Amend extractor information expectation

Release preparation for version 2.20.2

.devcontainer/swift/Dockerfile

@@ -0,0 +1,9 @@
+# See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.236.0/containers/cpp/.devcontainer/base.Dockerfile
+
+# [Choice] Debian / Ubuntu version (use Debian 11, Ubuntu 18.04/22.04 on local arm64/Apple Silicon): debian-11, debian-10, ubuntu-22.04, ubuntu-20.04, ubuntu-18.04
+FROM mcr.microsoft.com/vscode/devcontainers/cpp:0-ubuntu-22.04
+
+USER root
+ADD root.sh /tmp/root.sh
+ADD update-codeql.sh /usr/local/bin/update-codeql
+RUN bash /tmp/root.sh && rm /tmp/root.sh

.devcontainer/swift/devcontainer.json

@@ -0,0 +1,25 @@
+{
+	"extensions": [
+		"github.vscode-codeql",
+		"hbenl.vscode-test-explorer",
+		"ms-vscode.test-adapter-converter",
+		"slevesque.vscode-zipexplorer",
+		"ms-vscode.cpptools"
+	],
+	"settings": {
+		"files.watcherExclude": {
+			"**/target/**": true
+		},
+		"codeQL.runningQueries.memory": 2048
+	},
+	"build": {
+		"dockerfile": "Dockerfile",
+	},
+	"runArgs": [
+		"--cap-add=SYS_PTRACE",
+		"--security-opt",
+		"seccomp=unconfined"
+	],
+	"remoteUser": "vscode",
+	"onCreateCommand": ".devcontainer/swift/user.sh"
+}

.devcontainer/swift/root.sh

@@ -0,0 +1,34 @@
+set -xe
+
+BAZELISK_VERSION=v1.12.0
+BAZELISK_DOWNLOAD_SHA=6b0bcb2ea15bca16fffabe6fda75803440375354c085480fe361d2cbf32501db
+
+# install git lfs apt source
+curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash
+
+# install gh apt source
+(type -p wget >/dev/null || (sudo apt update && sudo apt-get install wget -y)) \
+&& sudo mkdir -p -m 755 /etc/apt/keyrings \
+&& wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null \
+&& sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg \
+&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
+
+apt-get update
+export DEBIAN_FRONTEND=noninteractive
+apt-get -y install --no-install-recommends \
+    zlib1g-dev \
+    uuid-dev \
+    python3-distutils \
+    python3-pip \
+    bash-completion \
+    git-lfs \
+    gh
+
+# Install Bazel
+curl -fSsL -o /usr/local/bin/bazelisk https://github.com/bazelbuild/bazelisk/releases/download/${BAZELISK_VERSION}/bazelisk-linux-amd64
+echo "${BAZELISK_DOWNLOAD_SHA} */usr/local/bin/bazelisk" | sha256sum --check -
+chmod 0755 /usr/local/bin/bazelisk
+ln -s bazelisk /usr/local/bin/bazel
+
+# install latest codeql
+update-codeql

.devcontainer/swift/update-codeql.sh

@@ -0,0 +1,20 @@
+#!/bin/bash -e
+
+URL=https://github.com/github/codeql-cli-binaries/releases
+LATEST_VERSION=$(curl -L -s -H 'Accept: application/json' $URL/latest | sed -e 's/.*"tag_name":"\([^"]*\)".*/\1/')
+CURRENT_VERSION=v$(codeql version 2>/dev/null | sed -ne 's/.*release \([0-9.]*\)\./\1/p')
+if [[ $CURRENT_VERSION != $LATEST_VERSION ]]; then
+  if [[ $UID != 0 ]]; then
+    echo "update required, please run this script with sudo:"
+    echo "  sudo $0"
+    exit 1
+  fi
+  ZIP=$(mktemp codeql.XXXX.zip)
+  curl -fSqL -o $ZIP $URL/download/$LATEST_VERSION/codeql-linux64.zip
+  unzip -q $ZIP -d /opt
+  rm $ZIP
+  ln -sf /opt/codeql/codeql /usr/local/bin/codeql
+  echo installed version $LATEST_VERSION
+else
+  echo current version $CURRENT_VERSION is up-to-date
+fi

.devcontainer/swift/user.sh

@@ -0,0 +1,15 @@
+set -xe
+
+git lfs install
+
+# add the workspace to the codeql search path
+mkdir -p /home/vscode/.config/codeql
+echo "--search-path /workspaces/codeql" > /home/vscode/.config/codeql/config
+
+# create a swift extractor pack with the current state
+cd /workspaces/codeql
+bazel run swift/create-extractor-pack
+
+#install and set up pre-commit
+python3 -m pip install pre-commit --no-warn-script-location
+$HOME/.local/bin/pre-commit install

.github/workflows/swift.yml

@@ -48,6 +48,12 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: ./swift/actions/build-and-test
+  build-and-test-linux:
+    if: github.repository_owner == 'github'
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./swift/actions/build-and-test
   qltests-macos:
     if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }}
     needs: build-and-test-macos

MODULE.bazel

@@ -218,7 +218,6 @@ use_repo(
     "kotlin-compiler-2.0.0-RC1",
     "kotlin-compiler-2.0.20-Beta2",
     "kotlin-compiler-2.1.0-Beta1",
-    "kotlin-compiler-2.1.20-Beta1",
     "kotlin-compiler-embeddable-1.5.0",
     "kotlin-compiler-embeddable-1.5.10",
     "kotlin-compiler-embeddable-1.5.20",
@@ -233,7 +232,6 @@ use_repo(
     "kotlin-compiler-embeddable-2.0.0-RC1",
     "kotlin-compiler-embeddable-2.0.20-Beta2",
     "kotlin-compiler-embeddable-2.1.0-Beta1",
-    "kotlin-compiler-embeddable-2.1.20-Beta1",
     "kotlin-stdlib-1.5.0",
     "kotlin-stdlib-1.5.10",
     "kotlin-stdlib-1.5.20",
@@ -248,7 +246,6 @@ use_repo(
     "kotlin-stdlib-2.0.0-RC1",
     "kotlin-stdlib-2.0.20-Beta2",
     "kotlin-stdlib-2.1.0-Beta1",
-    "kotlin-stdlib-2.1.20-Beta1",
 )
 
 go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")

actions/extractor/tools/autobuild-impl.ps1

@@ -2,16 +2,10 @@ if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE)
     Write-Output 'Path filters set. Passing them through to the JavaScript extractor.' 
 } else {
     Write-Output 'No path filters set. Using the default filters.'
-    # Note: We're adding the `reusable_workflows` subdirectories to proactively
-    # record workflows that were called cross-repo, check them out locally,
-    # and enable an interprocedural analysis across the workflow files.
-    # These workflows follow the convention `.github/reusable_workflows/<nwo>/*.ya?ml`
     $DefaultPathFilters = @(
         'exclude:**/*',
-        'include:.github/workflows/*.yml',
-        'include:.github/workflows/*.yaml',
-        'include:.github/reusable_workflows/**/*.yml',
-        'include:.github/reusable_workflows/**/*.yaml',
+        'include:.github/workflows/**/*.yml',
+        'include:.github/workflows/**/*.yaml',
         'include:**/action.yml',
         'include:**/action.yaml'
     )

actions/extractor/tools/autobuild.sh

@@ -2,16 +2,10 @@
 
 set -eu
 
-# Note: We're adding the `reusable_workflows` subdirectories to proactively
-# record workflows that were called cross-repo, check them out locally,
-# and enable an interprocedural analysis across the workflow files.
-# These workflows follow the convention `.github/reusable_workflows/<nwo>/*.ya?ml`
 DEFAULT_PATH_FILTERS=$(cat << END
 exclude:**/*
-include:.github/workflows/*.yml
-include:.github/workflows/*.yaml
-include:.github/reusable_workflows/**/*.yml
-include:.github/reusable_workflows/**/*.yaml
+include:.github/workflows/**/*.yml
+include:.github/workflows/**/*.yaml
 include:**/action.yml
 include:**/action.yaml
 END

actions/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.2-dev
+version: 0.4.1
 library: true
 warnOnImplicitThis: true
 dependencies:

actions/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.4.2-dev
+version: 0.4.1
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

actions/ql/test/query-tests/Security/CWE-094/.github/workflows/self_needs.yml

@@ -6,7 +6,7 @@ on:
 
 jobs:
   test1:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
     outputs:
       job_output: ${{ steps.source.outputs.value }}
     steps:

actions/ql/test/query-tests/Security/CWE-094/.github/workflows/test10.yml

@@ -491,7 +491,7 @@ jobs:
 
   send_results:
     name: Send results to webhook
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
     if: always()
     needs: [
         setup,

actions/ql/test/query-tests/Security/CWE-094/.github/workflows/test23.yml

@@ -3,7 +3,7 @@ on:
 
 jobs:
   test:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
     if: >
       (github.event.workflow_run.event == 'pull_request' ||
       github.event.workflow_run.event == 'pull_request_target') &&

actions/ql/test/query-tests/Security/CWE-094/.github/workflows/test24.yml

@@ -3,7 +3,7 @@ on:
 
 jobs:
   test:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
     steps:
       - name: Run Issue form parser
         id: parse

actions/ql/test/query-tests/Security/CWE-829/.github/workflows/issue_comment_octokit.yml

@@ -7,7 +7,7 @@ on:
 jobs:
   test1: 
     if: github.event.comment.body == '@metabase-bot run visual tests'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
     steps:
       - name: Fetch issue
         uses: octokit/request-action@v2.x

actions/ql/test/query-tests/Security/CWE-829/.github/workflows/issue_comment_octokit2.yml

@@ -7,7 +7,7 @@ on:
 jobs:
   test1:
     if: github.event.comment.body == '@metabase-bot run visual tests'
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
     steps:
       - name: Fetch issue
         uses: octokit/request-action@v2.x

actions/ql/test/query-tests/Violations Of Best Practice/CodeQL/.github/workflows/should_be_using_advanced_setup.yml

@@ -21,9 +21,9 @@ jobs:
       matrix:
         include:
           - language: javascript
-            os: ubuntu-24.04
+            os: ubuntu-22.04
           - language: ruby
-            os: ubuntu-24.04-16core
+            os: ubuntu-22.04-16core
 
     steps:
       - name: Checkout repository

cpp/downgrades/59cb96ca699929b63941e81905f9b8de7eed59a6/preprocdirects.ql

@@ -1,21 +0,0 @@
-class PreprocessorDirective extends @preprocdirect {
-  string toString() { none() }
-}
-
-class Location extends @location_default {
-  string toString() { none() }
-}
-
-bindingset[kind]
-int getKind(int kind) {
-  if kind = 14
-  then result = 6 // Represent MSFT #import as #include
-  else
-    if kind = 15 or kind = 6
-    then result = 3 // Represent #elifdef and #elifndef as #elif
-    else result = kind
-}
-
-from PreprocessorDirective ppd, int kind, Location l
-where preprocdirects(ppd, kind, l)
-select ppd, getKind(kind), l

cpp/downgrades/59cb96ca699929b63941e81905f9b8de7eed59a6/upgrade.properties

@@ -1,3 +0,0 @@
-description: Support #elifdef, #elifndef and #import
-compatibility: full
-preprocdirects.rel: run preprocdirects.qlo

cpp/ql/lib/change-notes/2024-01-20-elifdef.md

@@ -1,5 +0,0 @@
----
-category: feature
----
-* New classes `PreprocessorElifdef` and `PreprocessorElifndef` were introduced, which represents the C23/C++23 `#elifdef` and `#elifndef` preprocessor directives.
-* A new class `TypeLibraryImport` was introduced, which represents the `#import` preprocessor directive as used by the Microsoft Visual C++ for importing type libraries.

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 3.2.1-dev
+version: 3.2.0
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/lib/semmle/code/cpp/Include.qll

@@ -57,9 +57,9 @@ class IncludeNext extends Include, @ppd_include_next {
 }
 
 /**
- * An Objective C  `#import` preprocessor directive (supported by GCC as
- * an extension in C). For example the following code contains one `Import`
- * directive:
+ * A `#import` preprocessor directive (used heavily in Objective C, and
+ * supported by GCC as an extension in C). For example the following code
+ * contains one `Import` directive:
  * ```
  * #import <header3.h>
  * ```
@@ -67,14 +67,3 @@ class IncludeNext extends Include, @ppd_include_next {
 class Import extends Include, @ppd_objc_import {
   override string toString() { result = "#import " + this.getIncludeText() }
 }
-
-/**
- * A Microsoft `#import` preprocessor directive for importing a type library.
- * For example the following code contains one `TypeLibraryImport` directive:
- * ```
- * #import "library.tlb"
- * ```
- */
-class TypeLibraryImport extends Include, @ppd_ms_import {
-  override string toString() { result = "#import " + this.getIncludeText() }
-}

cpp/ql/lib/semmle/code/cpp/Preprocessor.qll

@@ -42,7 +42,7 @@ private class TPreprocessorBranchDirective = @ppd_branch or @ppd_else or @ppd_en
 
 /**
  * A C/C++ preprocessor branch related directive: `#if`, `#ifdef`,
- * `#ifndef`, `#elif`, `#elifdef`, `#elifndef`, `#else` or `#endif`.
+ * `#ifndef`, `#elif`, `#else` or `#endif`.
  */
 class PreprocessorBranchDirective extends PreprocessorDirective, TPreprocessorBranchDirective {
   /**
@@ -74,8 +74,8 @@ class PreprocessorBranchDirective extends PreprocessorDirective, TPreprocessorBr
   }
 
   /**
-   * Gets the next `#elif`, `#elifdef`, `#elifndef`, `#else` or `#endif` matching
-   * this branching directive.
+   * Gets the next `#elif`, `#else` or `#endif` matching this branching
+   * directive.
    *
    * For example `somePreprocessorBranchDirective.getIf().getNext()` gets
    * the second directive in the same construct as
@@ -88,8 +88,8 @@ class PreprocessorBranchDirective extends PreprocessorDirective, TPreprocessorBr
   }
 
   /**
-   * Gets the index of this branching directive within the matching `#if`,
-   * `#ifdef` or `#ifndef`.
+   * Gets the index of this branching directive within the matching #if,
+   * #ifdef or #ifndef.
    */
   private int getIndexInBranch(PreprocessorBranch branch) {
     this =
@@ -102,8 +102,8 @@ class PreprocessorBranchDirective extends PreprocessorDirective, TPreprocessorBr
 }
 
 /**
- * A C/C++ preprocessor branching directive: `#if`, `#ifdef`, `#ifndef`,
- * `#elif`, `#elifdef`, or `#elifndef`.
+ * A C/C++ preprocessor branching directive: `#if`, `#ifdef`, `#ifndef`, or
+ * `#elif`.
  *
  * A branching directive has a condition and that condition may be evaluated
  * at compile-time.  As a result, the preprocessor will either take the
@@ -151,8 +151,8 @@ class PreprocessorBranch extends PreprocessorBranchDirective, @ppd_branch {
  * #endif
  * ```
  * For the related notion of a directive which causes branching (which
- * includes `#if`, plus also `#ifdef`, `#ifndef`, `#elif`, `#elifdef`,
- * and `#elifndef`), see `PreprocessorBranch`.
+ * includes `#if`, plus also `#ifdef`, `#ifndef`, and `#elif`), see
+ * `PreprocessorBranch`.
  */
 class PreprocessorIf extends PreprocessorBranch, @ppd_if {
   override string toString() { result = "#if " + this.getHead() }
@@ -222,40 +222,6 @@ class PreprocessorElif extends PreprocessorBranch, @ppd_elif {
   override string toString() { result = "#elif " + this.getHead() }
 }
 
-/**
- * A C/C++ preprocessor `#elifdef` directive. For example there is a
- * `PreprocessorElifdef` on the third line of the following code:
- * ```
- * #ifdef MYDEFINE1
- * // ...
- * #elifdef MYDEFINE2
- * // ...
- * #else
- * // ...
- * #endif
- * ```
- */
-class PreprocessorElifdef extends PreprocessorBranch, @ppd_elifdef {
-  override string toString() { result = "#elifdef " + this.getHead() }
-}
-
-/**
- * A C/C++ preprocessor `#elifndef` directive. For example there is a
- * `PreprocessorElifndef` on the third line of the following code:
- * ```
- * #ifdef MYDEFINE1
- * // ...
- * #elifndef MYDEFINE2
- * // ...
- * #else
- * // ...
- * #endif
- * ```
- */
-class PreprocessorElifndef extends PreprocessorBranch, @ppd_elifndef {
-  override string toString() { result = "#elifndef " + this.getHead() }
-}
-
 /**
  * A C/C++ preprocessor `#endif` directive. For example there is a
  * `PreprocessorEndif` on the third line of the following code:

cpp/ql/lib/semmle/code/cpp/headers/PreprocBlock.qll

@@ -1,9 +1,8 @@
 /**
  * This library offers a view of preprocessor branches (`#if`, `#ifdef`,
- * `#ifndef`, `#elif`, `#elifdef`, `#elifndef`, and `#else`) as blocks of
- * code between the opening and closing directives, with navigable
- * parent-child relationships to other blocks. The main class is
- * `PreprocessorBlock`.
+ * `#ifndef`, `#elif` and `#else`) as blocks of code between the opening and
+ * closing directives, with navigable parent-child relationships to other
+ * blocks. The main class is `PreprocessorBlock`.
  */
 
 import cpp
@@ -33,10 +32,10 @@ private int getPreprocIndex(PreprocessorBranchDirective directive) {
 
 /**
  * A chunk of code from one preprocessor branch (`#if`, `#ifdef`,
- * `#ifndef`, `#elif`, `#elifdef`, `#elifndef`, or `#else`) to the
- * directive that closes it (`#elif`, `#elifdef`, `#elifndef`, `#else`,
- * or `#endif`).  The `getParent()` method allows these blocks to be
- * navigated as a tree, with the root being the entire file.
+ * `#ifndef`, `#elif` or `#else`) to the directive that closes it
+ * (`#elif`, `#else` or `#endif`).  The `getParent()` method
+ * allows these blocks to be navigated as a tree, with the root
+ * being the entire file.
  */
 class PreprocessorBlock extends @element {
   PreprocessorBlock() {

cpp/ql/lib/semmlecode.cpp.dbscheme

@@ -2318,15 +2318,12 @@ case @preprocdirect.kind of
 | 11 = @ppd_pragma
 | 12 = @ppd_objc_import
 | 13 = @ppd_include_next
-| 14 = @ppd_ms_import
-| 15 = @ppd_elifdef
-| 16 = @ppd_elifndef
 | 18 = @ppd_warning
 ;
 
-@ppd_include = @ppd_plain_include | @ppd_objc_import | @ppd_include_next | @ppd_ms_import;
+@ppd_include = @ppd_plain_include | @ppd_objc_import | @ppd_include_next;
 
-@ppd_branch = @ppd_if | @ppd_ifdef | @ppd_ifndef | @ppd_elif | @ppd_elifdef | @ppd_elifndef;
+@ppd_branch = @ppd_if | @ppd_ifdef | @ppd_ifndef | @ppd_elif;
 
 preprocpair(
     int begin : @ppd_branch ref,

cpp/ql/lib/upgrades/1aa71a4a687fc93f807d4dfeeef70feceeced242/upgrade.properties

@@ -1,2 +0,0 @@
-description: Support #elifdef, #elifndef and #import
-compatibility: partial

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.3.3-dev
+version: 1.3.2
 groups:
   - cpp
   - queries

cpp/ql/test/library-tests/headers/preprocBlock/preprocblock.expected

@@ -1,16 +1,10 @@
 | #elif defined GREEN | preprocblock.cpp:10:0:11:0 | #ifndef BLUE |
 | #elif defined GREEN | preprocblock.cpp:14:0:15:0 | #if 0 |
 | #elif defined GREEN | preprocblock.cpp:16:0:17:0 | #else |
-| #elifdef GREEN | preprocblock23.cpp:11:0:12:0 | #if 0 |
-| #elifdef GREEN | preprocblock23.cpp:13:0:14:0 | #elifndef BLUE |
 | (no parent) | file://:0:0:0:0 |  |
 | (no parent) | header.h:0:0:8:0 | header.h |
-| (no parent) | preprocblock23.cpp:0:0:22:0 | preprocblock23.cpp |
 | (no parent) | preprocblock.cpp:0:0:25:0 | preprocblock.cpp |
 | header.h | header.h:3:0:7:0 | #ifndef HEADER_H |
-| preprocblock23.cpp | preprocblock23.cpp:7:0:7:0 | #ifdef RED |
-| preprocblock23.cpp | preprocblock23.cpp:8:0:17:0 | #elifdef GREEN |
-| preprocblock23.cpp | preprocblock23.cpp:18:0:21:0 | #else |
 | preprocblock.cpp | preprocblock.cpp:6:0:6:0 | #ifdef RED |
 | preprocblock.cpp | preprocblock.cpp:7:0:20:0 | #elif defined GREEN |
 | preprocblock.cpp | preprocblock.cpp:21:0:24:0 | #else |

cpp/ql/test/library-tests/headers/preprocBlock/preprocblock23.cpp

@@ -1,22 +0,0 @@
-// preprocblock23.cpp
-// semmle-extractor-options: -std=c++23
-
-#include "header.h"
-#define GREEN
-
-#ifdef RED
-#elifdef GREEN
-	#include "header.h"
-
-	#if 0
-		#include "header.h" // not reached
-	#elifndef BLUE
-		#include "header.h"
-	#endif
-
-	#include "header.h"
-#else
-
-	// ...
-
-#endif

cpp/ql/test/library-tests/headers/preprocBlock/preprocinclude.expected

@@ -1,7 +1,3 @@
-| preprocblock23.cpp:4:1:4:19 | #include "header.h" | preprocblock23.cpp:0:0:22:0 | preprocblock23.cpp |
-| preprocblock23.cpp:9:2:9:20 | #include "header.h" | preprocblock23.cpp:8:0:17:0 | #elifdef GREEN |
-| preprocblock23.cpp:14:3:14:21 | #include "header.h" | preprocblock23.cpp:13:0:14:0 | #elifndef BLUE |
-| preprocblock23.cpp:17:2:17:20 | #include "header.h" | preprocblock23.cpp:8:0:17:0 | #elifdef GREEN |
 | preprocblock.cpp:3:1:3:19 | #include "header.h" | preprocblock.cpp:0:0:25:0 | preprocblock.cpp |
 | preprocblock.cpp:8:2:8:20 | #include "header.h" | preprocblock.cpp:7:0:20:0 | #elif defined GREEN |
 | preprocblock.cpp:11:3:11:21 | #include "header.h" | preprocblock.cpp:10:0:11:0 | #ifndef BLUE |

cpp/ql/test/library-tests/preprocessor/preprocessor/pp23.cpp

@@ -1,15 +0,0 @@
-// semmle-extractor-options: -std=c++23
-
-#define BAR
-
-#ifdef FOO
-#warning C++23 1
-#elifdef BAR
-#warning C++23 2
-#endif
-
-#ifdef FOO
-#warning C++23 3
-#elifndef FOO
-#warning C++23 3
-#endif

cpp/ql/test/library-tests/preprocessor/preprocessor/ppms.cpp

@@ -1,3 +0,0 @@
-// semmle-extractor-options: --microsoft
-
-#import "test.tlb"

cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected

@@ -1,13 +1,4 @@
 | a.h:0:0:0:0 | a.h | 1 | 1 | 1 | 19 | IncludeNext | "a.h" | N/A |
-| pp23.cpp:0:0:0:0 | pp23.cpp | 3 | 1 | 3 | 11 | Macro | BAR |  |
-| pp23.cpp:0:0:0:0 | pp23.cpp | 5 | 1 | 5 | 10 | PreprocessorIfdef | FOO | N/A |
-| pp23.cpp:0:0:0:0 | pp23.cpp | 7 | 1 | 7 | 12 | PreprocessorElifdef | BAR | N/A |
-| pp23.cpp:0:0:0:0 | pp23.cpp | 8 | 1 | 8 | 16 | PreprocessorWarning | C++23 2 | N/A |
-| pp23.cpp:0:0:0:0 | pp23.cpp | 9 | 1 | 9 | 6 | PreprocessorEndif | N/A | N/A |
-| pp23.cpp:0:0:0:0 | pp23.cpp | 11 | 1 | 11 | 10 | PreprocessorIfdef | FOO | N/A |
-| pp23.cpp:0:0:0:0 | pp23.cpp | 13 | 1 | 13 | 13 | PreprocessorElifndef | FOO | N/A |
-| pp23.cpp:0:0:0:0 | pp23.cpp | 14 | 1 | 14 | 16 | PreprocessorWarning | C++23 3 | N/A |
-| pp23.cpp:0:0:0:0 | pp23.cpp | 15 | 1 | 15 | 6 | PreprocessorEndif | N/A | N/A |
 | pp.cpp:0:0:0:0 | pp.cpp | 1 | 1 | 1 | 16 | PreprocessorIf | defined(FOO) | N/A |
 | pp.cpp:0:0:0:0 | pp.cpp | 3 | 1 | 3 | 19 | PreprocessorElif | !defined(BAR) | N/A |
 | pp.cpp:0:0:0:0 | pp.cpp | 4 | 1 | 4 | 11 | Macro | BAR |  |
@@ -49,6 +40,3 @@
 | pp.h:0:0:0:0 | pp.h | 7 | 1 | 11 | 8 | Macro | MULTILINE | world a long |
 | pp.h:0:0:0:0 | pp.h | 13 | 1 | 14 | 11 | PreprocessorUndef | MULTILINE | N/A |
 | pp.h:0:0:0:0 | pp.h | 16 | 1 | 17 | 8 | Include | "pp.h" | N/A |
-| ppms.cpp:0:0:0:0 | ppms.cpp | 3 | 1 | 3 | 18 | TypeLibraryImport | "test.tlb" | N/A |
-| test.tlh:0:0:0:0 | test.tlh | 1 | 1 | 1 | 12 | PreprocessorPragma | once | N/A |
-| test.tlh:0:0:0:0 | test.tlh | 3 | 1 | 3 | 21 | PreprocessorWarning | type library | N/A |

cpp/ql/test/library-tests/preprocessor/preprocessor/test.tlh

@@ -1,3 +0,0 @@
-#pragma once
-
-#warning type library

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.33-dev
+version: 1.7.32
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.33-dev
+version: 1.7.32
 groups:
   - csharp
   - solorigate

csharp/ql/integration-tests/all-platforms/autobuild/autobuild.csproj

@@ -3,6 +3,7 @@
   <PropertyGroup>
     <OutputType>Exe</OutputType>
     <TargetFramework>net5.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
   </PropertyGroup>
 

csharp/ql/integration-tests/all-platforms/autobuild/global.json

@@ -1,5 +1,5 @@
 {
     "sdk": {
-        "version": "9.0.100"
+        "version": "5.0.408"
     }
 }

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/BlazorTest.csproj

@@ -1,9 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
-
-  <PropertyGroup>
-    <TargetFramework>net9.0</TargetFramework>
-    <Nullable>enable</Nullable>
-    <ImplicitUsings>enable</ImplicitUsings>
-  </PropertyGroup>
-
-</Project>

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/App.razor

@@ -1,20 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <base href="/" />
-    <link rel="stylesheet" href="bootstrap/bootstrap.min.css" />
-    <link rel="stylesheet" href="app.css" />
-    <link rel="stylesheet" href="BlazorTest.styles.css" />
-    <link rel="icon" type="image/png" href="favicon.png" />
-    <HeadOutlet />
-</head>
-
-<body>
-    <Routes />
-    <script src="_framework/blazor.web.js"></script>
-</body>
-
-</html>

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Layout/MainLayout.razor

@@ -1,23 +0,0 @@
-@inherits LayoutComponentBase
-
-<div class="page">
-    <div class="sidebar">
-        <NavMenu />
-    </div>
-
-    <main>
-        <div class="top-row px-4">
-            <a href="https://learn.microsoft.com/aspnet/core/" target="_blank">About</a>
-        </div>
-
-        <article class="content px-4">
-            @Body
-        </article>
-    </main>
-</div>
-
-<div id="blazor-error-ui">
-    An unhandled error has occurred.
-    <a href="" class="reload">Reload</a>
-    <a class="dismiss">🗙</a>
-</div>

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Layout/MainLayout.razor.css

@@ -1,96 +0,0 @@
-.page {
-    position: relative;
-    display: flex;
-    flex-direction: column;
-}
-
-main {
-    flex: 1;
-}
-
-.sidebar {
-    background-image: linear-gradient(180deg, rgb(5, 39, 103) 0%, #3a0647 70%);
-}
-
-.top-row {
-    background-color: #f7f7f7;
-    border-bottom: 1px solid #d6d5d5;
-    justify-content: flex-end;
-    height: 3.5rem;
-    display: flex;
-    align-items: center;
-}
-
-    .top-row ::deep a, .top-row ::deep .btn-link {
-        white-space: nowrap;
-        margin-left: 1.5rem;
-        text-decoration: none;
-    }
-
-    .top-row ::deep a:hover, .top-row ::deep .btn-link:hover {
-        text-decoration: underline;
-    }
-
-    .top-row ::deep a:first-child {
-        overflow: hidden;
-        text-overflow: ellipsis;
-    }
-
-@media (max-width: 640.98px) {
-    .top-row {
-        justify-content: space-between;
-    }
-
-    .top-row ::deep a, .top-row ::deep .btn-link {
-        margin-left: 0;
-    }
-}
-
-@media (min-width: 641px) {
-    .page {
-        flex-direction: row;
-    }
-
-    .sidebar {
-        width: 250px;
-        height: 100vh;
-        position: sticky;
-        top: 0;
-    }
-
-    .top-row {
-        position: sticky;
-        top: 0;
-        z-index: 1;
-    }
-
-    .top-row.auth ::deep a:first-child {
-        flex: 1;
-        text-align: right;
-        width: 0;
-    }
-
-    .top-row, article {
-        padding-left: 2rem !important;
-        padding-right: 1.5rem !important;
-    }
-}
-
-#blazor-error-ui {
-    background: lightyellow;
-    bottom: 0;
-    box-shadow: 0 -1px 2px rgba(0, 0, 0, 0.2);
-    display: none;
-    left: 0;
-    padding: 0.6rem 1.25rem 0.7rem 1.25rem;
-    position: fixed;
-    width: 100%;
-    z-index: 1000;
-}
-
-    #blazor-error-ui .dismiss {
-        cursor: pointer;
-        position: absolute;
-        right: 0.75rem;
-        top: 0.5rem;
-    }

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Layout/NavMenu.razor

@@ -1,19 +0,0 @@
-<div class="top-row ps-3 navbar navbar-dark">
-    <div class="container-fluid">
-        <a class="navbar-brand" href="">BlazorTest</a>
-    </div>
-</div>
-
-<input type="checkbox" title="Navigation menu" class="navbar-toggler" />
-
-<div class="nav-scrollable" onclick="document.querySelector('.navbar-toggler').click()">
-    <nav class="flex-column">
-
-        <div class="nav-item px-3">
-            <NavLink class="nav-link" href="test">
-                <span class="bi bi-plus-square-fill-nav-menu" aria-hidden="true"></span> Test
-            </NavLink>
-        </div>
-
-    </nav>
-</div>

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Layout/NavMenu.razor.css

@@ -1,105 +0,0 @@
-.navbar-toggler {
-    appearance: none;
-    cursor: pointer;
-    width: 3.5rem;
-    height: 2.5rem;
-    color: white;
-    position: absolute;
-    top: 0.5rem;
-    right: 1rem;
-    border: 1px solid rgba(255, 255, 255, 0.1);
-    background: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 30 30'%3e%3cpath stroke='rgba%28255, 255, 255, 0.55%29' stroke-linecap='round' stroke-miterlimit='10' stroke-width='2' d='M4 7h22M4 15h22M4 23h22'/%3e%3c/svg%3e") no-repeat center/1.75rem rgba(255, 255, 255, 0.1);
-}
-
-.navbar-toggler:checked {
-    background-color: rgba(255, 255, 255, 0.5);
-}
-
-.top-row {
-    height: 3.5rem;
-    background-color: rgba(0,0,0,0.4);
-}
-
-.navbar-brand {
-    font-size: 1.1rem;
-}
-
-.bi {
-    display: inline-block;
-    position: relative;
-    width: 1.25rem;
-    height: 1.25rem;
-    margin-right: 0.75rem;
-    top: -1px;
-    background-size: cover;
-}
-
-.bi-house-door-fill-nav-menu {
-    background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='16' height='16' fill='white' class='bi bi-house-door-fill' viewBox='0 0 16 16'%3E%3Cpath d='M6.5 14.5v-3.505c0-.245.25-.495.5-.495h2c.25 0 .5.25.5.5v3.5a.5.5 0 0 0 .5.5h4a.5.5 0 0 0 .5-.5v-7a.5.5 0 0 0-.146-.354L13 5.793V2.5a.5.5 0 0 0-.5-.5h-1a.5.5 0 0 0-.5.5v1.293L8.354 1.146a.5.5 0 0 0-.708 0l-6 6A.5.5 0 0 0 1.5 7.5v7a.5.5 0 0 0 .5.5h4a.5.5 0 0 0 .5-.5Z'/%3E%3C/svg%3E");
-}
-
-.bi-plus-square-fill-nav-menu {
-    background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='16' height='16' fill='white' class='bi bi-plus-square-fill' viewBox='0 0 16 16'%3E%3Cpath d='M2 0a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V2a2 2 0 0 0-2-2H2zm6.5 4.5v3h3a.5.5 0 0 1 0 1h-3v3a.5.5 0 0 1-1 0v-3h-3a.5.5 0 0 1 0-1h3v-3a.5.5 0 0 1 1 0z'/%3E%3C/svg%3E");
-}
-
-.bi-list-nested-nav-menu {
-    background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='16' height='16' fill='white' class='bi bi-list-nested' viewBox='0 0 16 16'%3E%3Cpath fill-rule='evenodd' d='M4.5 11.5A.5.5 0 0 1 5 11h10a.5.5 0 0 1 0 1H5a.5.5 0 0 1-.5-.5zm-2-4A.5.5 0 0 1 3 7h10a.5.5 0 0 1 0 1H3a.5.5 0 0 1-.5-.5zm-2-4A.5.5 0 0 1 1 3h10a.5.5 0 0 1 0 1H1a.5.5 0 0 1-.5-.5z'/%3E%3C/svg%3E");
-}
-
-.nav-item {
-    font-size: 0.9rem;
-    padding-bottom: 0.5rem;
-}
-
-    .nav-item:first-of-type {
-        padding-top: 1rem;
-    }
-
-    .nav-item:last-of-type {
-        padding-bottom: 1rem;
-    }
-
-    .nav-item ::deep .nav-link {
-        color: #d7d7d7;
-        background: none;
-        border: none;
-        border-radius: 4px;
-        height: 3rem;
-        display: flex;
-        align-items: center;
-        line-height: 3rem;
-        width: 100%;
-    }
-
-.nav-item ::deep a.active {
-    background-color: rgba(255,255,255,0.37);
-    color: white;
-}
-
-.nav-item ::deep .nav-link:hover {
-    background-color: rgba(255,255,255,0.1);
-    color: white;
-}
-
-.nav-scrollable {
-    display: none;
-}
-
-.navbar-toggler:checked ~ .nav-scrollable {
-    display: block;
-}
-
-@media (min-width: 641px) {
-    .navbar-toggler {
-        display: none;
-    }
-
-    .nav-scrollable {
-        /* Never collapse the sidebar for wide screens */
-        display: block;
-
-        /* Allow sidebar to scroll for tall menus */
-        height: calc(100vh - 3.5rem);
-        overflow-y: auto;
-    }
-}

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/MyInput.razor

@@ -1,20 +0,0 @@
-@rendermode InteractiveServer
-
-<input @bind="Param1" @bind:event="onchange" @bind:after="Fire">
-
-@code {
-    [Parameter]
-    public string? Param1 { get; set; } = "";
-
-    [Parameter]
-    public EventCallback<string?> ValueChanged { get; set; }
-
-    [Parameter]
-    public EventCallback<string?> Param1Changed { get; set; }
-
-    private void Fire()
-    {
-        ValueChanged.InvokeAsync(Param1);
-        Param1Changed.InvokeAsync(Param1);
-    }
-}

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/MyOutput.razor

@@ -1,11 +0,0 @@
-@rendermode InteractiveServer
-
-<div>
-    <p>Value from InputText: @Value</p>
-    <p>Raw value from InputText: @(new MarkupString(Value))</p>
-</div>
-
-@code {
-    [Parameter]
-    public string Value { get; set; } = "";
-}

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Pages/Error.razor

@@ -1,36 +0,0 @@
-@page "/Error"
-@using System.Diagnostics
-
-<PageTitle>Error</PageTitle>
-
-<h1 class="text-danger">Error.</h1>
-<h2 class="text-danger">An error occurred while processing your request.</h2>
-
-@if (ShowRequestId)
-{
-    <p>
-        <strong>Request ID:</strong> <code>@RequestId</code>
-    </p>
-}
-
-<h3>Development Mode</h3>
-<p>
-    Swapping to <strong>Development</strong> environment will display more detailed information about the error that occurred.
-</p>
-<p>
-    <strong>The Development environment shouldn't be enabled for deployed applications.</strong>
-    It can result in displaying sensitive information from exceptions to end users.
-    For local debugging, enable the <strong>Development</strong> environment by setting the <strong>ASPNETCORE_ENVIRONMENT</strong> environment variable to <strong>Development</strong>
-    and restarting the app.
-</p>
-
-@code{
-    [CascadingParameter]
-    private HttpContext? HttpContext { get; set; }
-
-    private string? RequestId { get; set; }
-    private bool ShowRequestId => !string.IsNullOrEmpty(RequestId);
-
-    protected override void OnInitialized() =>
-        RequestId = Activity.Current?.Id ?? HttpContext?.TraceIdentifier;
-}

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Pages/TestPage.razor

@@ -1,125 +0,0 @@
-@page "/"
-@page "/test/{urlParam?}"
-@rendermode InteractiveServer
-
-<PageTitle>TestPage</PageTitle>
-
-<div>
-    <h3>Route parameter</h3>
-    <p>Go to: <a href="/test/@XssUrl">/test/@XssUrl</a></p>
-    <p>Parameter from URL: @UrlParam</p>
-    <p>Raw parameter from URL: @((MarkupString)UrlParam)</p>
-</div>
-
-<hr />
-
-<div>
-    <h3>Query parameter</h3>
-    <p>Go to: <a href="/test/?qs=@XssUrl">/test/?qs=@XssUrl</a></p>
-    <p>Parameter from query string: @QueryParam</p>
-    <p>Raw parameter from query string: @(new MarkupString(QueryParam))</p>
-</div>
-
-<hr />
-
-<div>
-    <h3>Bind InputText component</h3>
-    <InputText @bind-Value="InputValue1" />
-    <p>Value from InputText: @InputValue1</p>
-    <p>Raw value from InputText: @(new MarkupString(InputValue1))</p>
-</div>
-
-<hr />
-
-<div>
-    <h3>Bind input element</h3>
-    <input @bind="InputValue2">
-    <p>Value from InputText: @InputValue2</p>
-    <p>Raw value from InputText: @(new MarkupString(InputValue2))</p>
-</div>
-
-<hr />
-
-<div>
-    <h3>Bind through object property</h3>
-    <input @bind="Container1.Value">
-    <p>Value from InputText: @Container1.Value</p>
-    <p>Raw value from InputText: @(new MarkupString(Container1.Value))</p>
-</div>
-
-<hr />
-
-<div>
-    <h3>Input component with custom event</h3>
-    <MyInput Param1="@InputValue3" ValueChanged="MyInputChanged" />
-    <p>Value from InputText: @InputValue3</p>
-    <p>Raw value from InputText: @(new MarkupString(InputValue3))</p>
-</div>
-
-<hr />
-
-<div>
-    <h3>Input component with binding</h3>
-    <MyInput @bind-Param1="InputValue4" />
-    <p>Value from InputText: @InputValue4</p>
-    <p>Raw value from InputText: @(new MarkupString(InputValue4))</p>
-</div>
-
-<hr />
-
-<div>
-    <h3>Input, Output components</h3>
-    <MyInput @bind-Param1="InputValue5" />
-    <MyOutput Value="@InputValue5" />
-</div>
-
-<hr />
-
-<div>
-    <h3>Bind InputText, Output component</h3>
-    <InputText @bind-Value="InputValue6" />
-    <MyOutput Value="@InputValue6" />
-</div>
-
-@code {
-
-    public class Container
-    {
-        public string? Value { get; set; } = "";
-    }
-
-    private const string XssUrl = "<b>aaaa<%2Fb>";
-    private const string XssUrl2 = "<b>aaaa</b>";
-
-    [Parameter]
-    public string UrlParam { get; set; } = "";
-
-    [SupplyParameterFromQuery(Name = "qs")]
-    public string QueryParam { get; set; } = "";
-
-    public string InputValue1 { get; set; } = "";
-    public string InputValue2 { get; set; } = "";
-    public string InputValue3 { get; set; } = "";
-    public string InputValue4 { get; set; } = "";
-    public string InputValue5 { get; set; } = "";
-    public string InputValue6 { get; set; } = "";
-
-    public Container Container1 { get; set; } = new Container();
-
-    protected override void OnInitialized()
-    {
-        InputValue1 = XssUrl2;
-        InputValue2 = XssUrl2;
-        Container1.Value = XssUrl2;
-        InputValue3 = XssUrl2;
-        InputValue4 = XssUrl2;
-        InputValue5 = XssUrl2;
-        InputValue6 = XssUrl2;
-
-    }
-
-    private void MyInputChanged(string value)
-    {
-        InputValue3 = value;
-    }
-}

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/Routes.razor

@@ -1,6 +0,0 @@
-<Router AppAssembly="typeof(Program).Assembly">
-    <Found Context="routeData">
-        <RouteView RouteData="routeData" DefaultLayout="typeof(Layout.MainLayout)" />
-        <FocusOnNavigate RouteData="routeData" Selector="h1" />
-    </Found>
-</Router>

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Components/_Imports.razor

@@ -1,10 +0,0 @@
-@using System.Net.Http
-@using System.Net.Http.Json
-@using Microsoft.AspNetCore.Components.Forms
-@using Microsoft.AspNetCore.Components.Routing
-@using Microsoft.AspNetCore.Components.Web
-@using static Microsoft.AspNetCore.Components.Web.RenderMode
-@using Microsoft.AspNetCore.Components.Web.Virtualization
-@using Microsoft.JSInterop
-@using BlazorTest
-@using BlazorTest.Components

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Program.cs

@@ -1,27 +0,0 @@
-using BlazorTest.Components;
-
-var builder = WebApplication.CreateBuilder(args);
-
-// Add services to the container.
-builder.Services.AddRazorComponents()
-    .AddInteractiveServerComponents();
-
-var app = builder.Build();
-
-// Configure the HTTP request pipeline.
-if (!app.Environment.IsDevelopment())
-{
-    app.UseExceptionHandler("/Error", createScopeForErrors: true);
-    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
-    app.UseHsts();
-}
-
-app.UseHttpsRedirection();
-
-app.UseStaticFiles();
-app.UseAntiforgery();
-
-app.MapRazorComponents<App>()
-    .AddInteractiveServerRenderMode();
-
-app.Run();

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/Properties/launchSettings.json

@@ -1,14 +0,0 @@
-{
-  "$schema": "http://json.schemastore.org/launchsettings.json",
-  "profiles": {
-    "http": {
-      "commandName": "Project",
-      "dotnetRunMessages": true,
-      "launchBrowser": true,
-      "applicationUrl": "http://localhost:5047",
-      "environmentVariables": {
-        "ASPNETCORE_ENVIRONMENT": "Development"
-      }
-    }
-  }
-}

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/appsettings.json

@@ -1,9 +0,0 @@
-{
-  "Logging": {
-    "LogLevel": {
-      "Default": "Information",
-      "Microsoft.AspNetCore": "Warning"
-    }
-  },
-  "AllowedHosts": "*"
-}

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/global.json

@@ -1,5 +0,0 @@
-{
-    "sdk": {
-        "version": "9.0.100"
-    }
-}

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/wwwroot/app.css

@@ -1,51 +0,0 @@
-html, body {
-    font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;
-}
-
-a, .btn-link {
-    color: #006bb7;
-}
-
-.btn-primary {
-    color: #fff;
-    background-color: #1b6ec2;
-    border-color: #1861ac;
-}
-
-.btn:focus, .btn:active:focus, .btn-link.nav-link:focus, .form-control:focus, .form-check-input:focus {
-  box-shadow: 0 0 0 0.1rem white, 0 0 0 0.25rem #258cfb;
-}
-
-.content {
-    padding-top: 1.1rem;
-}
-
-h1:focus {
-    outline: none;
-}
-
-.valid.modified:not([type=checkbox]) {
-    outline: 1px solid #26b050;
-}
-
-.invalid {
-    outline: 1px solid #e50000;
-}
-
-.validation-message {
-    color: #e50000;
-}
-
-.blazor-error-boundary {
-    background: url(data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTYiIGhlaWdodD0iNDkiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIG92ZXJmbG93PSJoaWRkZW4iPjxkZWZzPjxjbGlwUGF0aCBpZD0iY2xpcDAiPjxyZWN0IHg9IjIzNSIgeT0iNTEiIHdpZHRoPSI1NiIgaGVpZ2h0PSI0OSIvPjwvY2xpcFBhdGg+PC9kZWZzPjxnIGNsaXAtcGF0aD0idXJsKCNjbGlwMCkiIHRyYW5zZm9ybT0idHJhbnNsYXRlKC0yMzUgLTUxKSI+PHBhdGggZD0iTTI2My41MDYgNTFDMjY0LjcxNyA1MSAyNjUuODEzIDUxLjQ4MzcgMjY2LjYwNiA1Mi4yNjU4TDI2Ny4wNTIgNTIuNzk4NyAyNjcuNTM5IDUzLjYyODMgMjkwLjE4NSA5Mi4xODMxIDI5MC41NDUgOTIuNzk1IDI5MC42NTYgOTIuOTk2QzI5MC44NzcgOTMuNTEzIDI5MSA5NC4wODE1IDI5MSA5NC42NzgyIDI5MSA5Ny4wNjUxIDI4OS4wMzggOTkgMjg2LjYxNyA5OUwyNDAuMzgzIDk5QzIzNy45NjMgOTkgMjM2IDk3LjA2NTEgMjM2IDk0LjY3ODIgMjM2IDk0LjM3OTkgMjM2LjAzMSA5NC4wODg2IDIzNi4wODkgOTMuODA3MkwyMzYuMzM4IDkzLjAxNjIgMjM2Ljg1OCA5Mi4xMzE0IDI1OS40NzMgNTMuNjI5NCAyNTkuOTYxIDUyLjc5ODUgMjYwLjQwNyA1Mi4yNjU4QzI2MS4yIDUxLjQ4MzcgMjYyLjI5NiA1MSAyNjMuNTA2IDUxWk0yNjMuNTg2IDY2LjAxODNDMjYwLjczNyA2Ni4wMTgzIDI1OS4zMTMgNjcuMTI0NSAyNTkuMzEzIDY5LjMzNyAyNTkuMzEzIDY5LjYxMDIgMjU5LjMzMiA2OS44NjA4IDI1OS4zNzEgNzAuMDg4N0wyNjEuNzk1IDg0LjAxNjEgMjY1LjM4IDg0LjAxNjEgMjY3LjgyMSA2OS43NDc1QzI2Ny44NiA2OS43MzA5IDI2Ny44NzkgNjkuNTg3NyAyNjcuODc5IDY5LjMxNzkgMjY3Ljg3OSA2Ny4xMTgyIDI2Ni40NDggNjYuMDE4MyAyNjMuNTg2IDY2LjAxODNaTTI2My41NzYgODYuMDU0N0MyNjEuMDQ5IDg2LjA1NDcgMjU5Ljc4NiA4Ny4zMDA1IDI1OS43ODYgODkuNzkyMSAyNTkuNzg2IDkyLjI4MzcgMjYxLjA0OSA5My41Mjk1IDI2My41NzYgOTMuNTI5NSAyNjYuMTE2IDkzLjUyOTUgMjY3LjM4NyA5Mi4yODM3IDI2Ny4zODcgODkuNzkyMSAyNjcuMzg3IDg3LjMwMDUgMjY2LjExNiA4Ni4wNTQ3IDI2My41NzYgODYuMDU0N1oiIGZpbGw9IiNGRkU1MDAiIGZpbGwtcnVsZT0iZXZlbm9kZCIvPjwvZz48L3N2Zz4=) no-repeat 1rem/1.8rem, #b32121;
-    padding: 1rem 1rem 1rem 3.7rem;
-    color: white;
-}
-
-    .blazor-error-boundary::after {
-        content: "An error has occurred."
-    }
-
-.darker-border-checkbox.form-check-input {
-    border-color: #929292;
-}

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/Files.expected

@@ -1,20 +0,0 @@
-| BlazorTest/Components/App.razor |
-| BlazorTest/Components/Layout/MainLayout.razor |
-| BlazorTest/Components/Layout/NavMenu.razor |
-| BlazorTest/Components/MyInput.razor |
-| BlazorTest/Components/MyOutput.razor |
-| BlazorTest/Components/Pages/Error.razor |
-| BlazorTest/Components/Pages/TestPage.razor |
-| BlazorTest/Components/Routes.razor |
-| BlazorTest/Components/_Imports.razor |
-| BlazorTest/Program.cs |
-| [...]/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_App_razor.g.cs |
-| [...]/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_MainLayout_razor.g.cs |
-| [...]/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_NavMenu_razor.g.cs |
-| [...]/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyInput_razor.g.cs |
-| [...]/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyOutput_razor.g.cs |
-| [...]/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_Error_razor.g.cs |
-| [...]/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs |
-| [...]/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Routes_razor.g.cs |
-| [...]/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components__Imports_razor.g.cs |
-| test-db/working/implicitUsings/GlobalUsings.g.cs |

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/Files.ql

@@ -1,29 +0,0 @@
-import csharp
-
-private string razorSourceGenerator() {
-  result =
-    "Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator"
-}
-
-private string getPath(File f) {
-  result = f.getRelativePath() and
-  not exists(result.indexOf(razorSourceGenerator()))
-  or
-  exists(int index1, string path | path = f.getRelativePath() |
-    // pattern =
-    //   "Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator" and
-    // index1 = f.getRelativePath().indexOf(pattern) and
-    // index2 =
-    //   f.getRelativePath()
-    //       .indexOf("_ql_csharp_ql_integration_tests_all_platforms_blazor_build_mode_none_") and
-    // result =
-    //   "[...]/" + f.getRelativePath().substring(index1, index1 + pattern.length()) + "/[...]" +
-    //     f.getRelativePath().substring(index2, f.getRelativePath().length())
-    index1 = path.indexOf(razorSourceGenerator()) and
-    result = "[...]/" + f.getRelativePath().substring(index1, path.length())
-  )
-}
-
-from File f
-where f.fromSource() or f.getExtension() = "razor"
-select getPath(f)

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/htmlSinks.expected

@@ -1,8 +0,0 @@
-| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value |
-| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam |
-| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam |
-| BlazorTest/Components/Pages/TestPage.razor:29:53:29:63 | access to property InputValue1 |
-| BlazorTest/Components/Pages/TestPage.razor:38:53:38:63 | access to property InputValue2 |
-| BlazorTest/Components/Pages/TestPage.razor:47:53:47:68 | access to property Value |
-| BlazorTest/Components/Pages/TestPage.razor:56:53:56:63 | access to property InputValue3 |
-| BlazorTest/Components/Pages/TestPage.razor:65:53:65:63 | access to property InputValue4 |

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/htmlSinks.ql

@@ -1,7 +0,0 @@
-import semmle.code.csharp.security.dataflow.flowsinks.Html
-
-from HtmlSink sink, File f
-where
-  sink.getLocation().getFile() = f and
-  (f.fromSource() or f.getExtension() = "razor")
-select sink

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/test.py

@@ -1,5 +0,0 @@
-import pytest
-
-@pytest.mark.ql_test("DB-CHECK", xfail=True)
-def test(codeql, csharp):
-    codeql.database.create(build_mode="none")

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 4.0.3-dev
+version: 4.0.2
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/change-notes/2024-11-05-experimental-queries.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* All *experimental* queries have been deprecated. The queries are instead available as part of the *default* query suite in [CodeQL-Community-Packs](https://github.com/GitHubSecurityLab/CodeQL-Community-Packs).

csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql

@@ -15,16 +15,10 @@
  */
 
 import csharp
-deprecated import TaintedWebClientLib
-deprecated import TaintedWebClient::PathGraph
+import TaintedWebClientLib
+import TaintedWebClient::PathGraph
 
-deprecated query predicate problems(
-  DataFlow::Node sinkNode, TaintedWebClient::PathNode source, TaintedWebClient::PathNode sink,
-  string message1, DataFlow::Node sourceNode, string message2
-) {
-  TaintedWebClient::flowPath(source, sink) and
-  sinkNode = sink.getNode() and
-  message1 = "A method of WebClient depepends on a $@." and
-  sourceNode = source.getNode() and
-  message2 = "user-provided value"
-}
+from TaintedWebClient::PathNode source, TaintedWebClient::PathNode sink
+where TaintedWebClient::flowPath(source, sink)
+select sink.getNode(), source, sink, "A method of WebClient depepends on a $@.", source.getNode(),
+  "user-provided value"

csharp/ql/src/experimental/CWE-099/TaintedWebClientLib.qll

@@ -1,5 +1,3 @@
-deprecated module;
-
 import csharp
 import semmle.code.csharp.frameworks.system.Net
 import semmle.code.csharp.frameworks.System

csharp/ql/src/experimental/CWE-918/RequestForgery.ql

@@ -11,16 +11,10 @@
  */
 
 import csharp
-deprecated import RequestForgery::RequestForgery
-deprecated import RequestForgeryFlow::PathGraph
+import RequestForgery::RequestForgery
+import RequestForgeryFlow::PathGraph
 
-deprecated query predicate problems(
-  DataFlow::Node sinkNode, RequestForgeryFlow::PathNode source, RequestForgeryFlow::PathNode sink,
-  string message1, DataFlow::Node sourceNode, string message2
-) {
-  RequestForgeryFlow::flowPath(source, sink) and
-  sinkNode = sink.getNode() and
-  message1 = "The URL of this request depends on a $@." and
-  sourceNode = source.getNode() and
-  message2 = "user-provided value"
-}
+from RequestForgeryFlow::PathNode source, RequestForgeryFlow::PathNode sink
+where RequestForgeryFlow::flowPath(source, sink)
+select sink.getNode(), source, sink, "The URL of this request depends on a $@.", source.getNode(),
+  "user-provided value"

csharp/ql/src/experimental/CWE-918/RequestForgery.qll

@@ -1,5 +1,3 @@
-deprecated module;
-
 import csharp
 
 module RequestForgery {

csharp/ql/src/experimental/Security Features/CWE-1004/CookieWithoutHttpOnly.ql

@@ -17,91 +17,89 @@ import csharp
 import semmle.code.asp.WebConfig
 import semmle.code.csharp.frameworks.system.Web
 import semmle.code.csharp.frameworks.microsoft.AspNetCore
-deprecated import experimental.dataflow.flowsources.AuthCookie
+import experimental.dataflow.flowsources.AuthCookie
 
-deprecated query predicate problems(Expr httpOnlySink, string message) {
-  (
-    exists(Assignment a, Expr val |
-      httpOnlySink = a.getRValue() and
-      val.getValue() = "false" and
-      (
-        exists(ObjectCreation oc |
-          getAValueForProp(oc, a, "HttpOnly") = val and
-          (
-            oc.getType() instanceof SystemWebHttpCookie and
-            isCookieWithSensitiveName(oc.getArgument(0))
-            or
-            exists(MethodCall mc, MicrosoftAspNetCoreHttpResponseCookies iResponse |
-              oc.getType() instanceof MicrosoftAspNetCoreHttpCookieOptions and
-              iResponse.getAppendMethod() = mc.getTarget() and
-              isCookieWithSensitiveName(mc.getArgument(0)) and
-              // there is no callback `OnAppendCookie` that sets `HttpOnly` to true
-              not OnAppendCookieHttpOnlyTracking::flowTo(_) and
-              // Passed as third argument to `IResponseCookies.Append`
-              exists(DataFlow::Node creation, DataFlow::Node append |
-                CookieOptionsTracking::flow(creation, append) and
-                creation.asExpr() = oc and
-                append.asExpr() = mc.getArgument(2)
-              )
-            )
-          )
-        )
-        or
-        exists(PropertyWrite pw |
-          (
-            pw.getProperty().getDeclaringType() instanceof MicrosoftAspNetCoreHttpCookieBuilder or
-            pw.getProperty().getDeclaringType() instanceof
-              MicrosoftAspNetCoreAuthenticationCookiesCookieAuthenticationOptions
-          ) and
-          pw.getProperty().getName() = "HttpOnly" and
-          a.getLValue() = pw and
-          DataFlow::localExprFlow(val, a.getRValue())
-        )
-      )
-    )
-    or
-    exists(Call c |
-      httpOnlySink = c and
-      (
-        exists(MicrosoftAspNetCoreHttpResponseCookies iResponse, MethodCall mc |
-          // default is not configured or is not set to `Always`
-          not getAValueForCookiePolicyProp("HttpOnly").getValue() = "1" and
-          // there is no callback `OnAppendCookie` that sets `HttpOnly` to true
-          not OnAppendCookieHttpOnlyTracking::flowTo(_) and
-          iResponse.getAppendMethod() = mc.getTarget() and
-          isCookieWithSensitiveName(mc.getArgument(0)) and
-          (
-            // `HttpOnly` property in `CookieOptions` passed to IResponseCookies.Append(...) wasn't set
-            exists(ObjectCreation oc |
-              oc = c and
-              oc.getType() instanceof MicrosoftAspNetCoreHttpCookieOptions and
-              not isPropertySet(oc, "HttpOnly") and
-              exists(DataFlow::Node creation |
-                CookieOptionsTracking::flow(creation, _) and
-                creation.asExpr() = oc
-              )
-            )
-            or
-            // IResponseCookies.Append(String, String) was called, `HttpOnly` is set to `false` by default
-            mc = c and
-            mc.getNumberOfArguments() < 3
-          )
-        )
-        or
-        exists(ObjectCreation oc |
-          oc = c and
+from Expr httpOnlySink
+where
+  exists(Assignment a, Expr val |
+    httpOnlySink = a.getRValue() and
+    val.getValue() = "false" and
+    (
+      exists(ObjectCreation oc |
+        getAValueForProp(oc, a, "HttpOnly") = val and
+        (
           oc.getType() instanceof SystemWebHttpCookie and
-          isCookieWithSensitiveName(oc.getArgument(0)) and
-          // the property wasn't explicitly set, so a default value from config is used
-          not isPropertySet(oc, "HttpOnly") and
-          // the default in config is not set to `true`
-          not exists(XmlElement element |
-            element instanceof HttpCookiesElement and
-            element.(HttpCookiesElement).isHttpOnlyCookies()
+          isCookieWithSensitiveName(oc.getArgument(0))
+          or
+          exists(MethodCall mc, MicrosoftAspNetCoreHttpResponseCookies iResponse |
+            oc.getType() instanceof MicrosoftAspNetCoreHttpCookieOptions and
+            iResponse.getAppendMethod() = mc.getTarget() and
+            isCookieWithSensitiveName(mc.getArgument(0)) and
+            // there is no callback `OnAppendCookie` that sets `HttpOnly` to true
+            not OnAppendCookieHttpOnlyTracking::flowTo(_) and
+            // Passed as third argument to `IResponseCookies.Append`
+            exists(DataFlow::Node creation, DataFlow::Node append |
+              CookieOptionsTracking::flow(creation, append) and
+              creation.asExpr() = oc and
+              append.asExpr() = mc.getArgument(2)
+            )
           )
         )
       )
+      or
+      exists(PropertyWrite pw |
+        (
+          pw.getProperty().getDeclaringType() instanceof MicrosoftAspNetCoreHttpCookieBuilder or
+          pw.getProperty().getDeclaringType() instanceof
+            MicrosoftAspNetCoreAuthenticationCookiesCookieAuthenticationOptions
+        ) and
+        pw.getProperty().getName() = "HttpOnly" and
+        a.getLValue() = pw and
+        DataFlow::localExprFlow(val, a.getRValue())
+      )
     )
-  ) and
-  message = "Cookie attribute 'HttpOnly' is not set to true."
-}
+  )
+  or
+  exists(Call c |
+    httpOnlySink = c and
+    (
+      exists(MicrosoftAspNetCoreHttpResponseCookies iResponse, MethodCall mc |
+        // default is not configured or is not set to `Always`
+        not getAValueForCookiePolicyProp("HttpOnly").getValue() = "1" and
+        // there is no callback `OnAppendCookie` that sets `HttpOnly` to true
+        not OnAppendCookieHttpOnlyTracking::flowTo(_) and
+        iResponse.getAppendMethod() = mc.getTarget() and
+        isCookieWithSensitiveName(mc.getArgument(0)) and
+        (
+          // `HttpOnly` property in `CookieOptions` passed to IResponseCookies.Append(...) wasn't set
+          exists(ObjectCreation oc |
+            oc = c and
+            oc.getType() instanceof MicrosoftAspNetCoreHttpCookieOptions and
+            not isPropertySet(oc, "HttpOnly") and
+            exists(DataFlow::Node creation |
+              CookieOptionsTracking::flow(creation, _) and
+              creation.asExpr() = oc
+            )
+          )
+          or
+          // IResponseCookies.Append(String, String) was called, `HttpOnly` is set to `false` by default
+          mc = c and
+          mc.getNumberOfArguments() < 3
+        )
+      )
+      or
+      exists(ObjectCreation oc |
+        oc = c and
+        oc.getType() instanceof SystemWebHttpCookie and
+        isCookieWithSensitiveName(oc.getArgument(0)) and
+        // the property wasn't explicitly set, so a default value from config is used
+        not isPropertySet(oc, "HttpOnly") and
+        // the default in config is not set to `true`
+        not exists(XmlElement element |
+          element instanceof HttpCookiesElement and
+          element.(HttpCookiesElement).isHttpOnlyCookies()
+        )
+      )
+    )
+  )
+select httpOnlySink, "Cookie attribute 'HttpOnly' is not set to true."

csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql

@@ -68,14 +68,15 @@ predicate isExprAnAccessToSafeClientSideEncryptionVersionValue(Expr e) {
   )
 }
 
-deprecated query predicate problems(Expr e, string message) {
-  exists(Class c, Assembly asm | asm = c.getLocation() |
+from Expr e, Class c, Assembly asm
+where
+  asm = c.getLocation() and
+  (
     exists(Expr e2 |
       isCreatingAzureClientSideEncryptionObject(e, c, e2) and
       not isObjectCreationArgumentSafeAndUsingSafeVersionOfAssembly(e2, asm)
     )
     or
     isCreatingOutdatedAzureClientSideEncryptionObject(e, c)
-  ) and
-  message = "Unsafe usage of v1 version of Azure Storage client-side encryption."
-}
+  )
+select e, "Unsafe usage of v1 version of Azure Storage client-side encryption."

csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql

@@ -17,91 +17,89 @@ import csharp
 import semmle.code.asp.WebConfig
 import semmle.code.csharp.frameworks.system.Web
 import semmle.code.csharp.frameworks.microsoft.AspNetCore
-deprecated import experimental.dataflow.flowsources.AuthCookie
+import experimental.dataflow.flowsources.AuthCookie
 
-deprecated query predicate problems(Expr secureSink, string message) {
-  (
-    exists(Call c |
-      secureSink = c and
+from Expr secureSink
+where
+  exists(Call c |
+    secureSink = c and
+    (
+      // default is not configured or is not set to `Always` or `SameAsRequest`
+      not (
+        getAValueForCookiePolicyProp("Secure").getValue() = "0" or
+        getAValueForCookiePolicyProp("Secure").getValue() = "1"
+      ) and
+      // there is no callback `OnAppendCookie` that sets `Secure` to true
+      not OnAppendCookieSecureTracking::flowTo(_) and
       (
-        // default is not configured or is not set to `Always` or `SameAsRequest`
-        not (
-          getAValueForCookiePolicyProp("Secure").getValue() = "0" or
-          getAValueForCookiePolicyProp("Secure").getValue() = "1"
-        ) and
-        // there is no callback `OnAppendCookie` that sets `Secure` to true
-        not OnAppendCookieSecureTracking::flowTo(_) and
-        (
-          // `Secure` property in `CookieOptions` passed to IResponseCookies.Append(...) wasn't set
-          exists(ObjectCreation oc |
-            oc = c and
-            oc.getType() instanceof MicrosoftAspNetCoreHttpCookieOptions and
-            not isPropertySet(oc, "Secure") and
-            exists(DataFlow::Node creation |
-              CookieOptionsTracking::flow(creation, _) and
-              creation.asExpr() = oc
-            )
-          )
-          or
-          // IResponseCookies.Append(String, String) was called, `Secure` is set to `false` by default
-          exists(MethodCall mc, MicrosoftAspNetCoreHttpResponseCookies iResponse |
-            mc = c and
-            iResponse.getAppendMethod() = mc.getTarget() and
-            mc.getNumberOfArguments() < 3
-          )
-        )
-        or
+        // `Secure` property in `CookieOptions` passed to IResponseCookies.Append(...) wasn't set
         exists(ObjectCreation oc |
           oc = c and
-          oc.getType() instanceof SystemWebHttpCookie and
-          // the property wasn't explicitly set, so a default value from config is used
+          oc.getType() instanceof MicrosoftAspNetCoreHttpCookieOptions and
           not isPropertySet(oc, "Secure") and
-          // the default in config is not set to `true`
-          // the `exists` below covers the `cs/web/requiressl-not-set`
-          not exists(XmlElement element |
-            element instanceof FormsElement and
-            element.(FormsElement).isRequireSsl()
-            or
-            element instanceof HttpCookiesElement and
-            element.(HttpCookiesElement).isRequireSsl()
-          )
-        )
-      )
-    )
-    or
-    exists(Assignment a, Expr val |
-      secureSink = a.getRValue() and
-      (
-        exists(ObjectCreation oc |
-          getAValueForProp(oc, a, "Secure") = val and
-          val.getValue() = "false" and
-          (
-            oc.getType() instanceof SystemWebHttpCookie
-            or
-            oc.getType() instanceof MicrosoftAspNetCoreHttpCookieOptions and
-            // there is no callback `OnAppendCookie` that sets `Secure` to true
-            not OnAppendCookieSecureTracking::flowTo(_) and
-            // the cookie option is passed to `Append`
-            exists(DataFlow::Node creation |
-              CookieOptionsTracking::flow(creation, _) and
-              creation.asExpr() = oc
-            )
+          exists(DataFlow::Node creation |
+            CookieOptionsTracking::flow(creation, _) and
+            creation.asExpr() = oc
           )
         )
         or
-        exists(PropertyWrite pw |
-          (
-            pw.getProperty().getDeclaringType() instanceof MicrosoftAspNetCoreHttpCookieBuilder or
-            pw.getProperty().getDeclaringType() instanceof
-              MicrosoftAspNetCoreAuthenticationCookiesCookieAuthenticationOptions
-          ) and
-          pw.getProperty().getName() = "SecurePolicy" and
-          a.getLValue() = pw and
-          DataFlow::localExprFlow(val, a.getRValue()) and
-          val.getValue() = "2" // None
+        // IResponseCookies.Append(String, String) was called, `Secure` is set to `false` by default
+        exists(MethodCall mc, MicrosoftAspNetCoreHttpResponseCookies iResponse |
+          mc = c and
+          iResponse.getAppendMethod() = mc.getTarget() and
+          mc.getNumberOfArguments() < 3
+        )
+      )
+      or
+      exists(ObjectCreation oc |
+        oc = c and
+        oc.getType() instanceof SystemWebHttpCookie and
+        // the property wasn't explicitly set, so a default value from config is used
+        not isPropertySet(oc, "Secure") and
+        // the default in config is not set to `true`
+        // the `exists` below covers the `cs/web/requiressl-not-set`
+        not exists(XmlElement element |
+          element instanceof FormsElement and
+          element.(FormsElement).isRequireSsl()
+          or
+          element instanceof HttpCookiesElement and
+          element.(HttpCookiesElement).isRequireSsl()
         )
       )
     )
-  ) and
-  message = "Cookie attribute 'Secure' is not set to true."
-}
+  )
+  or
+  exists(Assignment a, Expr val |
+    secureSink = a.getRValue() and
+    (
+      exists(ObjectCreation oc |
+        getAValueForProp(oc, a, "Secure") = val and
+        val.getValue() = "false" and
+        (
+          oc.getType() instanceof SystemWebHttpCookie
+          or
+          oc.getType() instanceof MicrosoftAspNetCoreHttpCookieOptions and
+          // there is no callback `OnAppendCookie` that sets `Secure` to true
+          not OnAppendCookieSecureTracking::flowTo(_) and
+          // the cookie option is passed to `Append`
+          exists(DataFlow::Node creation |
+            CookieOptionsTracking::flow(creation, _) and
+            creation.asExpr() = oc
+          )
+        )
+      )
+      or
+      exists(PropertyWrite pw |
+        (
+          pw.getProperty().getDeclaringType() instanceof MicrosoftAspNetCoreHttpCookieBuilder or
+          pw.getProperty().getDeclaringType() instanceof
+            MicrosoftAspNetCoreAuthenticationCookiesCookieAuthenticationOptions
+        ) and
+        pw.getProperty().getName() = "SecurePolicy" and
+        a.getLValue() = pw and
+        DataFlow::localExprFlow(val, a.getRValue()) and
+        val.getValue() = "2" // None
+      )
+    )
+  )
+select secureSink, "Cookie attribute 'Secure' is not set to true."

csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql

@@ -192,13 +192,7 @@ module HashWithoutSaltConfig implements DataFlow::ConfigSig {
 
 module HashWithoutSalt = TaintTracking::Global<HashWithoutSaltConfig>;
 
-deprecated query predicate problems(
-  DataFlow::Node sinkNode, HashWithoutSalt::PathNode source, HashWithoutSalt::PathNode sink,
-  string message, DataFlow::Node sourceNode, string password
-) {
-  sinkNode = sink.getNode() and
-  sourceNode = source.getNode() and
-  HashWithoutSalt::flowPath(source, sink) and
-  message = "$@ is hashed without a salt." and
-  password = "The password"
-}
+from HashWithoutSalt::PathNode source, HashWithoutSalt::PathNode sink
+where HashWithoutSalt::flowPath(source, sink)
+select sink.getNode(), source, sink, "$@ is hashed without a salt.", source.getNode(),
+  "The password"

csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll

@@ -1,5 +1,3 @@
-deprecated module;
-
 import csharp
 import DataFlow
 

csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql

@@ -14,17 +14,11 @@
 
 import csharp
 import DataFlow
-deprecated import JsonWebTokenHandlerLib
+import JsonWebTokenHandlerLib
 import semmle.code.csharp.commons.QualifiedName
 
-deprecated query predicate problems(
-  CallableAlwaysReturnsTrue e, string message, TokenValidationParametersProperty p,
-  string fullyQualifiedName
-) {
-  exists(string qualifier, string name | p.hasFullyQualifiedName(qualifier, name) |
-    fullyQualifiedName = getQualifiedName(qualifier, name)
-  ) and
-  e = p.getAnAssignedValue() and
-  message =
-    "JsonWebTokenHandler security-sensitive property $@ is being delegated to this callable that always returns \"true\"."
-}
+from TokenValidationParametersProperty p, CallableAlwaysReturnsTrue e, string qualifier, string name
+where e = p.getAnAssignedValue() and p.hasFullyQualifiedName(qualifier, name)
+select e,
+  "JsonWebTokenHandler security-sensitive property $@ is being delegated to this callable that always returns \"true\".",
+  p, getQualifiedName(qualifier, name)

csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql

@@ -12,18 +12,15 @@
  */
 
 import csharp
-deprecated import JsonWebTokenHandlerLib
+import JsonWebTokenHandlerLib
 import semmle.code.csharp.commons.QualifiedName
 
-deprecated query predicate problems(
-  DataFlow::Node sink, string message, TokenValidationParametersPropertySensitiveValidation pw,
-  string fullyQualifiedName, DataFlow::Node source, string value
-) {
+from
+  DataFlow::Node source, DataFlow::Node sink,
+  TokenValidationParametersPropertySensitiveValidation pw, string qualifier, string name
+where
   FalseValueFlowsToTokenValidationParametersPropertyWriteToBypassValidation::flow(source, sink) and
   sink.asExpr() = pw.getAnAssignedValue() and
-  exists(string qualifier, string name | pw.hasFullyQualifiedName(qualifier, name) |
-    fullyQualifiedName = getQualifiedName(qualifier, name)
-  ) and
-  message = "The security sensitive property $@ is being disabled by the following value: $@." and
-  value = "false"
-}
+  pw.hasFullyQualifiedName(qualifier, name)
+select sink, "The security sensitive property $@ is being disabled by the following value: $@.", pw,
+  getQualifiedName(qualifier, name), source, "false"

csharp/ql/src/experimental/Security Features/Serialization/DataSetSerialization.qll

@@ -3,7 +3,6 @@
  *
  * Please visit https://go.microsoft.com/fwlink/?linkid=2132227 for details.
  */
-deprecated module;
 
 import csharp
 

csharp/ql/src/experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql

@@ -9,10 +9,9 @@
  */
 
 import csharp
-deprecated import DataSetSerialization
+import DataSetSerialization
 
-deprecated query predicate problems(DataSetOrTableRelatedClass dstc, string message) {
-  dstc.fromSource() and
-  message =
-    "Defining a class that inherits or has a property derived from the obsolete DataSet or DataTable types. Please visit https://go.microsoft.com/fwlink/?linkid=2132227 for details."
-}
+from DataSetOrTableRelatedClass dstc
+where dstc.fromSource()
+select dstc,
+  "Defining a class that inherits or has a property derived from the obsolete DataSet or DataTable types. Please visit https://go.microsoft.com/fwlink/?linkid=2132227 for details."

csharp/ql/src/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql

@@ -10,17 +10,12 @@
  */
 
 import csharp
-deprecated import DataSetSerialization
+import DataSetSerialization
 
-deprecated query predicate problems(
-  Member m, string message, UnsafeXmlSerializerImplementation c, string classMessage, Member member,
-  string memberMessage
-) {
+from UnsafeXmlSerializerImplementation c, Member m
+where
   c.fromSource() and
-  isClassUnsafeXmlSerializerImplementation(c, m) and
-  message =
-    "Defining an serializable class $@ that has member $@ of a type that is derived from DataSet or DataTable types and may lead to a security problem. Please visit https://go.microsoft.com/fwlink/?linkid=2132227 for details." and
-  classMessage = c.toString() and
-  member = m and
-  memberMessage = m.toString()
-}
+  isClassUnsafeXmlSerializerImplementation(c, m)
+select m,
+  "Defining an serializable class $@ that has member $@ of a type that is derived from DataSet or DataTable types and may lead to a security problem. Please visit https://go.microsoft.com/fwlink/?linkid=2132227 for details.",
+  c, c.toString(), m, m.toString()

csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql

@@ -10,7 +10,7 @@
  */
 
 import csharp
-deprecated import DataSetSerialization
+import DataSetSerialization
 
 predicate xmlSerializerConstructorArgument(Expr e) {
   exists(ObjectCreation oc, Constructor c | e = oc.getArgument(0) |
@@ -21,7 +21,7 @@ predicate xmlSerializerConstructorArgument(Expr e) {
   )
 }
 
-deprecated predicate unsafeDataContractTypeCreation(Expr e) {
+predicate unsafeDataContractTypeCreation(Expr e) {
   exists(MethodCall gt |
     gt.getTarget().getName() = "GetType" and
     e = gt and
@@ -31,20 +31,16 @@ deprecated predicate unsafeDataContractTypeCreation(Expr e) {
   e.(TypeofExpr).getTypeAccess().getTarget() instanceof DataSetOrTableRelatedClass
 }
 
-deprecated module FlowToDataSerializerConstructorConfig implements DataFlow::ConfigSig {
+module FlowToDataSerializerConstructorConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node node) { unsafeDataContractTypeCreation(node.asExpr()) }
 
   predicate isSink(DataFlow::Node node) { xmlSerializerConstructorArgument(node.asExpr()) }
 }
 
-deprecated module FlowToDataSerializerConstructor =
-  DataFlow::Global<FlowToDataSerializerConstructorConfig>;
+module FlowToDataSerializerConstructor = DataFlow::Global<FlowToDataSerializerConstructorConfig>;
 
-deprecated query predicate problems(
-  DataFlow::Node sink, string message, DataFlow::Node source, string sourceMessage
-) {
-  FlowToDataSerializerConstructor::flow(source, sink) and
-  message =
-    "Unsafe type is used in data contract serializer. Make sure $@ comes from the trusted source." and
-  sourceMessage = source.toString()
-}
+from DataFlow::Node source, DataFlow::Node sink
+where FlowToDataSerializerConstructor::flow(source, sink)
+select sink,
+  "Unsafe type is used in data contract serializer. Make sure $@ comes from the trusted source.",
+  source, source.toString()

csharp/ql/src/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql

@@ -10,10 +10,8 @@
  */
 
 import csharp
-deprecated import DataSetSerialization
+import DataSetSerialization
 
-deprecated query predicate problems(UnsafeXmlReadMethodCall mc, string message) {
-  message =
-    "Making an XML deserialization call with a type derived from DataSet or DataTable types and may lead to a security problem. Please visit https://go.microsoft.com/fwlink/?linkid=2132227 for details." and
-  exists(mc)
-}
+from UnsafeXmlReadMethodCall mc
+select mc,
+  "Making an XML deserialization call with a type derived from DataSet or DataTable types and may lead to a security problem. Please visit https://go.microsoft.com/fwlink/?linkid=2132227 for details."

csharp/ql/src/experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql

@@ -48,8 +48,8 @@ predicate isExternMethod(Method externMethod) {
     SystemRuntimeInteropServicesComImportAttributeClass
 }
 
-deprecated query predicate problems(MethodCall mc, string message) {
+from MethodCall mc
+where
   isExternMethod(mc.getTarget()) and
-  isDangerousMethod(mc.getTarget()) and
-  message = "Call to an external method '" + mc.getTarget().getName() + "'."
-}
+  isDangerousMethod(mc.getTarget())
+select mc, "Call to an external method '" + mc.getTarget().getName() + "'."

csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql

@@ -174,16 +174,13 @@ predicate isPotentialTimeBomb(
   )
 }
 
-deprecated query predicate problems(
-  SelectionStmt selStatement, Flow::PathNode source, Flow::PathNode sink, string message,
-  Call timeComparisonCall, string timeComparisonCallString, Call timeArithmeticCall, string offset,
-  Call getLastWriteTimeMethodCall, string lastWriteTimeMethodCallMessage
-) {
+from
+  Flow::PathNode source, Flow::PathNode sink, Call getLastWriteTimeMethodCall,
+  Call timeArithmeticCall, Call timeComparisonCall, SelectionStmt selStatement
+where
   isPotentialTimeBomb(source, sink, getLastWriteTimeMethodCall, timeArithmeticCall,
-    timeComparisonCall, selStatement) and
-  message =
-    "Possible TimeBomb logic triggered by an $@ that takes into account $@ from the $@ as part of the potential trigger." and
-  timeComparisonCallString = timeComparisonCall.toString() and
-  offset = "offset" and
-  lastWriteTimeMethodCallMessage = "last modification time of a file"
-}
+    timeComparisonCall, selStatement)
+select selStatement, source, sink,
+  "Possible TimeBomb logic triggered by an $@ that takes into account $@ from the $@ as part of the potential trigger.",
+  timeComparisonCall, timeComparisonCall.toString(), timeArithmeticCall, "offset",
+  getLastWriteTimeMethodCall, "last modification time of a file"

csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql

@@ -42,15 +42,8 @@ predicate isSuspiciousPropertyName(PropertyRead pr) {
   pr.getTarget().hasFullyQualifiedName("System.Diagnostics", "Process", "ProcessName")
 }
 
-deprecated query predicate problems(
-  DataFlow::Node srcNode, DataFlowFromMethodToHash::PathNode src,
-  DataFlowFromMethodToHash::PathNode sink, string message, DataFlow::Node sinkNode,
-  string sinkMessage
-) {
-  srcNode = src.getNode() and
-  sinkNode = sink.getNode() and
-  DataFlowFromMethodToHash::flow(srcNode, sinkNode) and
-  message =
-    "The hash is calculated on $@, may be related to a backdoor. Please review the code for possible malicious intent." and
-  sinkMessage = "this process name"
-}
+from DataFlowFromMethodToHash::PathNode src, DataFlowFromMethodToHash::PathNode sink
+where DataFlowFromMethodToHash::flow(src.getNode(), sink.getNode())
+select src.getNode(), src, sink,
+  "The hash is calculated on $@, may be related to a backdoor. Please review the code for possible malicious intent.",
+  sink.getNode(), "this process name"

csharp/ql/src/experimental/dataflow/flowsources/AuthCookie.qll

@@ -1,7 +1,6 @@
 /**
  * Provides classes and predicates for detecting insecure cookies.
  */
-deprecated module;
 
 import csharp
 import semmle.code.csharp.frameworks.microsoft.AspNetCore

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.0.16-dev
+version: 1.0.15
 groups:
   - csharp
   - queries

csharp/ql/test/experimental/CWE-918/RequestForgery.expected

@@ -4,5 +4,5 @@ nodes
 | RequestForgery.cs:12:52:12:54 | url : String | semmle.label | url : String |
 | RequestForgery.cs:14:66:14:68 | access to parameter url | semmle.label | access to parameter url |
 subpaths
-problems
+#select
 | RequestForgery.cs:14:66:14:68 | access to parameter url | RequestForgery.cs:12:52:12:54 | url : String | RequestForgery.cs:14:66:14:68 | access to parameter url | The URL of this request depends on a $@. | RequestForgery.cs:12:52:12:54 | url | user-provided value |

csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.expected

@@ -1,3 +1,7 @@
+#select
+| HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | HashWithoutSalt.cs:18:70:18:77 | access to parameter password : String | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | $@ is hashed without a salt. | HashWithoutSalt.cs:18:70:18:77 | access to parameter password | The password |
+| HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:38:64:38:71 | access to parameter password | The password |
+| HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:70:64:70:71 | access to parameter password | The password |
 edges
 | HashWithoutSalt.cs:18:17:18:24 | access to local variable passBuff : IBuffer | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | provenance |  |
 | HashWithoutSalt.cs:18:28:18:105 | call to method ConvertStringToBinary : IBuffer | HashWithoutSalt.cs:18:17:18:24 | access to local variable passBuff : IBuffer | provenance |  |
@@ -23,8 +27,4 @@ nodes
 | HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
 | HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | semmle.label | access to parameter password : String |
 | HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | semmle.label | access to local variable passBytes |
-problems
-| HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | HashWithoutSalt.cs:18:70:18:77 | access to parameter password : String | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | $@ is hashed without a salt. | HashWithoutSalt.cs:18:70:18:77 | access to parameter password | The password |
-| HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:38:64:38:71 | access to parameter password | The password |
-| HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:70:64:70:71 | access to parameter password | The password |
 subpaths

csharp/ql/test/experimental/Security Features/backdoor/PotentialTimeBomb.expected

@@ -17,7 +17,7 @@ edges
 | test.cs:71:36:71:70 | call to method AddHours | test.cs:71:13:71:71 | call to method CompareTo | provenance |  |
 | test.cs:71:36:71:70 | call to method AddHours | test.cs:71:13:71:71 | call to method CompareTo : Int32 | provenance |  |
 | test.cs:71:36:71:70 | call to method AddHours | test.cs:71:36:71:70 | call to method AddHours | provenance |  |
-problems
+#select
 | test.cs:71:9:74:9 | if (...) ... | test.cs:69:34:69:76 | call to method GetLastWriteTime : DateTime | test.cs:71:13:71:71 | call to method CompareTo | Possible TimeBomb logic triggered by an $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:71:13:71:71 | call to method CompareTo | call to method CompareTo | test.cs:71:36:71:70 | call to method AddHours | offset | test.cs:69:34:69:76 | call to method GetLastWriteTime | last modification time of a file |
 | test.cs:71:9:74:9 | if (...) ... | test.cs:69:34:69:76 | call to method GetLastWriteTime : DateTime | test.cs:71:13:71:71 | call to method CompareTo : Int32 | Possible TimeBomb logic triggered by an $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:71:13:71:71 | call to method CompareTo | call to method CompareTo | test.cs:71:36:71:70 | call to method AddHours | offset | test.cs:69:34:69:76 | call to method GetLastWriteTime | last modification time of a file |
 | test.cs:71:9:74:9 | if (...) ... | test.cs:69:34:69:76 | call to method GetLastWriteTime : DateTime | test.cs:71:13:71:76 | ... >= ... | Possible TimeBomb logic triggered by an $@ that takes into account $@ from the $@ as part of the potential trigger. | test.cs:71:13:71:71 | call to method CompareTo | call to method CompareTo | test.cs:71:36:71:70 | call to method AddHours | offset | test.cs:69:34:69:76 | call to method GetLastWriteTime | last modification time of a file |

csharp/ql/test/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.expected

@@ -1,4 +1,4 @@
 edges
 nodes
 subpaths
-problems
+#select

docs/codeql/reusables/supported-versions-compilers.rst

@@ -20,12 +20,12 @@
    Java,"Java 7 to 22 [5]_","javac (OpenJDK and Oracle JDK),
 
    Eclipse compiler for Java (ECJ) [6]_",``.java``
-   Kotlin,"Kotlin 1.5.0 to 2.1.2\ *x*","kotlinc",``.kt``
+   Kotlin,"Kotlin 1.5.0 to 2.1.0\ *x*","kotlinc",``.kt``
    JavaScript,ECMAScript 2022 or lower,Not applicable,"``.js``, ``.jsx``, ``.mjs``, ``.es``, ``.es6``, ``.htm``, ``.html``, ``.xhtm``, ``.xhtml``, ``.vue``, ``.hbs``, ``.ejs``, ``.njk``, ``.json``, ``.yaml``, ``.yml``, ``.raml``, ``.xml`` [7]_"
    Python [8]_,"2.7, 3.5, 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13",Not applicable,``.py``
    Ruby [9]_,"up to 3.3",Not applicable,"``.rb``, ``.erb``, ``.gemspec``, ``Gemfile``"
    Swift [10]_,"Swift 5.4-5.10","Swift compiler","``.swift``"
-   TypeScript [11]_,"2.6-5.7",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``"
+   TypeScript [11]_,"2.6-5.6",Standard TypeScript compiler,"``.ts``, ``.tsx``, ``.mts``, ``.cts``"
 
 .. container:: footnote-group
 

go/documentation/library-coverage/coverage.csv

@@ -138,5 +138,5 @@ sync,,,34,,,,,,,,,,,,,,,,,,,,,,,34,
 syscall,5,2,8,5,,,,,,,,,,,,,,,,,,2,,,,8,
 text/scanner,,,3,,,,,,,,,,,,,,,,,,,,,,,3,
 text/tabwriter,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
-text/template,,,4,,,,,,,,,,,,,,,,,,,,,,,4,
+text/template,,,6,,,,,,,,,,,,,,,,,,,,,,,6,
 xorm.io/xorm,34,,,,,,,,,,,,,,34,,,,,,,,,,,,

go/documentation/library-coverage/coverage.rst

@@ -26,7 +26,7 @@ Go framework & library support
    `Macaron <https://gopkg.in/macaron.v1>`_,``gopkg.in/macaron*``,12,1,1
    `Revel <http://revel.github.io/>`_,"``github.com/revel/revel*``, ``github.com/robfig/revel*``",46,20,4
    `SendGrid <https://github.com/sendgrid/sendgrid-go>`_,``github.com/sendgrid/sendgrid-go*``,,1,
-   `Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",52,603,104
+   `Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",52,605,104
    `XPath <https://github.com/antchfx/xpath>`_,``github.com/antchfx/xpath*``,,,4
    `appleboy/gin-jwt <https://github.com/appleboy/gin-jwt>`_,``github.com/appleboy/gin-jwt*``,,,1
    `beego <https://beego.me/>`_,"``github.com/astaxie/beego*``, ``github.com/beego/beego*``",102,63,213
@@ -61,5 +61,5 @@ Go framework & library support
    `yaml <https://gopkg.in/yaml.v3>`_,``gopkg.in/yaml*``,,9,
    `zap <https://go.uber.org/zap>`_,``go.uber.org/zap*``,,11,33
    Others,"``github.com/Masterminds/squirrel``, ``github.com/caarlos0/env``, ``github.com/go-gorm/gorm``, ``github.com/go-xorm/xorm``, ``github.com/gobuffalo/envy``, ``github.com/gogf/gf/database/gdb``, ``github.com/hashicorp/go-envparse``, ``github.com/jinzhu/gorm``, ``github.com/jmoiron/sqlx``, ``github.com/joho/godotenv``, ``github.com/kelseyhightower/envconfig``, ``github.com/lann/squirrel``, ``github.com/raindog308/gorqlite``, ``github.com/rqlite/gorqlite``, ``github.com/uptrace/bun``, ``go.mongodb.org/mongo-driver/mongo``, ``gopkg.in/Masterminds/squirrel``, ``gorm.io/gorm``, ``xorm.io/xorm``",117,16,391
-   Totals,,459,941,1532
+   Totals,,459,943,1532
 

go/ql/consistency-queries/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.16-dev
+version: 1.0.15
 groups:
   - go
   - queries