CWE-077/EnvPathInjectionMedium.qlref

@@ -1 +1 @@
-query: Security/CWE-077/EnvPathInjectionMedium.ql
+Security/CWE-077/EnvPathInjectionMedium.ql

actions/ql/test/query-tests/Security/CWE-077/EnvVarInjectionCritical.qlref

@@ -1 +1 @@
-query: Security/CWE-077/EnvVarInjectionCritical.ql
+Security/CWE-077/EnvVarInjectionCritical.ql

actions/ql/test/query-tests/Security/CWE-077/EnvVarInjectionMedium.qlref

@@ -1 +1 @@
-query: Security/CWE-077/EnvVarInjectionMedium.ql
+Security/CWE-077/EnvVarInjectionMedium.ql

actions/ql/test/query-tests/Security/CWE-078/CommandInjectionCritical.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE-078/CommandInjectionCritical.ql
+experimental/Security/CWE-078/CommandInjectionCritical.ql

actions/ql/test/query-tests/Security/CWE-078/CommandInjectionMedium.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE-078/CommandInjectionMedium.ql
+experimental/Security/CWE-078/CommandInjectionMedium.ql

actions/ql/test/query-tests/Security/CWE-088/ArgumentInjectionCritical.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE-088/ArgumentInjectionCritical.ql
+experimental/Security/CWE-088/ArgumentInjectionCritical.ql

actions/ql/test/query-tests/Security/CWE-088/ArgumentInjectionMedium.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE-088/ArgumentInjectionMedium.ql
+experimental/Security/CWE-088/ArgumentInjectionMedium.ql

actions/ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.qlref

@@ -1 +1 @@
-query: Security/CWE-094/CodeInjectionCritical.ql
+Security/CWE-094/CodeInjectionCritical.ql

actions/ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.qlref

@@ -1 +1 @@
-query: Security/CWE-094/CodeInjectionMedium.ql
+Security/CWE-094/CodeInjectionMedium.ql

actions/ql/test/query-tests/Security/CWE-1395/UseOfKnownVulnerableAction.qlref

@@ -1 +1,2 @@
-query: Security/CWE-1395/UseOfKnownVulnerableAction.ql
+Security/CWE-1395/UseOfKnownVulnerableAction.ql
+

actions/ql/test/query-tests/Security/CWE-200/SecretExfiltration.qlref

@@ -1 +1,2 @@
-query: experimental/Security/CWE-200/SecretExfiltration.ql
+experimental/Security/CWE-200/SecretExfiltration.ql
+

actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.qlref

@@ -1 +1,2 @@
-query: Security/CWE-275/MissingActionsPermissions.ql
+Security/CWE-275/MissingActionsPermissions.ql
+

actions/ql/test/query-tests/Security/CWE-284/CodeExecutionOnSelfHostedRunner.qlref

@@ -1 +1,2 @@
-query: experimental/Security/CWE-284/CodeExecutionOnSelfHostedRunner.ql
+experimental/Security/CWE-284/CodeExecutionOnSelfHostedRunner.ql
+

actions/ql/test/query-tests/Security/CWE-285/ImproperAccessControl.qlref

@@ -1 +1,2 @@
-query: Security/CWE-285/ImproperAccessControl.ql
+Security/CWE-285/ImproperAccessControl.ql
+

actions/ql/test/query-tests/Security/CWE-312/ExcessiveSecretsExposure.qlref

@@ -1 +1,2 @@
-query: Security/CWE-312/ExcessiveSecretsExposure.ql
+Security/CWE-312/ExcessiveSecretsExposure.ql
+

actions/ql/test/query-tests/Security/CWE-312/SecretsInArtifacts.qlref

@@ -1 +1,2 @@
-query: Security/CWE-312/SecretsInArtifacts.ql
+Security/CWE-312/SecretsInArtifacts.ql
+

actions/ql/test/query-tests/Security/CWE-312/UnmaskedSecretExposure.qlref

@@ -1 +1,2 @@
-query: Security/CWE-312/UnmaskedSecretExposure.ql
+Security/CWE-312/UnmaskedSecretExposure.ql
+

actions/ql/test/query-tests/Security/CWE-349/CachePoisoningViaCodeInjection.qlref

@@ -1 +1,2 @@
-query: Security/CWE-349/CachePoisoningViaCodeInjection.ql
+Security/CWE-349/CachePoisoningViaCodeInjection.ql
+

actions/ql/test/query-tests/Security/CWE-349/CachePoisoningViaDirectCache.qlref

@@ -1 +1,2 @@
-query: Security/CWE-349/CachePoisoningViaDirectCache.ql
+Security/CWE-349/CachePoisoningViaDirectCache.ql
+

actions/ql/test/query-tests/Security/CWE-349/CachePoisoningViaPoisonableStep.qlref

@@ -1 +1,2 @@
-query: Security/CWE-349/CachePoisoningViaPoisonableStep.ql
+Security/CWE-349/CachePoisoningViaPoisonableStep.ql
+

actions/ql/test/query-tests/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.qlref

@@ -1 +1 @@
-query: Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
+Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql

actions/ql/test/query-tests/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.qlref

@@ -1 +1 @@
-query: Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
+Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql

actions/ql/test/query-tests/Security/CWE-571/ExpressionIsAlwaysTrueCritical.qlref

@@ -1 +1 @@
-query: Security/CWE-571/ExpressionIsAlwaysTrueCritical.ql
+Security/CWE-571/ExpressionIsAlwaysTrueCritical.ql

actions/ql/test/query-tests/Security/CWE-571/ExpressionIsAlwaysTrueHigh.qlref

@@ -1 +1 @@
-query: Security/CWE-571/ExpressionIsAlwaysTrueHigh.ql
+Security/CWE-571/ExpressionIsAlwaysTrueHigh.ql

actions/ql/test/query-tests/Security/CWE-829/ArtifactPoisoningCritical.qlref

@@ -1 +1,2 @@
-query: Security/CWE-829/ArtifactPoisoningCritical.ql
+Security/CWE-829/ArtifactPoisoningCritical.ql
+

actions/ql/test/query-tests/Security/CWE-829/ArtifactPoisoningMedium.qlref

@@ -1 +1,2 @@
-query: Security/CWE-829/ArtifactPoisoningMedium.ql
+Security/CWE-829/ArtifactPoisoningMedium.ql
+

actions/ql/test/query-tests/Security/CWE-829/ArtifactPoisoningPathTraversal.qlref

@@ -1 +1,2 @@
-query: experimental/Security/CWE-829/ArtifactPoisoningPathTraversal.ql
+experimental/Security/CWE-829/ArtifactPoisoningPathTraversal.ql
+

actions/ql/test/query-tests/Security/CWE-829/UnpinnedActionsTag.qlref

@@ -1 +1 @@
-query: Security/CWE-829/UnpinnedActionsTag.ql
+Security/CWE-829/UnpinnedActionsTag.ql

actions/ql/test/query-tests/Security/CWE-829/UntrustedCheckoutCritical.qlref

@@ -1 +1 @@
-query: Security/CWE-829/UntrustedCheckoutCritical.ql
+Security/CWE-829/UntrustedCheckoutCritical.ql

actions/ql/test/query-tests/Security/CWE-829/UntrustedCheckoutHigh.qlref

@@ -1 +1 @@
-query: Security/CWE-829/UntrustedCheckoutHigh.ql
+Security/CWE-829/UntrustedCheckoutHigh.ql

actions/ql/test/query-tests/Security/CWE-829/UntrustedCheckoutMedium.qlref

@@ -1 +1 @@
-query: Security/CWE-829/UntrustedCheckoutMedium.ql
+Security/CWE-829/UntrustedCheckoutMedium.ql

actions/ql/test/query-tests/Security/CWE-829/UnversionedImmutableAction.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE-829/UnversionedImmutableAction.ql
+experimental/Security/CWE-829/UnversionedImmutableAction.ql

actions/ql/test/query-tests/Security/CWE-918/RequestForgery.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE-918/RequestForgery.ql
+experimental/Security/CWE-918/RequestForgery.ql

actions/ql/test/query-tests/SyntaxError/SyntaxError.qlref

@@ -1 +1 @@
-query: Debug/SyntaxError.ql
+Debug/SyntaxError.ql

actions/ql/test/query-tests/Violations Of Best Practice/CodeQL/UnnecessaryUseOfAdvancedConfig.qlref

@@ -1 +1 @@
-query: Violations Of Best Practice/CodeQL/UnnecessaryUseOfAdvancedConfig.ql
+Violations Of Best Practice/CodeQL/UnnecessaryUseOfAdvancedConfig.ql

config/identical-files.json

@@ -11,6 +11,10 @@
     "java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll"
   ],
+  "Bound Java/C#": [
+    "java/ql/lib/semmle/code/java/dataflow/Bound.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll"
+  ],
   "ModulusAnalysis Java/C#": [
     "java/ql/lib/semmle/code/java/dataflow/ModulusAnalysis.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/ModulusAnalysis.qll"

cpp/ql/test/examples/BadLocking/AV Rule 107.qlref

@@ -1 +1 @@
-query: jsf/4.13 Functions/AV Rule 107.ql
+jsf/4.13 Functions/AV Rule 107.ql

cpp/ql/test/examples/BadLocking/LocalVariableHidesGlobalVariable.qlref

@@ -1 +1 @@
-query: Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql
+Best Practices/Hiding/LocalVariableHidesGlobalVariable.ql

cpp/ql/test/examples/expressions/PrintAST.qlref

@@ -1 +1 @@
-query: semmle/code/cpp/PrintAST.ql
+semmle/code/cpp/PrintAST.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser/NoCheckBeforeUnsafePutUser.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
+experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/semmle/tests/LateCheckOfFunctionArgument.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
+experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-078/WordexpTainted.ql
+experimental/Security/CWE/CWE-078/WordexpTainted.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1041/semmle/tests/FindWrapperFunctions.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql
+experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1126/semmle/tests/DeclarationOfVariableWithUnnecessarilyWideScope.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql
+experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-1240/CustomCryptographicPrimitive.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-1240/CustomCryptographicPrimitive.ql
+experimental/Security/CWE/CWE-1240/CustomCryptographicPrimitive.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-125/semmle/tests/DangerousWorksWithMultibyteOrWideCharacters.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql
+experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/AllocMultiplicationOverflow.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
+experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation/DangerousUseOfTransformationAfterOperation.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql
+experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/IfStatementAdditionOverflow/IfStatementAdditionOverflow.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql
+experimental/Security/CWE/CWE-190/IfStatementAdditionOverflow.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/array-access/ArrayAccessProductFlow.qlref

@@ -1 +1 @@
-query: experimental/Likely Bugs/ArrayAccessProductFlow.ql
+experimental/Likely Bugs/ArrayAccessProductFlow.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-193/constant-size/ConstantSizeArrayOffByOne.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
+experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test1/ExposureSensitiveInformationUnauthorizedActor.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
+experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test2/ExposureSensitiveInformationUnauthorizedActor.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
+experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-200/test3/ExposureSensitiveInformationUnauthorizedActor.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
+experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-243/semmle/tests/IncorrectChangingWorkingDirectory.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql
+experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-266/semmle/tests/IncorrectPrivilegeAssignment.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql
+experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-285/PamAuthorization.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-285/PamAuthorization.ql
+experimental/Security/CWE/CWE-285/PamAuthorization.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-295/CurlSSL.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-295/CurlSSL.ql
+experimental/Security/CWE/CWE-295/CurlSSL.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-359/semmle/tests/PrivateCleartextWrite.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql
+experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-369/semmle/tests/DivideByZeroUsingReturnValue.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-369/DivideByZeroUsingReturnValue.ql
+experimental/Security/CWE/CWE-369/DivideByZeroUsingReturnValue.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-377/semmle/tests/InsecureTemporaryFile.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql
+experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/MemoryLeakOnFailedCallToRealloc.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
+experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-409/DecompressionBombs/DecompressionBombs.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-409/DecompressionBombs.ql
+experimental/Security/CWE/CWE-409/DecompressionBombs.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-415/semmle/tests/DoubleFree.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-415/DoubleFree.ql
+experimental/Security/CWE/CWE-415/DoubleFree.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-476/semmle/tests/DangerousUseOfExceptionBlocks.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql
+experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-561/semmle/tests/FindIncorrectlyUsedSwitch.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql
+experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-670/semmle/tests/DangerousUseSSL_shutdown.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
+experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-675/semmle/tests/DoubleRelease.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-675/DoubleRelease.ql
+experimental/Security/CWE/CWE-675/DoubleRelease.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-691/semmle/tests/InsufficientControlFlowManagementAfterRefactoringTheCode.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql
+experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-691/semmle/tests/InsufficientControlFlowManagementWhenUsingBitOperations.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql
+experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-703/semmle/tests/FindIncorrectlyUsedExceptions.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql
+experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-754/semmle/tests/ImproperCheckReturnValueScanf.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql
+experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-758/semmle/tests/UndefinedOrImplementationDefinedBehavior.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql
+experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-783/semmle/tests/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql
+experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql
+experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/OperatorPrecedenceLogicErrorWhenUseBoolType.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql
+experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-805/semmle/tests/BufferAccessWithIncorrectLengthValue.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql
+experimental/Security/CWE/CWE-805/BufferAccessWithIncorrectLengthValue.ql

cpp/ql/test/experimental/query-tests/Security/CWE/semmle/tests/MemoryUnsafeFunctionScan.qlref

@@ -1 +1 @@
-query: experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
+experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql

cpp/ql/test/library-tests/c11_generic/PrintAST.qlref

@@ -1 +1 @@
-query: semmle/code/cpp/PrintAST.ql
+semmle/code/cpp/PrintAST.ql

cpp/ql/test/library-tests/conversions/consistency.qlref

@@ -1 +1 @@
-query: semmle/code/cpp/ASTConsistency.ql
+semmle/code/cpp/ASTConsistency.ql

cpp/ql/test/library-tests/extraction_errors/CompilerErrors.qlref

@@ -1 +1 @@
-query: Telemetry/CompilerErrors.ql
+Telemetry/CompilerErrors.ql

cpp/ql/test/library-tests/extraction_errors/DatabaseQuality.qlref

@@ -1 +1 @@
-query: Telemetry/DatabaseQuality.ql
+Telemetry/DatabaseQuality.ql

cpp/ql/test/library-tests/extraction_errors/ExtractionMetrics.qlref

@@ -1 +1 @@
-query: Telemetry/ExtractionMetrics.ql
+Telemetry/ExtractionMetrics.ql

cpp/ql/test/library-tests/extraction_errors/SucceededIncludes.qlref

@@ -1 +1 @@
-query: Telemetry/SucceededIncludes.ql
+Telemetry/SucceededIncludes.ql

cpp/ql/test/library-tests/ir/ir/aliased_ssa_consistency_unsound.qlref

@@ -1 +1 @@
-query: semmle/code/cpp/ir/IRConsistency.ql
+semmle/code/cpp/ir/IRConsistency.ql

cpp/ql/test/library-tests/ir/ir/aliased_ssa_ssa_consistency_unsound.qlref

@@ -1 +1 @@
-query: semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConsistency.ql
+semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConsistency.ql

cpp/ql/test/library-tests/ir/ir/raw_consistency.qlref

@@ -1 +1 @@
-query: semmle/code/cpp/ir/implementation/raw/IRConsistency.ql
+semmle/code/cpp/ir/implementation/raw/IRConsistency.ql

cpp/ql/test/library-tests/ir/ir/unaliased_ssa_consistency_unsound.qlref

@@ -1 +1 @@
-query: semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.ql
+semmle/code/cpp/ir/implementation/unaliased_ssa/IRConsistency.ql

cpp/ql/test/library-tests/ir/ir/unaliased_ssa_ssa_consistency_unsound.qlref

@@ -1 +1 @@
-query: semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConsistency.ql
+semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConsistency.ql

cpp/ql/test/library-tests/ir/ssa/aliased_ssa_consistency_unsound.qlref

@@ -1 +1 @@
-query: semmle/code/cpp/ir/IRConsistency.ql
+semmle/code/cpp/ir/IRConsistency.ql