Add query to identify redundant environment definitions from context expressions

.github/workflows/codeql-analysis.yml

@@ -34,7 +34,7 @@ jobs:
     - name: Setup dotnet
       uses: actions/setup-dotnet@v4
       with:
-        dotnet-version: 10.0.100
+        dotnet-version: 9.0.300
 
     - name: Checkout repository
       uses: actions/checkout@v5

.github/workflows/compile-queries.yml

@@ -1,7 +1,6 @@
 name: "Compile all queries using the latest stable CodeQL CLI"
 
 on:
-  workflow_dispatch:
   push:
     branches:  # makes sure the cache gets populated - running on the branches people tend to merge into.
       - main

.github/workflows/csharp-qltest.yml

@@ -43,14 +43,14 @@ jobs:
       - name: Setup dotnet
         uses: actions/setup-dotnet@v4
         with:
-          dotnet-version: 10.0.100
+          dotnet-version: 9.0.300
       - name: Extractor unit tests
         run: |
           dotnet tool restore
-          dotnet test -p:RuntimeFrameworkVersion=10.0.0 extractor/Semmle.Util.Tests
-          dotnet test -p:RuntimeFrameworkVersion=10.0.0 extractor/Semmle.Extraction.Tests
-          dotnet test -p:RuntimeFrameworkVersion=10.0.0 autobuilder/Semmle.Autobuild.CSharp.Tests
-          dotnet test -p:RuntimeFrameworkVersion=10.0.0 autobuilder/Semmle.Autobuild.Cpp.Tests
+          dotnet test -p:RuntimeFrameworkVersion=9.0.5 extractor/Semmle.Util.Tests
+          dotnet test -p:RuntimeFrameworkVersion=9.0.5 extractor/Semmle.Extraction.Tests
+          dotnet test -p:RuntimeFrameworkVersion=9.0.5 autobuilder/Semmle.Autobuild.CSharp.Tests
+          dotnet test -p:RuntimeFrameworkVersion=9.0.5 autobuilder/Semmle.Autobuild.Cpp.Tests
         shell: bash
   stubgentest:
     runs-on: ubuntu-latest

MODULE.bazel

@@ -26,7 +26,7 @@ bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
 bazel_dep(name = "fmt", version = "12.1.0-codeql.1")
 bazel_dep(name = "rules_kotlin", version = "2.1.3-codeql.1")
 bazel_dep(name = "gazelle", version = "0.40.0")
-bazel_dep(name = "rules_dotnet", version = "0.21.5-codeql.1")
+bazel_dep(name = "rules_dotnet", version = "0.19.2-codeql.1")
 bazel_dep(name = "googletest", version = "1.14.0.bcr.1")
 bazel_dep(name = "rules_rust", version = "0.66.0")
 bazel_dep(name = "zstd", version = "1.5.5.bcr.1")
@@ -172,7 +172,7 @@ http_archive(
 )
 
 dotnet = use_extension("@rules_dotnet//dotnet:extensions.bzl", "dotnet")
-dotnet.toolchain(dotnet_version = "10.0.100")
+dotnet.toolchain(dotnet_version = "9.0.300")
 use_repo(dotnet, "dotnet_toolchains")
 
 register_toolchains("@dotnet_toolchains//:all")

actions/ql/lib/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 0.4.24
-
-No user-facing changes.
-
 ## 0.4.23
 
 No user-facing changes.

actions/ql/lib/change-notes/released/0.4.24.md

@@ -1,3 +0,0 @@
-## 0.4.24
-
-No user-facing changes.

actions/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.24
+lastReleaseVersion: 0.4.23

actions/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.25-dev
+version: 0.4.24-dev
 library: true
 warnOnImplicitThis: true
 dependencies:

actions/ql/src/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 0.6.16
-
-No user-facing changes.
-
 ## 0.6.15
 
 No user-facing changes.

actions/ql/src/change-notes/released/0.6.16.md

@@ -1,3 +0,0 @@
-## 0.6.16
-
-No user-facing changes.

actions/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.16
+lastReleaseVersion: 0.6.15

actions/ql/src/experimental/Violations of Best Practice/ContextExprEnvAlias.ql

@@ -0,0 +1,45 @@
+/**
+ * @name Redundant environment definitions from context expressions
+ * @description This query identifies environment definitions from context
+ *              expressions that are redundant because the same information
+ *              is already available via predefined environment variables.
+ * @kind problem
+ * @problem.severity recommendation
+ * @id actions/context-expr-env-alias
+ */
+
+import actions
+import codeql.actions.ast.internal.Ast
+
+// FIXME: No support for ${{ runner.* }} expressions?
+class ProvidedGitHubExpressionImpl extends GitHubExpressionImpl {
+  ProvidedGitHubExpressionImpl() {
+    // Only consider fields that are provided as environment variables.
+    this.getFieldName() in [
+      "action", "action_path", "action_repository", "actor", "actor_id",
+      "api_url", "base_ref", "event_name", "event_path", "graphql_url",
+      "head_ref", "job", "ref", "ref_name", "ref_protected", "ref_type",
+      "repository", "repository_id", "repository_owner", "repository_owner_id",
+      "retention_days", "run_attempt", "run_id", "run_number", "server_url",
+      "sha", "triggering_actor", "workflow", "workflow_ref", "workflow_sha",
+      "workspace"
+    ]
+    // Ignore instances in which the github context is used in a
+    // larger expression: ${{ inputs.sha || github.sha }}
+    // FIXME: No child nodes of GitHubExpressionImpl (e.g. LogicalOrExpression)?
+    and this.getFullExpression() = "github." + this.getFieldName()
+  }
+
+  string getProvidedEnvVarName() {
+      result = "GITHUB_" + this.getFieldName().toUpperCase()
+  }
+}
+
+from EnvImpl env, ProvidedGitHubExpressionImpl ctx
+where env.getAnEnvVarValue() = ctx.getParentNode()
+  // Ignore instances in which the github context is used 
+  // in string interpolation of an environment variable:
+  // env:
+  //   FOO: hello ${{ github.actor }}
+  and env.getAnEnvVarValue().getValue() = ctx.getRawExpression()
+select ctx, "The context expression '" + ctx.getFullExpression() + "' is already defined as the environment variable '" + ctx.getProvidedEnvVarName() + "'."

actions/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.17-dev
+version: 0.6.16-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

config/identical-files.json

@@ -282,7 +282,6 @@
     "java/ql/lib/semmle/code/java/internal/OverlayXml.qll",
     "go/ql/lib/semmle/go/internal/OverlayXml.qll",
     "python/ql/lib/semmle/python/internal/OverlayXml.qll",
-    "csharp/ql/lib/semmle/code/csharp/internal/OverlayXml.qll",
-    "cpp/ql/lib/semmle/code/cpp/internal/OverlayXml.qll"
+    "csharp/ql/lib/semmle/code/csharp/internal/OverlayXml.qll"
   ]
 }

cpp/ql/lib/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 6.1.3
-
-No user-facing changes.
-
 ## 6.1.2
 
 No user-facing changes.

cpp/ql/lib/change-notes/2026-01-02-constant-folding.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Some constants will now be represented by their unfolded expression trees. The `isConstant` predicate of `Expr` will no longer yield a result for those constants.

cpp/ql/lib/change-notes/released/6.1.3.md

@@ -1,3 +0,0 @@
-## 6.1.3
-
-No user-facing changes.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 6.1.3
+lastReleaseVersion: 6.1.2

cpp/ql/lib/ext/empty.model.yml

@@ -9,14 +9,6 @@ extensions:
       pack: codeql/cpp-all
       extensible: sinkModel
     data: []
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: barrierModel
-    data: []
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: barrierGuardModel
-    data: []
   - addsTo:
       pack: codeql/cpp-all
       extensible: summaryModel

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 6.1.4-dev
+version: 6.1.3-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll

@@ -101,10 +101,9 @@ private import internal.FlowSummaryImpl
 private import internal.FlowSummaryImpl::Public
 private import internal.FlowSummaryImpl::Private
 private import internal.FlowSummaryImpl::Private::External
-private import internal.ExternalFlowExtensions::Extensions as Extensions
+private import internal.ExternalFlowExtensions as Extensions
 private import codeql.mad.ModelValidation as SharedModelVal
 private import codeql.util.Unit
-private import codeql.mad.static.ModelsAsData as SharedMaD
 
 /**
  * A unit class for adding additional source model rows.
@@ -145,81 +144,134 @@ predicate sinkModel(string row) { any(SinkModelCsv s).row(row) }
 /** Holds if `row` is a summary model. */
 predicate summaryModel(string row) { any(SummaryModelCsv s).row(row) }
 
-private module MadInput implements SharedMaD::InputSig {
-  /** Holds if a source model exists for the given parameters. */
-  predicate additionalSourceModel(
-    string namespace, string type, boolean subtypes, string name, string signature, string ext,
-    string output, string kind, string provenance, string model
-  ) {
-    exists(string row |
-      sourceModel(row) and
-      row.splitAt(";", 0) = namespace and
-      row.splitAt(";", 1) = type and
-      row.splitAt(";", 2) = subtypes.toString() and
-      subtypes = [true, false] and
-      row.splitAt(";", 3) = name and
-      row.splitAt(";", 4) = signature and
-      row.splitAt(";", 5) = ext and
-      row.splitAt(";", 6) = output and
-      row.splitAt(";", 7) = kind
-    ) and
-    provenance = "manual" and
-    model = ""
-  }
-
-  /** Holds if a sink model exists for the given parameters. */
-  predicate additionalSinkModel(
-    string namespace, string type, boolean subtypes, string name, string signature, string ext,
-    string input, string kind, string provenance, string model
-  ) {
-    exists(string row |
-      sinkModel(row) and
-      row.splitAt(";", 0) = namespace and
-      row.splitAt(";", 1) = type and
-      row.splitAt(";", 2) = subtypes.toString() and
-      subtypes = [true, false] and
-      row.splitAt(";", 3) = name and
-      row.splitAt(";", 4) = signature and
-      row.splitAt(";", 5) = ext and
-      row.splitAt(";", 6) = input and
-      row.splitAt(";", 7) = kind
-    ) and
-    provenance = "manual" and
-    model = ""
-  }
-
-  /**
-   * Holds if a summary model exists for the given parameters.
-   *
-   * This predicate does not expand `@` to `*`s.
-   */
-  predicate additionalSummaryModel(
-    string namespace, string type, boolean subtypes, string name, string signature, string ext,
-    string input, string output, string kind, string provenance, string model
-  ) {
-    exists(string row |
-      summaryModel(row) and
-      row.splitAt(";", 0) = namespace and
-      row.splitAt(";", 1) = type and
-      row.splitAt(";", 2) = subtypes.toString() and
-      subtypes = [true, false] and
-      row.splitAt(";", 3) = name and
-      row.splitAt(";", 4) = signature and
-      row.splitAt(";", 5) = ext and
-      row.splitAt(";", 6) = input and
-      row.splitAt(";", 7) = output and
-      row.splitAt(";", 8) = kind
-    ) and
-    provenance = "manual" and
-    model = ""
-  }
-
-  string namespaceSegmentSeparator() { result = "::" }
+/** Holds if a source model exists for the given parameters. */
+predicate sourceModel(
+  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string output, string kind, string provenance, string model
+) {
+  exists(string row |
+    sourceModel(row) and
+    row.splitAt(";", 0) = namespace and
+    row.splitAt(";", 1) = type and
+    row.splitAt(";", 2) = subtypes.toString() and
+    subtypes = [true, false] and
+    row.splitAt(";", 3) = name and
+    row.splitAt(";", 4) = signature and
+    row.splitAt(";", 5) = ext and
+    row.splitAt(";", 6) = output and
+    row.splitAt(";", 7) = kind
+  ) and
+  provenance = "manual" and
+  model = ""
+  or
+  exists(QlBuiltins::ExtensionId madId |
+    Extensions::sourceModel(namespace, type, subtypes, name, signature, ext, output, kind,
+      provenance, madId) and
+    model = "MaD:" + madId.toString()
+  )
 }
 
-private module MaD = SharedMaD::ModelsAsData<Extensions, MadInput>;
+/** Holds if a sink model exists for the given parameters. */
+predicate sinkModel(
+  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string kind, string provenance, string model
+) {
+  exists(string row |
+    sinkModel(row) and
+    row.splitAt(";", 0) = namespace and
+    row.splitAt(";", 1) = type and
+    row.splitAt(";", 2) = subtypes.toString() and
+    subtypes = [true, false] and
+    row.splitAt(";", 3) = name and
+    row.splitAt(";", 4) = signature and
+    row.splitAt(";", 5) = ext and
+    row.splitAt(";", 6) = input and
+    row.splitAt(";", 7) = kind
+  ) and
+  provenance = "manual" and
+  model = ""
+  or
+  exists(QlBuiltins::ExtensionId madId |
+    Extensions::sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance,
+      madId) and
+    model = "MaD:" + madId.toString()
+  )
+}
 
-import MaD
+/**
+ * Holds if a summary model exists for the given parameters.
+ *
+ * This predicate does not expand `@` to `*`s.
+ */
+private predicate summaryModel0(
+  string namespace, string type, boolean subtypes, string name, string signature, string ext,
+  string input, string output, string kind, string provenance, string model
+) {
+  exists(string row |
+    summaryModel(row) and
+    row.splitAt(";", 0) = namespace and
+    row.splitAt(";", 1) = type and
+    row.splitAt(";", 2) = subtypes.toString() and
+    subtypes = [true, false] and
+    row.splitAt(";", 3) = name and
+    row.splitAt(";", 4) = signature and
+    row.splitAt(";", 5) = ext and
+    row.splitAt(";", 6) = input and
+    row.splitAt(";", 7) = output and
+    row.splitAt(";", 8) = kind
+  ) and
+  provenance = "manual" and
+  model = ""
+  or
+  exists(QlBuiltins::ExtensionId madId |
+    Extensions::summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind,
+      provenance, madId) and
+    model = "MaD:" + madId.toString()
+  )
+}
+
+/**
+ * Holds if the given extension tuple `madId` should pretty-print as `model`.
+ *
+ * This predicate should only be used in tests.
+ */
+predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
+  exists(
+    string namespace, string type, boolean subtypes, string name, string signature, string ext,
+    string output, string kind, string provenance
+  |
+    Extensions::sourceModel(namespace, type, subtypes, name, signature, ext, output, kind,
+      provenance, madId)
+  |
+    model =
+      "Source: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; "
+        + ext + "; " + output + "; " + kind + "; " + provenance
+  )
+  or
+  exists(
+    string namespace, string type, boolean subtypes, string name, string signature, string ext,
+    string input, string kind, string provenance
+  |
+    Extensions::sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance,
+      madId)
+  |
+    model =
+      "Sink: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " +
+        ext + "; " + input + "; " + kind + "; " + provenance
+  )
+  or
+  exists(
+    string namespace, string type, boolean subtypes, string name, string signature, string ext,
+    string input, string output, string kind, string provenance
+  |
+    Extensions::summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind,
+      provenance, madId)
+  |
+    model =
+      "Summary: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature +
+        "; " + ext + "; " + input + "; " + output + "; " + kind + "; " + provenance
+  )
+}
 
 /**
  * Holds if `input` is `input0`, but with all occurrences of `@` replaced
@@ -242,13 +294,69 @@ predicate summaryModel(
   string input, string output, string kind, string provenance, string model
 ) {
   exists(string input0, string output0 |
-    MaD::summaryModel(namespace, type, subtypes, name, signature, ext, input0, output0, kind,
+    summaryModel0(namespace, type, subtypes, name, signature, ext, input0, output0, kind,
       provenance, model) and
     expandInputAndOutput(input0, input, output0, output,
       [0 .. Private::getMaxElementContentIndirectionIndex() - 1])
   )
 }
 
+private predicate relevantNamespace(string namespace) {
+  sourceModel(namespace, _, _, _, _, _, _, _, _, _) or
+  sinkModel(namespace, _, _, _, _, _, _, _, _, _) or
+  summaryModel(namespace, _, _, _, _, _, _, _, _, _, _)
+}
+
+private predicate namespaceLink(string shortns, string longns) {
+  relevantNamespace(shortns) and
+  relevantNamespace(longns) and
+  longns.prefix(longns.indexOf("::")) = shortns
+}
+
+private predicate canonicalNamespace(string namespace) {
+  relevantNamespace(namespace) and not namespaceLink(_, namespace)
+}
+
+private predicate canonicalNamespaceLink(string namespace, string subns) {
+  canonicalNamespace(namespace) and
+  (subns = namespace or namespaceLink(namespace, subns))
+}
+
+/**
+ * Holds if MaD framework coverage of `namespace` is `n` api endpoints of the
+ * kind `(kind, part)`, and `namespaces` is the number of subnamespaces of
+ * `namespace` which have MaD framework coverage (including `namespace`
+ * itself).
+ */
+predicate modelCoverage(string namespace, int namespaces, string kind, string part, int n) {
+  namespaces = strictcount(string subns | canonicalNamespaceLink(namespace, subns)) and
+  (
+    part = "source" and
+    n =
+      strictcount(string subns, string type, boolean subtypes, string name, string signature,
+        string ext, string output, string provenance, string model |
+        canonicalNamespaceLink(namespace, subns) and
+        sourceModel(subns, type, subtypes, name, signature, ext, output, kind, provenance, model)
+      )
+    or
+    part = "sink" and
+    n =
+      strictcount(string subns, string type, boolean subtypes, string name, string signature,
+        string ext, string input, string provenance, string model |
+        canonicalNamespaceLink(namespace, subns) and
+        sinkModel(subns, type, subtypes, name, signature, ext, input, kind, provenance, model)
+      )
+    or
+    part = "summary" and
+    n =
+      strictcount(string subns, string type, boolean subtypes, string name, string signature,
+        string ext, string input, string output, string provenance |
+        canonicalNamespaceLink(namespace, subns) and
+        summaryModel(subns, type, subtypes, name, signature, ext, input, output, kind, provenance, _)
+      )
+  )
+}
+
 /** Provides a query predicate to check the CSV data for validation errors. */
 module CsvValidation {
   private string getInvalidModelInput() {

cpp/ql/lib/semmle/code/cpp/dataflow/internal/ExternalFlowExtensions.qll

@@ -2,8 +2,6 @@
  * This module provides extensible predicates for defining MaD models.
  */
 
-private import codeql.mad.static.ModelsAsData as SharedMaD
-
 /**
  * Holds if an external source model exists for the given parameters.
  */
@@ -20,22 +18,6 @@ extensible predicate sinkModel(
   string input, string kind, string provenance, QlBuiltins::ExtensionId madId
 );
 
-/**
- * Holds if a barrier model exists for the given parameters.
- */
-extensible predicate barrierModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string output, string kind, string provenance, QlBuiltins::ExtensionId madId
-);
-
-/**
- * Holds if a barrier guard model exists for the given parameters.
- */
-extensible predicate barrierGuardModel(
-  string namespace, string type, boolean subtypes, string name, string signature, string ext,
-  string input, string acceptingvalue, string kind, string provenance, QlBuiltins::ExtensionId madId
-);
-
 /**
  * Holds if an external summary model exists for the given parameters.
  */
@@ -43,16 +25,3 @@ extensible predicate summaryModel(
   string namespace, string type, boolean subtypes, string name, string signature, string ext,
   string input, string output, string kind, string provenance, QlBuiltins::ExtensionId madId
 );
-
-/**
- * Holds if a neutral model exists for the given parameters.
- */
-extensible predicate neutralModel(
-  string namespace, string type, string name, string signature, string kind, string provenance
-);
-
-module Extensions implements SharedMaD::ExtensionsSig {
-  import ExternalFlowExtensions
-
-  predicate namespaceGrouping(string group, string namespace) { none() }
-}

cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll

@@ -148,19 +148,6 @@ module SourceSinkInterpretationInput implements
     )
   }
 
-  predicate barrierElement(
-    Element n, string output, string kind, Public::Provenance provenance, string model
-  ) {
-    none()
-  }
-
-  predicate barrierGuardElement(
-    Element n, string input, Public::AcceptingValue acceptingvalue, string kind,
-    Public::Provenance provenance, string model
-  ) {
-    none()
-  }
-
   private newtype TInterpretNode =
     TElement_(Element n) or
     TNode_(Node n)

cpp/ql/lib/semmle/code/cpp/internal/Overlay.qll

@@ -2,8 +2,6 @@
  * Defines entity discard predicates for C++ overlay analysis.
  */
 
-private import OverlayXml
-
 /**
  * Holds always for the overlay variant and never for the base variant.
  * This local predicate is used to define local predicates that behave
@@ -22,21 +20,9 @@ private string getLocationFilePath(@location_default loc) {
  */
 overlay[local]
 private string getSingleLocationFilePath(@element e) {
-  exists(@location_default loc |
-    var_decls(e, _, _, _, loc)
-    or
-    fun_decls(e, _, _, _, loc)
-    or
-    type_decls(e, _, loc)
-    or
-    namespace_decls(e, _, loc, _)
-    or
-    macroinvocations(e, _, loc, _)
-    or
-    preprocdirects(e, _, loc)
-  |
-    result = getLocationFilePath(loc)
-  )
+  // @var_decl has a direct location in the var_decls relation
+  exists(@location_default loc | var_decls(e, _, _, _, loc) | result = getLocationFilePath(loc))
+  //TODO: add other kinds of elements with single locations
 }
 
 /**
@@ -44,17 +30,11 @@ private string getSingleLocationFilePath(@element e) {
  */
 overlay[local]
 private string getMultiLocationFilePath(@element e) {
-  exists(@location_default loc |
-    exists(@var_decl vd | var_decls(vd, e, _, _, loc))
-    or
-    exists(@fun_decl fd | fun_decls(fd, e, _, _, loc))
-    or
-    exists(@type_decl td | type_decls(td, e, loc))
-    or
-    exists(@namespace_decl nd | namespace_decls(nd, e, loc, _))
-  |
+  // @variable gets its location(s) from its @var_decl(s)
+  exists(@var_decl vd, @location_default loc | var_decls(vd, e, _, _, loc) |
     result = getLocationFilePath(loc)
   )
+  //TODO: add other kinds of elements with multiple locations
 }
 
 /**

cpp/ql/lib/semmle/code/cpp/internal/OverlayXml.qll

@@ -1,46 +0,0 @@
-overlay[local]
-module;
-
-/**
- * A local predicate that always holds for the overlay variant and never holds for the base variant.
- * This is used to define local predicates that behave differently for the base and overlay variant.
- */
-private predicate isOverlay() { databaseMetadata("isOverlay", "true") }
-
-private string getXmlFile(@xmllocatable locatable) {
-  exists(@location_default location, @file file | xmllocations(locatable, location) |
-    locations_default(location, file, _, _, _, _) and
-    files(file, result)
-  )
-}
-
-private string getXmlFileInBase(@xmllocatable locatable) {
-  not isOverlay() and
-  result = getXmlFile(locatable)
-}
-
-/**
- * Holds if the given `file` was extracted as part of the overlay and was extracted by the HTML/XML
- * extractor.
- */
-private predicate overlayXmlExtracted(string file) {
-  isOverlay() and
-  exists(@xmllocatable locatable |
-    not files(locatable, _) and not xmlNs(locatable, _, _, _) and file = getXmlFile(locatable)
-  )
-}
-
-/**
- * Holds if the given XML `locatable` should be discarded, because it is part of the overlay base
- * and is in a file that was also extracted as part of the overlay database.
- */
-overlay[discard_entity]
-private predicate discardXmlLocatable(@xmllocatable locatable) {
-  exists(string file | file = getXmlFileInBase(locatable) |
-    overlayChangedFiles(file)
-    or
-    // The HTML/XML extractor is currently not incremental and may extract more files than those
-    // included in overlayChangedFiles.
-    overlayXmlExtracted(file)
-  )
-}

cpp/ql/src/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 1.5.7
-
-No user-facing changes.
-
 ## 1.5.6
 
 No user-facing changes.

cpp/ql/src/Likely Bugs/Arithmetic/PointlessComparison.ql

@@ -25,16 +25,11 @@ import UnsignedGEZero
 //
 // So to reduce the number of false positives, we do not report a result if
 // the comparison is in a macro expansion. Similarly for template
-// instantiations, static asserts, non-type template arguments, enum constants,
-// and constexprs.
+// instantiations.
 from ComparisonOperation cmp, SmallSide ss, float left, float right, boolean value, string reason
 where
   not cmp.isInMacroExpansion() and
   not cmp.isFromTemplateInstantiation(_) and
-  not exists(StaticAssert s | s.getCondition() = cmp.getParent*()) and
-  not exists(Declaration d | d.getATemplateArgument() = cmp.getParent*()) and
-  not exists(Variable v | v.isConstexpr() | v.getInitializer().getExpr() = cmp.getParent*()) and
-  not exists(EnumConstant e | e.getInitializer().getExpr() = cmp.getParent*()) and
   not functionContainsDisabledCode(cmp.getEnclosingFunction()) and
   reachablePointlessComparison(cmp, left, right, value, ss) and
   // a comparison between an enum and zero is always valid because whether

cpp/ql/src/change-notes/2026-01-02-constant-comparison.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* The `cpp/constant-comparison` query has been updated to not produce false positives for constants that are now represented by their unfolded expression trees.

cpp/ql/src/change-notes/released/1.5.7.md

@@ -1,3 +0,0 @@
-## 1.5.7
-
-No user-facing changes.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.7
+lastReleaseVersion: 1.5.6

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.5.8-dev
+version: 1.5.7-dev
 groups:
   - cpp
   - queries

cpp/ql/test/library-tests/constants/addresses/addresses.cpp

@@ -26,7 +26,9 @@ void constantAddresses(int param) {
     constexpr int *array2d = &int_arr_arr[1][1] + 1;
     constexpr int *const_ints = &int_arr_arr[int_const][extern_int_const];
 
-    constexpr int *stmtexpr_int = &int_arr[ ({ 1; }) ];
+    // Commented out because clang and EDG disagree on whether this is
+    // constant.
+    //constexpr int *stmtexpr_int = &int_arr[ ({ 1; }) ];
 
     constexpr int *comma_int = &int_arr[ ((void)0, 1) ];
     constexpr int *comma_addr = ((void)0, &int_var);

cpp/ql/test/library-tests/constants/addresses/addresses.expected

@@ -1,5 +0,0 @@
-| addresses.cpp:29:35:29:54 | & ... | stmtexpr_int | misclassified as NOT constant |
-| addresses.cpp:31:32:31:55 | & ... | comma_int | misclassified as NOT constant |
-| addresses.cpp:36:39:36:70 | ... ? ... : ... | ternary_ptr_cond | misclassified as NOT constant |
-| addresses.cpp:37:35:37:69 | & ... | ptr_subtract | misclassified as NOT constant |
-| addresses.cpp:39:35:39:50 | ... + ... | constexpr_va | misclassified as NOT constant |

cpp/ql/test/library-tests/ir/ir/PrintAST.expected

@@ -6,14 +6,6 @@
 #-----|   <params>: 
 #-----|     getParameter(0): [Parameter] (unnamed parameter 0)
 #-----|         Type = [RValueReferenceType] __va_list_tag &&
-#-----| [CopyAssignmentOperator] std::__va_list& std::__va_list::operator=(std::__va_list const&)
-#-----|   <params>: 
-#-----|     getParameter(0): [Parameter] (unnamed parameter 0)
-#-----|         Type = [LValueReferenceType] const __va_list &
-#-----| [MoveAssignmentOperator] std::__va_list& std::__va_list::operator=(std::__va_list&&)
-#-----|   <params>: 
-#-----|     getParameter(0): [Parameter] (unnamed parameter 0)
-#-----|         Type = [RValueReferenceType] __va_list &&
 #-----| [Operator,TopLevelFunction] void operator delete(void*)
 #-----|   <params>: 
 #-----|     getParameter(0): [Parameter] (unnamed parameter 0)
@@ -4343,7 +4335,7 @@ generic.c:
 #    3|                 ValueCategory = prvalue
 #    3|             getAssociationExpr(0): [ReuseExpr] reuse of x
 #    3|                 Type = [IntType] unsigned int
-#    3|                 ValueCategory = prvalue
+#    3|                 ValueCategory = lvalue
 #    3|             getAssociationType(1): [TypeName] int
 #    3|                 Type = [IntType] int
 #    3|                 ValueCategory = prvalue

cpp/ql/test/library-tests/ir/ir/aliased_ir.expected

@@ -9648,29 +9648,29 @@ ir.cpp:
 # 1054|     r1054_1(glval<decltype([...](...){...})>)  = VariableAddress[lambda_inits]          : 
 # 1054|     r1054_2(glval<decltype([...](...){...})>)  = VariableAddress[#temp1054:22]          : 
 # 1054|     m1054_3(decltype([...](...){...}))         = Uninitialized[#temp1054:22]            : &:r1054_2
-# 1054|     r1054_4(glval<int>)                        = FieldAddress[i]                        : r1054_2
-# 1054|     r1054_5(glval<int>)                        = VariableAddress[x]                     : 
-# 1054|     r1054_6(int)                               = Load[x]                                : &:r1054_5, ~m1052_7
-# 1054|     r1054_7(int)                               = Constant[1]                            : 
-# 1054|     r1054_8(int)                               = Add                                    : r1054_6, r1054_7
-# 1054|     m1054_9(int)                               = Store[?]                               : &:r1054_4, r1054_8
+# 1054|     r1054_4(glval<String &>)                   = FieldAddress[s]                        : r1054_2
+# 1054|     r1054_5(glval<String &>)                   = VariableAddress[s]                     : 
+# 1054|     r1054_6(String &)                          = Load[s]                                : &:r1054_5, m1040_9
+# 1054|     r1054_7(glval<String>)                     = CopyValue                              : r1054_6
+# 1054|     r1054_8(String &)                          = CopyValue                              : r1054_7
+# 1054|     m1054_9(String &)                          = Store[?]                               : &:r1054_4, r1054_8
 # 1054|     m1054_10(decltype([...](...){...}))        = Chi                                    : total:m1054_3, partial:m1054_9
-# 1054|     r1054_11(glval<int &>)                     = FieldAddress[j]                        : r1054_2
-# 1054|     r1054_12(glval<int>)                       = VariableAddress[r]                     : 
-# 1054|     r1054_13(int &)                            = CopyValue                              : r1054_12
-# 1054|     m1054_14(int &)                            = Store[?]                               : &:r1054_11, r1054_13
+# 1054|     r1054_11(glval<int>)                       = FieldAddress[x]                        : r1054_2
+# 1054|     r1054_12(glval<int>)                       = VariableAddress[x]                     : 
+# 1054|     r1054_13(int)                              = Load[x]                                : &:r1054_12, ~m1052_7
+# 1054|     m1054_14(int)                              = Store[?]                               : &:r1054_11, r1054_13
 # 1054|     m1054_15(decltype([...](...){...}))        = Chi                                    : total:m1054_10, partial:m1054_14
-# 1054|     r1054_16(glval<String &>)                  = FieldAddress[s]                        : r1054_2
-# 1054|     r1054_17(glval<String &>)                  = VariableAddress[s]                     : 
-# 1054|     r1054_18(String &)                         = Load[s]                                : &:r1054_17, m1040_9
-# 1054|     r1054_19(glval<String>)                    = CopyValue                              : r1054_18
-# 1054|     r1054_20(String &)                         = CopyValue                              : r1054_19
-# 1054|     m1054_21(String &)                         = Store[?]                               : &:r1054_16, r1054_20
+# 1054|     r1054_16(glval<int>)                       = FieldAddress[i]                        : r1054_2
+# 1054|     r1054_17(glval<int>)                       = VariableAddress[x]                     : 
+# 1054|     r1054_18(int)                              = Load[x]                                : &:r1054_17, ~m1052_7
+# 1054|     r1054_19(int)                              = Constant[1]                            : 
+# 1054|     r1054_20(int)                              = Add                                    : r1054_18, r1054_19
+# 1054|     m1054_21(int)                              = Store[?]                               : &:r1054_16, r1054_20
 # 1054|     m1054_22(decltype([...](...){...}))        = Chi                                    : total:m1054_15, partial:m1054_21
-# 1054|     r1054_23(glval<int>)                       = FieldAddress[x]                        : r1054_2
-# 1054|     r1054_24(glval<int>)                       = VariableAddress[x]                     : 
-# 1054|     r1054_25(int)                              = Load[x]                                : &:r1054_24, ~m1052_7
-# 1054|     m1054_26(int)                              = Store[?]                               : &:r1054_23, r1054_25
+# 1054|     r1054_23(glval<int &>)                     = FieldAddress[j]                        : r1054_2
+# 1054|     r1054_24(glval<int>)                       = VariableAddress[r]                     : 
+# 1054|     r1054_25(int &)                            = CopyValue                              : r1054_24
+# 1054|     m1054_26(int &)                            = Store[?]                               : &:r1054_23, r1054_25
 # 1054|     m1054_27(decltype([...](...){...}))        = Chi                                    : total:m1054_22, partial:m1054_26
 # 1054|     r1054_28(decltype([...](...){...}))        = Load[#temp1054:22]                     : &:r1054_2, m1054_27
 # 1054|     m1054_29(decltype([...](...){...}))        = Store[lambda_inits]                    : &:r1054_1, r1054_28

cpp/ql/test/library-tests/ir/ir/raw_ir.expected

@@ -8892,26 +8892,26 @@ ir.cpp:
 # 1054|     r1054_1(glval<decltype([...](...){...})>) = VariableAddress[lambda_inits]          : 
 # 1054|     r1054_2(glval<decltype([...](...){...})>) = VariableAddress[#temp1054:22]          : 
 # 1054|     mu1054_3(decltype([...](...){...}))       = Uninitialized[#temp1054:22]            : &:r1054_2
-# 1054|     r1054_4(glval<int>)                       = FieldAddress[i]                        : r1054_2
-# 1054|     r1054_5(glval<int>)                       = VariableAddress[x]                     : 
-# 1054|     r1054_6(int)                              = Load[x]                                : &:r1054_5, ~m?
-# 1054|     r1054_7(int)                              = Constant[1]                            : 
-# 1054|     r1054_8(int)                              = Add                                    : r1054_6, r1054_7
-# 1054|     mu1054_9(int)                             = Store[?]                               : &:r1054_4, r1054_8
-# 1054|     r1054_10(glval<int &>)                    = FieldAddress[j]                        : r1054_2
-# 1054|     r1054_11(glval<int>)                      = VariableAddress[r]                     : 
-# 1054|     r1054_12(int &)                           = CopyValue                              : r1054_11
-# 1054|     mu1054_13(int &)                          = Store[?]                               : &:r1054_10, r1054_12
-# 1054|     r1054_14(glval<String &>)                 = FieldAddress[s]                        : r1054_2
-# 1054|     r1054_15(glval<String &>)                 = VariableAddress[s]                     : 
-# 1054|     r1054_16(String &)                        = Load[s]                                : &:r1054_15, ~m?
-# 1054|     r1054_17(glval<String>)                   = CopyValue                              : r1054_16
-# 1054|     r1054_18(String &)                        = CopyValue                              : r1054_17
-# 1054|     mu1054_19(String &)                       = Store[?]                               : &:r1054_14, r1054_18
-# 1054|     r1054_20(glval<int>)                      = FieldAddress[x]                        : r1054_2
-# 1054|     r1054_21(glval<int>)                      = VariableAddress[x]                     : 
-# 1054|     r1054_22(int)                             = Load[x]                                : &:r1054_21, ~m?
-# 1054|     mu1054_23(int)                            = Store[?]                               : &:r1054_20, r1054_22
+# 1054|     r1054_4(glval<String &>)                  = FieldAddress[s]                        : r1054_2
+# 1054|     r1054_5(glval<String &>)                  = VariableAddress[s]                     : 
+# 1054|     r1054_6(String &)                         = Load[s]                                : &:r1054_5, ~m?
+# 1054|     r1054_7(glval<String>)                    = CopyValue                              : r1054_6
+# 1054|     r1054_8(String &)                         = CopyValue                              : r1054_7
+# 1054|     mu1054_9(String &)                        = Store[?]                               : &:r1054_4, r1054_8
+# 1054|     r1054_10(glval<int>)                      = FieldAddress[x]                        : r1054_2
+# 1054|     r1054_11(glval<int>)                      = VariableAddress[x]                     : 
+# 1054|     r1054_12(int)                             = Load[x]                                : &:r1054_11, ~m?
+# 1054|     mu1054_13(int)                            = Store[?]                               : &:r1054_10, r1054_12
+# 1054|     r1054_14(glval<int>)                      = FieldAddress[i]                        : r1054_2
+# 1054|     r1054_15(glval<int>)                      = VariableAddress[x]                     : 
+# 1054|     r1054_16(int)                             = Load[x]                                : &:r1054_15, ~m?
+# 1054|     r1054_17(int)                             = Constant[1]                            : 
+# 1054|     r1054_18(int)                             = Add                                    : r1054_16, r1054_17
+# 1054|     mu1054_19(int)                            = Store[?]                               : &:r1054_14, r1054_18
+# 1054|     r1054_20(glval<int &>)                    = FieldAddress[j]                        : r1054_2
+# 1054|     r1054_21(glval<int>)                      = VariableAddress[r]                     : 
+# 1054|     r1054_22(int &)                           = CopyValue                              : r1054_21
+# 1054|     mu1054_23(int &)                          = Store[?]                               : &:r1054_20, r1054_22
 # 1054|     r1054_24(decltype([...](...){...}))       = Load[#temp1054:22]                     : &:r1054_2, ~m?
 # 1054|     mu1054_25(decltype([...](...){...}))      = Store[lambda_inits]                    : &:r1054_1, r1054_24
 # 1055|     r1055_1(glval<decltype([...](...){...})>) = VariableAddress[lambda_inits]          : 

cpp/ql/test/library-tests/scopes/parents/parents.expected

@@ -1,7 +1,7 @@
 | 0 | file://:0:0:0:0 | (global namespace) | file://:0:0:0:0 | __va_list_tag |
 | 0 | file://:0:0:0:0 | (global namespace) | parents.cpp:2:11:2:13 | foo |
 | 0 | file://:0:0:0:0 | (global namespace) | parents.cpp:18:3:18:3 | var |
-| 0 | file://:0:0:0:0 | (global namespace) | parents.cpp:18:3:18:5 | var |
+| 0 | file://:0:0:0:0 | (global namespace) | parents.cpp:18:7:18:7 | var |
 | 0 | file://:0:0:0:0 | (global namespace) | parents.cpp:20:5:20:5 | g |
 | 1 | file://:0:0:0:0 | __va_list_tag | file://:0:0:0:0 | fp_offset |
 | 1 | file://:0:0:0:0 | __va_list_tag | file://:0:0:0:0 | gp_offset |
@@ -22,6 +22,6 @@
 | 1 | parents.cpp:6:11:10:7 | { ... } | parents.cpp:7:9:9:9 | for(...;...;...) ... |
 | 1 | parents.cpp:6:11:10:7 | { ... } | parents.cpp:7:33:9:9 | { ... } |
 | 1 | parents.cpp:7:33:9:9 | { ... } | parents.cpp:8:15:8:15 | k |
-| 1 | parents.cpp:18:3:18:5 | var | parents.cpp:17:19:17:19 | T |
+| 1 | parents.cpp:18:7:18:7 | var | parents.cpp:17:19:17:19 | T |
 | 1 | parents.cpp:20:5:20:5 | g | parents.cpp:20:9:24:1 | { ... } |
 | 1 | parents.cpp:20:9:24:1 | { ... } | parents.cpp:21:16:21:16 | l |

cpp/ql/test/library-tests/templates/isfromtemplateinstantiation/isfromuninstantiatedtemplate.expected

@@ -121,8 +121,8 @@ isFromUninstantiatedTemplate
 | isfromtemplateinstantiation.cpp:99:1:99:1 | return ... | isfromtemplateinstantiation.cpp:77:26:77:45 | AnotherTemplateClass<T> |
 | isfromtemplateinstantiation.cpp:99:1:99:1 | return ... | isfromtemplateinstantiation.cpp:97:25:97:60 | myMethod2 |
 | isfromtemplateinstantiation.cpp:99:1:99:1 | return ... | isfromtemplateinstantiation.cpp:97:52:97:52 | myMethod2 |
-| isfromtemplateinstantiation.cpp:110:3:110:14 | definition of var_template | isfromtemplateinstantiation.cpp:110:3:110:14 | var_template |
-| isfromtemplateinstantiation.cpp:110:3:110:14 | var_template | isfromtemplateinstantiation.cpp:110:3:110:14 | var_template |
+| isfromtemplateinstantiation.cpp:110:15:110:15 | definition of var_template | isfromtemplateinstantiation.cpp:110:15:110:15 | var_template |
+| isfromtemplateinstantiation.cpp:110:15:110:15 | var_template | isfromtemplateinstantiation.cpp:110:15:110:15 | var_template |
 | isfromtemplateinstantiation.cpp:128:7:128:30 | AnotherTemplateClass<T *> | isfromtemplateinstantiation.cpp:128:7:128:30 | AnotherTemplateClass<T *> |
 | isfromtemplateinstantiation.cpp:128:7:128:30 | definition of AnotherTemplateClass<T *> | isfromtemplateinstantiation.cpp:128:7:128:30 | AnotherTemplateClass<T *> |
 | isfromtemplateinstantiation.cpp:129:6:129:6 | definition of f | isfromtemplateinstantiation.cpp:128:7:128:30 | AnotherTemplateClass<T *> |

cpp/ql/test/library-tests/templates/variables/template_variables.expected

@@ -9,19 +9,19 @@
 | variables.cpp:2:13:2:13 | pi | variables.cpp:25:12:25:16 | T |  |
 | variables.cpp:2:13:2:13 | pi | variables.cpp:25:12:25:16, variables.cpp:37:16:37:24 | float |  |
 | variables.cpp:2:13:2:13 | pi | variables.cpp:25:12:25:16, variables.cpp:38:16:38:22 | int |  |
-| variables.cpp:2:13:2:14 | pi |  | T | TemplateVariable |
+| variables.cpp:2:16:2:16 | pi |  | T | TemplateVariable |
 | variables.cpp:5:23:5:37 | pi |  | const char * |  |
 | variables.cpp:8:13:8:13 | multi_arg | variables.cpp:33:19:33:33 | S, T |  |
 | variables.cpp:8:13:8:13 | multi_arg | variables.cpp:33:19:33:33 | float, char |  |
 | variables.cpp:8:13:8:13 | multi_arg | variables.cpp:33:19:33:33 | short, long |  |
 | variables.cpp:8:13:8:13 | multi_arg | variables.cpp:40:23:40:60 | unsigned int, unsigned char |  |
 | variables.cpp:8:13:8:13 | multi_arg | variables.cpp:41:23:41:42 | int, char |  |
-| variables.cpp:8:13:8:21 | multi_arg |  | S, T | TemplateVariable |
+| variables.cpp:8:23:8:23 | multi_arg |  | S, T | TemplateVariable |
 | variables.cpp:11:3:11:3 | mutable_val | variables.cpp:26:3:26:16 | T |  |
 | variables.cpp:11:3:11:3 | mutable_val | variables.cpp:26:3:26:16 | float |  |
 | variables.cpp:11:3:11:3 | mutable_val | variables.cpp:26:3:26:16, variables.cpp:43:3:43:18 | int |  |
 | variables.cpp:11:3:11:3 | mutable_val | variables.cpp:44:3:44:19 | long |  |
-| variables.cpp:11:3:11:13 | mutable_val |  | T | TemplateVariable |
+| variables.cpp:11:15:11:15 | mutable_val |  | T | TemplateVariable |
 | variables.cpp:19:3:19:10 | bar |  | T | TemplateVariable |
 | variables.cpp:19:8:19:8 | bar | variables.cpp:27:3:27:13 | T |  |
 | variables.cpp:19:8:19:8 | bar | variables.cpp:27:3:27:13 | float |  |

cpp/ql/test/query-tests/Best Practices/SloppyGlobal/SloppyGlobal.expected

@@ -2,6 +2,6 @@
 | main.cpp:4:5:4:6 | ys | Poor global variable name 'ys'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
 | main.cpp:9:5:9:6 | v1 | Poor global variable name 'v1'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
 | main.cpp:10:5:10:6 | v2 | Poor global variable name 'v2'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
-| main.cpp:12:3:12:4 | v3 | Poor global variable name 'v3'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
-| main.cpp:14:3:14:4 | v4 | Poor global variable name 'v4'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
-| main.cpp:16:3:16:4 | v5 | Poor global variable name 'v5'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
+| main.cpp:12:5:12:5 | v3 | Poor global variable name 'v3'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
+| main.cpp:14:5:14:5 | v4 | Poor global variable name 'v4'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |
+| main.cpp:16:5:16:5 | v5 | Poor global variable name 'v5'. Prefer longer, descriptive names for globals (eg. kMyGlobalConstant, not foo). |

cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedLocals/UnusedLocals.expected

@@ -2,6 +2,7 @@
 | code2.cpp:7:6:7:7 | v3 | Variable v3 is not used. |
 | code2.cpp:11:16:11:17 | v7 | Variable v7 is not used. |
 | code2.cpp:26:16:26:17 | v1 | Variable v1 is not used. |
+| code2.cpp:27:16:27:17 | v2 | Variable v2 is not used. |
 | code2.cpp:42:11:42:16 | myVar1 | Variable myVar1 is not used. |
 | code2.cpp:64:7:64:8 | v3 | Variable v3 is not used. |
 | code2.cpp:108:11:108:12 | v2 | Variable v2 is not used. |

cpp/ql/test/query-tests/Best Practices/Unused Entities/UnusedLocals/code2.cpp

@@ -24,7 +24,7 @@ void myFunction()
 void test_template_parameter()
 {
 	constexpr int v1 = 0; // BAD: unused
-	constexpr int v2 = 0; // GOOD: used as a template parameter below
+	constexpr int v2 = 0; // GOOD: used as a template parameter below [FALSE POSITIVE]
 
 	myFunction<v2>();
 }

cpp/ql/test/query-tests/Likely Bugs/Arithmetic/PointlessComparison/RegressionTests.cpp

@@ -124,43 +124,3 @@ void testTempObject() {
   f(&x);
   if (x > 0) {} // GOOD [NO LONGER REPORTED]
 }
-
-void staticAssert() {
-  static const int a = 42;
-  static const int b = 43;
-  static_assert(a < b + 0, ""); // GOOD
-}
-
-constexpr int global_1 = 42;
-constexpr int global_2 = global_1 < 2 * sizeof(int*) ? 43 : 2 * sizeof(int*); // GOOD
-
-static const int global_3 = 42;
-static const int global_4 = global_3 < 2 * sizeof(int*) ? 43 : 2 * sizeof(int*); // GOOD
-
-template<unsigned int p, unsigned int n, bool = ((2u * n) < p)>
-struct templateCompare : public templateCompare<p, 2u * n>  // GOOD
-{ };
-
-template< unsigned int p, unsigned int n>
-struct templateCompare< p, n, false>
-{
-  static const unsigned int v = n;
-};
-
-unsigned int templateCompare_x = templateCompare<42, 42>::v;
-
-template<int n>
-struct someType {
-  typedef someType<((n - 4) < 0 ? 0 : n - 4)> b;  // GOOD
-};
-
-someType<42>::b someType_x;
-
-struct A_Struct {
-  int x;
-  int y;
-};
-
-enum E {
-  E_e = sizeof(A_Struct) * 8 > 50 // GOOD
-};

csharp/.config/dotnet-tools.json

@@ -3,7 +3,7 @@
   "isRoot": true,
   "tools": {
     "paket": {
-      "version": "10.0.0-alpha011",
+      "version": "9.0.2",
       "commands": [
         "paket"
       ]

csharp/.vscode/launch.json

@@ -6,7 +6,7 @@
             "type": "coreclr",
             "request": "launch",
             "preLaunchTask": "dotnet: build",
-            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Standalone/bin/Debug/net10.0/Semmle.Extraction.CSharp.Standalone.dll",
+            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Standalone/bin/Debug/net9.0/Semmle.Extraction.CSharp.Standalone.dll",
             "args": [],
             // Set the path to the folder that should be extracted:
             "cwd": "${workspaceFolder}/ql/test/library-tests/standalone/standalonemode",
@@ -35,7 +35,7 @@
             "type": "coreclr",
             "request": "launch",
             "preLaunchTask": "dotnet: build",
-            "program": "${workspaceFolder}/autobuilder/Semmle.Autobuild.CSharp/bin/Debug/net10.0/Semmle.Autobuild.CSharp.dll",
+            "program": "${workspaceFolder}/autobuilder/Semmle.Autobuild.CSharp/bin/Debug/net9.0/Semmle.Autobuild.CSharp.dll",
             // Set the path to the folder that should be extracted:
             "cwd": "${workspaceFolder}/ql/integration-tests/all-platforms/autobuild",
             "stopAtEntry": true,
@@ -53,7 +53,7 @@
             "type": "coreclr",
             "request": "launch",
             "preLaunchTask": "dotnet: build",
-            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net10.0/Semmle.Extraction.CSharp.Driver.dll",
+            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net9.0/Semmle.Extraction.CSharp.Driver.dll",
             "stopAtEntry": true,
             "args": [
                 "--binlog",
@@ -66,7 +66,7 @@
             "type": "coreclr",
             "request": "launch",
             "preLaunchTask": "dotnet: build",
-            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net10.0/Semmle.Extraction.CSharp.Driver.dll",
+            "program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net9.0/Semmle.Extraction.CSharp.Driver.dll",
             // Set the path to the folder that should be extracted:
             "cwd": "${workspaceFolder}/ql/test/library-tests/dataflow/local",
             "args": [

csharp/.vscode/settings.json

@@ -10,5 +10,5 @@
     "omnisharp.enableRoslynAnalyzers": true,
     "csharpFormatUsings.splitGroups": false,
     "csharpFormatUsings.sortOrder": "Xunit System Microsoft Semmle.Util Semmle",
-    "dotnet.defaultSolution": "CSharp.slnx"
-}
+    "dotnet.defaultSolution": "CSharp.sln"
+}

csharp/CSharp.sln

@@ -0,0 +1,118 @@
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.27130.2036
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Util", "extractor\Semmle.Util\Semmle.Util.csproj", "{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp", "extractor\Semmle.Extraction.CSharp\Semmle.Extraction.CSharp.csproj", "{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.DependencyFetching", "extractor\Semmle.Extraction.CSharp.DependencyFetching\Semmle.Extraction.CSharp.DependencyFetching.csproj", "{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.Standalone", "extractor\Semmle.Extraction.CSharp.Standalone\Semmle.Extraction.CSharp.Standalone.csproj", "{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.StubGenerator", "extractor\Semmle.Extraction.CSharp.StubGenerator\Semmle.Extraction.CSharp.StubGenerator.csproj", "{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.Util", "extractor\Semmle.Extraction.CSharp.Util\Semmle.Extraction.CSharp.Util.csproj", "{998A0D4C-8BFC-4513-A28D-4816AFB89882}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.CSharp.Driver", "extractor\Semmle.Extraction.CSharp.Driver\Semmle.Extraction.CSharp.Driver.csproj", "{C36453BF-0C82-448A-B15D-26947503A2D3}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Extraction.Tests", "extractor\Semmle.Extraction.Tests\Semmle.Extraction.Tests.csproj", "{CD8D3F90-AD2E-4BB5-8E82-B94AA293864A}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Semmle.Util.Tests", "extractor\Semmle.Util.Tests\Semmle.Util.Tests.csproj", "{55A620F0-23F6-440D-A5BA-0567613B3C0F}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.Shared", "autobuilder\Semmle.Autobuild.Shared\Semmle.Autobuild.Shared.csproj", "{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.CSharp", "autobuilder\Semmle.Autobuild.CSharp\Semmle.Autobuild.CSharp.csproj", "{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.CSharp.Tests", "autobuilder\Semmle.Autobuild.CSharp.Tests\Semmle.Autobuild.CSharp.Tests.csproj", "{34256E8F-866A-46C1-800E-3DF69FD1DCB7}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Extraction.CSharp.DependencyStubGenerator", "extractor\Semmle.Extraction.CSharp.DependencyStubGenerator\Semmle.Extraction.CSharp.DependencyStubGenerator.csproj", "{0EDA21A3-ADD8-4C10-B494-58B12B526B76}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.Cpp", "autobuilder\Semmle.Autobuild.Cpp\Semmle.Autobuild.Cpp.csproj", "{125C4FB7-34DA-442A-9095-3EA1514270CD}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Semmle.Autobuild.Cpp.Tests", "autobuilder\Semmle.Autobuild.Cpp.Tests\Semmle.Autobuild.Cpp.Tests.csproj", "{72F369B7-0707-401A-802F-D526F272F9EE}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{CDD7AD69-0FD8-40F0-A9DA-F1077A2A85D6}.Release|Any CPU.Build.0 = Release|Any CPU
+		{81EAAD75-4BE1-44E4-91DF-20778216DB64}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{81EAAD75-4BE1-44E4-91DF-20778216DB64}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{81EAAD75-4BE1-44E4-91DF-20778216DB64}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{81EAAD75-4BE1-44E4-91DF-20778216DB64}.Release|Any CPU.Build.0 = Release|Any CPU
+		{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{C4D62DA0-B64B-440B-86DC-AB52318CB8BF}.Release|Any CPU.Build.0 = Release|Any CPU
+		{399A1579-68F0-40F4-9A23-F241BA697F9C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{399A1579-68F0-40F4-9A23-F241BA697F9C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{399A1579-68F0-40F4-9A23-F241BA697F9C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{399A1579-68F0-40F4-9A23-F241BA697F9C}.Release|Any CPU.Build.0 = Release|Any CPU
+		{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{541D1AC5-E42C-4AB2-A1A4-C2355CE2A2EF}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D00E7D25-0FA0-48EC-B048-CD60CE1B30D8}.Release|Any CPU.Build.0 = Release|Any CPU
+		{EFA400B3-C1CE-446F-A4E2-8B44E61EF47C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{EFA400B3-C1CE-446F-A4E2-8B44E61EF47C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{EFA400B3-C1CE-446F-A4E2-8B44E61EF47C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{EFA400B3-C1CE-446F-A4E2-8B44E61EF47C}.Release|Any CPU.Build.0 = Release|Any CPU
+		{C36453BF-0C82-448A-B15D-26947503A2D3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{C36453BF-0C82-448A-B15D-26947503A2D3}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{C36453BF-0C82-448A-B15D-26947503A2D3}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{C36453BF-0C82-448A-B15D-26947503A2D3}.Release|Any CPU.Build.0 = Release|Any CPU
+		{CD8D3F90-AD2E-4BB5-8E82-B94AA293864A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{CD8D3F90-AD2E-4BB5-8E82-B94AA293864A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{CD8D3F90-AD2E-4BB5-8E82-B94AA293864A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{55A620F0-23F6-440D-A5BA-0567613B3C0F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{55A620F0-23F6-440D-A5BA-0567613B3C0F}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{55A620F0-23F6-440D-A5BA-0567613B3C0F}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{133F2B5B-FD25-4BD9-B34C-062CC6BB4178}.Release|Any CPU.Build.0 = Release|Any CPU
+		{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{F3C07863-3759-4A0B-B777-8A0E0FDB1A41}.Release|Any CPU.Build.0 = Release|Any CPU
+		{34256E8F-866A-46C1-800E-3DF69FD1DCB7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{34256E8F-866A-46C1-800E-3DF69FD1DCB7}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{34256E8F-866A-46C1-800E-3DF69FD1DCB7}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{34256E8F-866A-46C1-800E-3DF69FD1DCB7}.Release|Any CPU.Build.0 = Release|Any CPU
+		{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{B7C9FD47-A78C-4C20-AC29-B0AE638ADE9D}.Release|Any CPU.Build.0 = Release|Any CPU
+		{998A0D4C-8BFC-4513-A28D-4816AFB89882}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{998A0D4C-8BFC-4513-A28D-4816AFB89882}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{998A0D4C-8BFC-4513-A28D-4816AFB89882}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{998A0D4C-8BFC-4513-A28D-4816AFB89882}.Release|Any CPU.Build.0 = Release|Any CPU
+		{0EDA21A3-ADD8-4C10-B494-58B12B526B76}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{0EDA21A3-ADD8-4C10-B494-58B12B526B76}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{0EDA21A3-ADD8-4C10-B494-58B12B526B76}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{0EDA21A3-ADD8-4C10-B494-58B12B526B76}.Release|Any CPU.Build.0 = Release|Any CPU
+		{125C4FB7-34DA-442A-9095-3EA1514270CD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{125C4FB7-34DA-442A-9095-3EA1514270CD}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{125C4FB7-34DA-442A-9095-3EA1514270CD}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{125C4FB7-34DA-442A-9095-3EA1514270CD}.Release|Any CPU.Build.0 = Release|Any CPU
+		{72F369B7-0707-401A-802F-D526F272F9EE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{72F369B7-0707-401A-802F-D526F272F9EE}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{72F369B7-0707-401A-802F-D526F272F9EE}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{72F369B7-0707-401A-802F-D526F272F9EE}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {E2B2BAC0-D55C-45DB-8CB3-8CEBA86FB547}
+	EndGlobalSection
+EndGlobal

csharp/CSharp.slnx

@@ -1,25 +0,0 @@
-<Solution>
-  <Project Path="autobuilder/Semmle.Autobuild.Cpp.Tests/Semmle.Autobuild.Cpp.Tests.csproj">
-    <Build Solution="Release|*" Project="false" />
-  </Project>
-  <Project Path="autobuilder/Semmle.Autobuild.Cpp/Semmle.Autobuild.Cpp.csproj" />
-  <Project Path="autobuilder/Semmle.Autobuild.CSharp.Tests/Semmle.Autobuild.CSharp.Tests.csproj">
-    <Build Solution="Release|*" Project="false" />
-  </Project>
-  <Project Path="autobuilder/Semmle.Autobuild.CSharp/Semmle.Autobuild.CSharp.csproj" />
-  <Project Path="autobuilder/Semmle.Autobuild.Shared/Semmle.Autobuild.Shared.csproj" />
-  <Project Path="extractor/Semmle.Extraction.CSharp.DependencyFetching/Semmle.Extraction.CSharp.DependencyFetching.csproj" />
-  <Project Path="extractor/Semmle.Extraction.CSharp.DependencyStubGenerator/Semmle.Extraction.CSharp.DependencyStubGenerator.csproj" />
-  <Project Path="extractor/Semmle.Extraction.CSharp.Driver/Semmle.Extraction.CSharp.Driver.csproj" />
-  <Project Path="extractor/Semmle.Extraction.CSharp.Standalone/Semmle.Extraction.CSharp.Standalone.csproj" />
-  <Project Path="extractor/Semmle.Extraction.CSharp.StubGenerator/Semmle.Extraction.CSharp.StubGenerator.csproj" />
-  <Project Path="extractor/Semmle.Extraction.CSharp.Util/Semmle.Extraction.CSharp.Util.csproj" />
-  <Project Path="extractor/Semmle.Extraction.CSharp/Semmle.Extraction.CSharp.csproj" />
-  <Project Path="extractor/Semmle.Extraction.Tests/Semmle.Extraction.Tests.csproj">
-    <Build Solution="Release|*" Project="false" />
-  </Project>
-  <Project Path="extractor/Semmle.Util.Tests/Semmle.Util.Tests.csproj">
-    <Build Solution="Release|*" Project="false" />
-  </Project>
-  <Project Path="extractor/Semmle.Util/Semmle.Util.csproj" />
-</Solution>

csharp/Directory.Build.props

@@ -1,7 +1,7 @@
 <Project>
 
   <PropertyGroup>
-    <TargetFramework>net10.0</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
     <RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
     <Nullable>enable</Nullable>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>

csharp/actions/create-extractor-pack/action.yml

@@ -7,7 +7,7 @@ runs:
     - name: Setup dotnet
       uses: actions/setup-dotnet@v4
       with:
-        dotnet-version: 10.0.100
+        dotnet-version: 9.0.300
     - name: Build Extractor
       shell: bash
       run: scripts/create-extractor-pack.sh

csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BUILD.bazel

@@ -13,5 +13,6 @@ codeql_xunit_test(
         "//csharp/autobuilder/Semmle.Autobuild.CSharp:bin/Semmle.Autobuild.CSharp",
         "//csharp/autobuilder/Semmle.Autobuild.Shared",
         "@paket.main//microsoft.net.test.sdk",
+        "@paket.main//system.io.filesystem",
     ],
 )

csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/paket.references

@@ -1,3 +1,4 @@
+System.IO.FileSystem
 xunit
 xunit.runner.visualstudio
 Microsoft.NET.Test.Sdk

csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/BUILD.bazel

@@ -13,5 +13,6 @@ codeql_xunit_test(
         "//csharp/autobuilder/Semmle.Autobuild.Cpp:bin/Semmle.Autobuild.Cpp",
         "//csharp/autobuilder/Semmle.Autobuild.Shared",
         "@paket.main//microsoft.net.test.sdk",
+        "@paket.main//system.io.filesystem",
     ],
 )

csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/paket.references

@@ -1,3 +1,4 @@
+System.IO.FileSystem
 xunit
 xunit.runner.visualstudio
 Microsoft.NET.Test.Sdk

csharp/autobuilder/Semmle.Autobuild.Shared/Autobuilder.cs

@@ -182,16 +182,8 @@ namespace Semmle.Autobuild.Shared
                 if (ret is not null)
                     return ret;
 
-                // Then look for language specific solution files, e.g. `.slnx` files
-                if (Options.Language.SolutionExtension is string solutionExtension)
-                {
-                    ret = FindFiles(solutionExtension, f => new Solution<TAutobuildOptions>(this, f, false))?.ToList();
-                    if (ret is not null)
-                        return ret;
-                }
-
                 // Finally look for language specific project files, e.g. `.csproj` files
-                ret = FindFiles(Options.Language.ProjectExtension, f => new Project<TAutobuildOptions>(this, f))?.ToList();
+                ret = FindFiles(this.Options.Language.ProjectExtension, f => new Project<TAutobuildOptions>(this, f))?.ToList();
                 return ret ?? new List<IProjectOrSolution>();
             });
 

csharp/autobuilder/Semmle.Autobuild.Shared/BUILD.bazel

@@ -12,6 +12,5 @@ codeql_csharp_library(
     deps = [
         "//csharp/extractor/Semmle.Util",
         "@paket.main//microsoft.build",
-        "@paket.main//microsoft.visualstudio.solutionpersistence",
     ],
 )

csharp/autobuilder/Semmle.Autobuild.Shared/Solution.cs

@@ -4,11 +4,12 @@ using System.IO;
 using System.Linq;
 using Microsoft.Build.Construction;
 using Microsoft.Build.Exceptions;
+using Semmle.Util.Logging;
 
 namespace Semmle.Autobuild.Shared
 {
     /// <summary>
-    /// A solution file, extension .sln or .slnx.
+    /// A solution file, extension .sln.
     /// </summary>
     public interface ISolution : IProjectOrSolution
     {

csharp/autobuilder/Semmle.Autobuild.Shared/paket.references

@@ -1,2 +1 @@
 Microsoft.Build
-Microsoft.VisualStudio.SolutionPersistence

csharp/documentation/library-coverage/coverage.csv

@@ -40,7 +40,6 @@ Microsoft.VisualBasic,,,6,,,,,,,,,,,,,,,,,,,1,5
 Microsoft.Win32,,4,2,,,,,,,,,,,,,,,,,,4,,2
 Mono.Linker,,,278,,,,,,,,,,,,,,,,,,,127,151
 MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,,
-NHibernate,3,,,,,,,,,,,,3,,,,,,,,,,
 Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18
 ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7,
 SourceGenerators,,,5,,,,,,,,,,,,,,,,,,,,5

csharp/documentation/library-coverage/coverage.rst

@@ -9,6 +9,6 @@ C# framework & library support
    Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
    `ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
    System,"``System.*``, ``System``",47,12241,54,5
-   Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Data.SqlClient``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``NHibernate``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2257,162,4
-   Totals,,107,14505,410,9
+   Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Data.SqlClient``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2257,159,4
+   Totals,,107,14505,407,9
 

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/BUILD.bazel

@@ -15,7 +15,6 @@ codeql_csharp_library(
     deps = [
         "//csharp/extractor/Semmle.Extraction.CSharp",
         "//csharp/extractor/Semmle.Util",
-        "@paket.main//microsoft.visualstudio.solutionpersistence",
         "@paket.main//newtonsoft.json",
         "@paket.main//nuget.versioning",
     ],

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs

@@ -157,7 +157,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         }
 
         // The version number should be kept in sync with the version .NET version used for building the application.
-        public const string LatestDotNetSdkVersion = "10.0.100";
+        public const string LatestDotNetSdkVersion = "9.0.300";
 
         public static ReadOnlyDictionary<string, string> MinimalEnvironment => IDotNetCliInvoker.MinimalEnvironment;
 

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FilePathFilter.cs

@@ -55,12 +55,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
                 }
                 else
                 {
-                    logger.LogWarning($"Invalid filter: {filter}");
+                    logger.LogInfo($"Invalid filter: {filter}");
                     continue;
                 }
 
                 var regex = new FilePattern(filterText).RegexPattern;
-                logger.LogDebug($"Filtering {(include ? "in" : "out")} files matching '{regex}'. Original glob filter: '{filter}'");
+                logger.LogInfo($"Filtering {(include ? "in" : "out")} files matching '{regex}'. Original glob filter: '{filter}'");
                 pathFilters.Add(new PathFilter(new Regex(regex, RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.Singleline), include));
             }
 
@@ -91,7 +91,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
 
                 if (!include)
                 {
-                    logger.LogDebug($"Excluding '{f.FileInfo.FullName}'");
+                    logger.LogInfo($"Excluding '{f.FileInfo.FullName}'");
                 }
 
                 return include;

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FileProvider.cs

@@ -37,7 +37,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
             smallNonBinary = new Lazy<string[]>(() => ReturnAndLogFiles("small non-binary", SelectSmallFiles(allNonBinary.Value).SelectFileNames().ToArray()));
             sources = new Lazy<string[]>(() => SelectTextFileNamesByExtension("source", ".cs"));
             projects = new Lazy<string[]>(() => SelectTextFileNamesByExtension("project", ".csproj"));
-            solutions = new Lazy<string[]>(() => SelectTextFileNamesByExtension("solution", ".sln", ".slnx"));
+            solutions = new Lazy<string[]>(() => SelectTextFileNamesByExtension("solution", ".sln"));
             dlls = new Lazy<string[]>(() => SelectBinaryFileNamesByExtension("DLL", ".dll"));
             nugetConfigs = new Lazy<string[]>(() => SelectTextFileNamesByName("nuget.config"));
             globalJsons = new Lazy<string[]>(() => SelectTextFileNamesByName("global.json"));

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/SolutionFile.cs

@@ -6,7 +6,7 @@ using Microsoft.Build.Construction;
 namespace Semmle.Extraction.CSharp.DependencyFetching
 {
     /// <summary>
-    /// Access data in a .sln or .slnx file.
+    /// Access data in a .sln file.
     /// </summary>
     internal class SolutionFile
     {
@@ -17,7 +17,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         /// <summary>
         /// Read the file.
         /// </summary>
-        /// <param name="filename">The filename of the .sln or .slnx.</param>
+        /// <param name="filename">The filename of the .sln.</param>
         public SolutionFile(string filename)
         {
             // SolutionFile.Parse() expects a rooted path.
@@ -26,7 +26,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
         }
 
         /// <summary>
-        /// Projects directly included in the .sln or .slnx file.
+        /// Projects directly included in the .sln file.
         /// </summary>
         public IEnumerable<string> MsBuildProjects
         {

csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/paket.references

@@ -1,3 +1,2 @@
-Microsoft.VisualStudio.SolutionPersistence
 Newtonsoft.Json
 NuGet.Versioning

csharp/extractor/Semmle.Extraction.CSharp.DependencyStubGenerator/Semmle.Extraction.CSharp.DependencyStubGenerator.csproj

@@ -2,7 +2,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net10.0</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
     <AssemblyName>Semmle.Extraction.CSharp.DependencyStubGenerator</AssemblyName>
     <RootNamespace>Semmle.Extraction.CSharp.DependencyStubGenerator</RootNamespace>
     <ImplicitUsings>enable</ImplicitUsings>
@@ -14,4 +14,4 @@
     <ProjectReference Include="..\Semmle.Extraction.CSharp.StubGenerator\Semmle.Extraction.CSharp.StubGenerator.csproj" />
   </ItemGroup>
   <Import Project="..\..\.paket\Paket.Restore.targets" />
-</Project>
+</Project>

csharp/extractor/Semmle.Extraction.CSharp.Standalone/paket.references

@@ -1 +1,5 @@
 Microsoft.Build
+Microsoft.Win32.Primitives
+System.Net.Primitives
+System.Security.Principal
+System.Threading.ThreadPool

csharp/extractor/Semmle.Extraction.Tests/BUILD.bazel

@@ -16,5 +16,6 @@ codeql_xunit_test(
         "//csharp/extractor/Semmle.Extraction.CSharp.StubGenerator",
         "//csharp/extractor/Semmle.Util",
         "@paket.main//microsoft.net.test.sdk",
+        "@paket.main//system.io.filesystem",
     ],
 )

csharp/extractor/Semmle.Extraction.Tests/paket.references

@@ -1,3 +1,4 @@
+System.IO.FileSystem
 xunit
 xunit.runner.visualstudio
 Microsoft.NET.Test.Sdk

csharp/extractor/Semmle.Util/Language.cs

@@ -2,27 +2,21 @@
 {
     public sealed class Language
     {
-        public static Language Cpp { get; } = new Language("CPP", ".vcxproj");
-        public static Language CSharp { get; } = new Language("CSHARP", ".csproj", ".slnx");
+        public static Language Cpp { get; } = new Language(".vcxproj", "CPP");
+        public static Language CSharp { get; } = new Language(".csproj", "CSHARP");
 
         public bool ProjectFileHasThisLanguage(string path) =>
             System.IO.Path.GetExtension(path) == ProjectExtension;
 
         public string ProjectExtension { get; }
-        public string? SolutionExtension { get; }
         public string UpperCaseName { get; }
 
-        private Language(string name, string projectExtension)
+        private Language(string extension, string name)
         {
-            ProjectExtension = projectExtension;
+            ProjectExtension = extension;
             UpperCaseName = name;
         }
 
-        private Language(string name, string projectExtension, string solutionExtension) : this(name, projectExtension)
-        {
-            SolutionExtension = solutionExtension;
-        }
-
         public override string ToString() =>
             ProjectExtension == Cpp.ProjectExtension ? "C/C++" : "C#";
     }

csharp/paket.dependencies

@@ -1,10 +1,10 @@
-framework: net10.0
+framework: net9.0
 storage: none
 source https://api.nuget.org/v3/index.json
 # behave like nuget in choosing transitive dependency versions
 strategy: max
 
-nuget Basic.CompilerLog.Util 0.9.25
+nuget Basic.CompilerLog.Util 0.9.21
 nuget Mono.Posix.NETStandard
 nuget Newtonsoft.Json
 nuget NuGet.Versioning
@@ -12,7 +12,11 @@ nuget xunit
 nuget xunit.runner.visualstudio
 nuget xunit.runner.utility
 nuget Microsoft.NET.Test.Sdk
-nuget Microsoft.CodeAnalysis.CSharp 5.0.0
-nuget Microsoft.CodeAnalysis 5.0.0
-nuget Microsoft.Build 18.0.2
-nuget Microsoft.VisualStudio.SolutionPersistence
+nuget Microsoft.CodeAnalysis.CSharp 4.14.0
+nuget Microsoft.CodeAnalysis 4.14.0
+nuget Microsoft.Build 17.14.28
+nuget Microsoft.Win32.Primitives
+nuget System.Net.Primitives
+nuget System.Security.Principal
+nuget System.Threading.ThreadPool
+nuget System.IO.FileSystem

csharp/paket.lock

@@ -1,9 +1,9 @@
 STORAGE: NONE
 STRATEGY: MAX
-RESTRICTION: == net10.0
+RESTRICTION: == net9.0
 NUGET
   remote: https://api.nuget.org/v3/index.json
-    Basic.CompilerLog.Util (0.9.25)
+    Basic.CompilerLog.Util (0.9.21)
       MessagePack (>= 3.1.4)
       Microsoft.Bcl.Memory (>= 9.0.10)
       Microsoft.CodeAnalysis (>= 4.8)
@@ -12,133 +12,198 @@ NUGET
       Microsoft.Extensions.ObjectPool (>= 9.0.10)
       MSBuild.StructuredLogger (>= 2.3.71)
       NaturalSort.Extension (>= 4.4)
-      NuGet.Versioning (>= 6.14)
-    Humanizer.Core (3.0.1)
+    Humanizer.Core (2.14.1)
     MessagePack (3.1.4)
       MessagePack.Annotations (>= 3.1.4)
       MessagePackAnalyzer (>= 3.1.4)
       Microsoft.NET.StringTools (>= 17.11.4)
     MessagePack.Annotations (3.1.4)
     MessagePackAnalyzer (3.1.4)
-    Microsoft.Bcl.AsyncInterfaces (10.0.1)
-    Microsoft.Bcl.Memory (10.0.1)
-    Microsoft.Build (18.0.2)
-      Microsoft.Build.Framework (>= 18.0.2)
-      Microsoft.NET.StringTools (>= 18.0.2)
+    Microsoft.Bcl.AsyncInterfaces (9.0.10)
+    Microsoft.Bcl.Memory (9.0.10)
+    Microsoft.Build (17.14.28)
+      Microsoft.Build.Framework (>= 17.14.28)
+      Microsoft.NET.StringTools (>= 17.14.28)
       System.Configuration.ConfigurationManager (>= 9.0)
       System.Diagnostics.EventLog (>= 9.0)
       System.Reflection.MetadataLoadContext (>= 9.0)
-      System.Security.Cryptography.ProtectedData (>= 9.0.6)
-    Microsoft.Build.Framework (18.0.2)
-    Microsoft.Build.Utilities.Core (18.0.2)
-      Microsoft.Build.Framework (>= 18.0.2)
-      Microsoft.NET.StringTools (>= 18.0.2)
+      System.Security.Cryptography.ProtectedData (>= 9.0)
+    Microsoft.Build.Framework (17.14.28)
+    Microsoft.Build.Utilities.Core (17.14.28)
+      Microsoft.Build.Framework (>= 17.14.28)
+      Microsoft.NET.StringTools (>= 17.14.28)
+      System.Collections.Immutable (>= 9.0)
       System.Configuration.ConfigurationManager (>= 9.0)
       System.Diagnostics.EventLog (>= 9.0)
-      System.Security.Cryptography.ProtectedData (>= 9.0.6)
-    Microsoft.CodeAnalysis (5.0)
+      System.Security.Cryptography.ProtectedData (>= 9.0)
+    Microsoft.CodeAnalysis (4.14)
       Humanizer.Core (>= 2.14.1)
       Microsoft.Bcl.AsyncInterfaces (>= 9.0)
       Microsoft.CodeAnalysis.Analyzers (>= 3.11)
-      Microsoft.CodeAnalysis.CSharp.Workspaces (5.0)
-      Microsoft.CodeAnalysis.VisualBasic.Workspaces (5.0)
-      System.Buffers (>= 4.6)
+      Microsoft.CodeAnalysis.CSharp.Workspaces (4.14)
+      Microsoft.CodeAnalysis.VisualBasic.Workspaces (4.14)
+      System.Buffers (>= 4.5.1)
       System.Collections.Immutable (>= 9.0)
       System.Composition (>= 9.0)
       System.IO.Pipelines (>= 9.0)
-      System.Memory (>= 4.6)
-      System.Numerics.Vectors (>= 4.6)
+      System.Memory (>= 4.5.5)
+      System.Numerics.Vectors (>= 4.5)
       System.Reflection.Metadata (>= 9.0)
-      System.Runtime.CompilerServices.Unsafe (>= 6.1)
-      System.Text.Encoding.CodePages (>= 8.0)
-      System.Threading.Channels (>= 8.0)
-      System.Threading.Tasks.Extensions (>= 4.6)
+      System.Runtime.CompilerServices.Unsafe (>= 6.0)
+      System.Text.Encoding.CodePages (>= 7.0)
+      System.Threading.Channels (>= 7.0)
+      System.Threading.Tasks.Extensions (>= 4.5.4)
     Microsoft.CodeAnalysis.Analyzers (3.11)
-    Microsoft.CodeAnalysis.Common (5.0)
+    Microsoft.CodeAnalysis.Common (4.14)
       Microsoft.CodeAnalysis.Analyzers (>= 3.11)
-    Microsoft.CodeAnalysis.CSharp (5.0)
+      System.Collections.Immutable (>= 9.0)
+      System.Reflection.Metadata (>= 9.0)
+    Microsoft.CodeAnalysis.CSharp (4.14)
       Microsoft.CodeAnalysis.Analyzers (>= 3.11)
-      Microsoft.CodeAnalysis.Common (5.0)
-    Microsoft.CodeAnalysis.CSharp.Workspaces (5.0)
+      Microsoft.CodeAnalysis.Common (4.14)
+      System.Collections.Immutable (>= 9.0)
+      System.Reflection.Metadata (>= 9.0)
+    Microsoft.CodeAnalysis.CSharp.Workspaces (4.14)
       Humanizer.Core (>= 2.14.1)
       Microsoft.CodeAnalysis.Analyzers (>= 3.11)
-      Microsoft.CodeAnalysis.Common (5.0)
-      Microsoft.CodeAnalysis.CSharp (5.0)
-      Microsoft.CodeAnalysis.Workspaces.Common (5.0)
+      Microsoft.CodeAnalysis.Common (4.14)
+      Microsoft.CodeAnalysis.CSharp (4.14)
+      Microsoft.CodeAnalysis.Workspaces.Common (4.14)
+      System.Collections.Immutable (>= 9.0)
       System.Composition (>= 9.0)
-    Microsoft.CodeAnalysis.VisualBasic (5.0)
+      System.IO.Pipelines (>= 9.0)
+      System.Reflection.Metadata (>= 9.0)
+      System.Threading.Channels (>= 7.0)
+    Microsoft.CodeAnalysis.VisualBasic (4.14)
       Microsoft.CodeAnalysis.Analyzers (>= 3.11)
-      Microsoft.CodeAnalysis.Common (5.0)
-    Microsoft.CodeAnalysis.VisualBasic.Workspaces (5.0)
+      Microsoft.CodeAnalysis.Common (4.14)
+      System.Collections.Immutable (>= 9.0)
+      System.Reflection.Metadata (>= 9.0)
+    Microsoft.CodeAnalysis.VisualBasic.Workspaces (4.14)
       Humanizer.Core (>= 2.14.1)
       Microsoft.CodeAnalysis.Analyzers (>= 3.11)
-      Microsoft.CodeAnalysis.Common (5.0)
-      Microsoft.CodeAnalysis.VisualBasic (5.0)
-      Microsoft.CodeAnalysis.Workspaces.Common (5.0)
+      Microsoft.CodeAnalysis.Common (4.14)
+      Microsoft.CodeAnalysis.VisualBasic (4.14)
+      Microsoft.CodeAnalysis.Workspaces.Common (4.14)
+      System.Collections.Immutable (>= 9.0)
       System.Composition (>= 9.0)
-    Microsoft.CodeAnalysis.Workspaces.Common (5.0)
+      System.IO.Pipelines (>= 9.0)
+      System.Reflection.Metadata (>= 9.0)
+      System.Threading.Channels (>= 7.0)
+    Microsoft.CodeAnalysis.Workspaces.Common (4.14)
       Humanizer.Core (>= 2.14.1)
       Microsoft.CodeAnalysis.Analyzers (>= 3.11)
-      Microsoft.CodeAnalysis.Common (5.0)
+      Microsoft.CodeAnalysis.Common (4.14)
+      System.Collections.Immutable (>= 9.0)
       System.Composition (>= 9.0)
-    Microsoft.CodeCoverage (18.0.1)
-    Microsoft.Extensions.ObjectPool (10.0.1)
-    Microsoft.NET.StringTools (18.0.2)
-    Microsoft.NET.Test.Sdk (18.0.1)
-      Microsoft.CodeCoverage (>= 18.0.1)
-      Microsoft.TestPlatform.TestHost (>= 18.0.1)
-    Microsoft.TestPlatform.ObjectModel (18.0.1)
+      System.IO.Pipelines (>= 9.0)
+      System.Reflection.Metadata (>= 9.0)
+      System.Threading.Channels (>= 7.0)
+    Microsoft.CodeCoverage (18.0)
+    Microsoft.Extensions.ObjectPool (9.0.10)
+    Microsoft.NET.StringTools (17.14.28)
+    Microsoft.NET.Test.Sdk (18.0)
+      Microsoft.CodeCoverage (>= 18.0)
+      Microsoft.TestPlatform.TestHost (>= 18.0)
+    Microsoft.NETCore.Platforms (7.0.4)
+    Microsoft.NETCore.Targets (5.0)
+    Microsoft.TestPlatform.ObjectModel (18.0)
       System.Reflection.Metadata (>= 8.0)
-    Microsoft.TestPlatform.TestHost (18.0.1)
-      Microsoft.TestPlatform.ObjectModel (>= 18.0.1)
+    Microsoft.TestPlatform.TestHost (18.0)
+      Microsoft.TestPlatform.ObjectModel (>= 18.0)
       Newtonsoft.Json (>= 13.0.3)
-    Microsoft.VisualStudio.SolutionPersistence (1.0.52)
+    Microsoft.Win32.Primitives (4.3)
+      Microsoft.NETCore.Platforms (>= 1.1)
+      Microsoft.NETCore.Targets (>= 1.1)
+      System.Runtime (>= 4.3)
     Mono.Posix.NETStandard (1.0)
-    MSBuild.StructuredLogger (2.3.113)
+    MSBuild.StructuredLogger (2.3.71)
       Microsoft.Build.Framework (>= 17.5)
       Microsoft.Build.Utilities.Core (>= 17.5)
       System.Collections.Immutable (>= 8.0)
-    NaturalSort.Extension (4.4.1)
+    NaturalSort.Extension (4.4)
     Newtonsoft.Json (13.0.4)
     NuGet.Versioning (7.0.1)
     System.Buffers (4.6.1)
-    System.Collections.Immutable (10.0.1)
-    System.Composition (10.0.1)
-      System.Composition.AttributedModel (>= 10.0.1)
-      System.Composition.Convention (>= 10.0.1)
-      System.Composition.Hosting (>= 10.0.1)
-      System.Composition.Runtime (>= 10.0.1)
-      System.Composition.TypedParts (>= 10.0.1)
-    System.Composition.AttributedModel (10.0.1)
-    System.Composition.Convention (10.0.1)
-      System.Composition.AttributedModel (>= 10.0.1)
-    System.Composition.Hosting (10.0.1)
-      System.Composition.Runtime (>= 10.0.1)
-    System.Composition.Runtime (10.0.1)
-    System.Composition.TypedParts (10.0.1)
-      System.Composition.AttributedModel (>= 10.0.1)
-      System.Composition.Hosting (>= 10.0.1)
-      System.Composition.Runtime (>= 10.0.1)
-    System.Configuration.ConfigurationManager (10.0.1)
-      System.Diagnostics.EventLog (>= 10.0.1)
-      System.Security.Cryptography.ProtectedData (>= 10.0.1)
-    System.Diagnostics.EventLog (10.0.1)
-    System.IO.Pipelines (10.0.1)
+    System.Collections.Immutable (9.0.10)
+    System.Composition (9.0.10)
+      System.Composition.AttributedModel (>= 9.0.10)
+      System.Composition.Convention (>= 9.0.10)
+      System.Composition.Hosting (>= 9.0.10)
+      System.Composition.Runtime (>= 9.0.10)
+      System.Composition.TypedParts (>= 9.0.10)
+    System.Composition.AttributedModel (9.0.10)
+    System.Composition.Convention (9.0.10)
+      System.Composition.AttributedModel (>= 9.0.10)
+    System.Composition.Hosting (9.0.10)
+      System.Composition.Runtime (>= 9.0.10)
+    System.Composition.Runtime (9.0.10)
+    System.Composition.TypedParts (9.0.10)
+      System.Composition.AttributedModel (>= 9.0.10)
+      System.Composition.Hosting (>= 9.0.10)
+      System.Composition.Runtime (>= 9.0.10)
+    System.Configuration.ConfigurationManager (9.0.10)
+      System.Diagnostics.EventLog (>= 9.0.10)
+      System.Security.Cryptography.ProtectedData (>= 9.0.10)
+    System.Diagnostics.EventLog (9.0.10)
+    System.IO (4.3)
+      Microsoft.NETCore.Platforms (>= 1.1)
+      Microsoft.NETCore.Targets (>= 1.1)
+      System.Runtime (>= 4.3)
+      System.Text.Encoding (>= 4.3)
+      System.Threading.Tasks (>= 4.3)
+    System.IO.FileSystem (4.3)
+      Microsoft.NETCore.Platforms (>= 1.1)
+      Microsoft.NETCore.Targets (>= 1.1)
+      System.IO (>= 4.3)
+      System.IO.FileSystem.Primitives (>= 4.3)
+      System.Runtime (>= 4.3)
+      System.Runtime.Handles (>= 4.3)
+      System.Text.Encoding (>= 4.3)
+      System.Threading.Tasks (>= 4.3)
+    System.IO.FileSystem.Primitives (4.3)
+      System.Runtime (>= 4.3)
+    System.IO.Pipelines (9.0.10)
     System.Memory (4.6.3)
+    System.Net.Primitives (4.3.1)
+      Microsoft.NETCore.Platforms (>= 1.1.1)
+      Microsoft.NETCore.Targets (>= 1.1.3)
+      System.Runtime (>= 4.3.1)
+      System.Runtime.Handles (>= 4.3)
     System.Numerics.Vectors (4.6.1)
-    System.Reflection.Metadata (10.0.1)
-    System.Reflection.MetadataLoadContext (10.0.1)
+    System.Reflection.Metadata (9.0.10)
+    System.Reflection.MetadataLoadContext (9.0.10)
+    System.Runtime (4.3.1)
+      Microsoft.NETCore.Platforms (>= 1.1.1)
+      Microsoft.NETCore.Targets (>= 1.1.3)
     System.Runtime.CompilerServices.Unsafe (6.1.2)
-    System.Security.Cryptography.ProtectedData (10.0.1)
-    System.Text.Encoding.CodePages (10.0.1)
-    System.Threading.Channels (10.0.1)
+    System.Runtime.Handles (4.3)
+      Microsoft.NETCore.Platforms (>= 1.1)
+      Microsoft.NETCore.Targets (>= 1.1)
+      System.Runtime (>= 4.3)
+    System.Security.Cryptography.ProtectedData (9.0.10)
+    System.Security.Principal (4.3)
+      System.Runtime (>= 4.3)
+    System.Text.Encoding (4.3)
+      Microsoft.NETCore.Platforms (>= 1.1)
+      Microsoft.NETCore.Targets (>= 1.1)
+      System.Runtime (>= 4.3)
+    System.Text.Encoding.CodePages (9.0.10)
+    System.Threading.Channels (9.0.10)
+    System.Threading.Tasks (4.3)
+      Microsoft.NETCore.Platforms (>= 1.1)
+      Microsoft.NETCore.Targets (>= 1.1)
+      System.Runtime (>= 4.3)
     System.Threading.Tasks.Extensions (4.6.3)
+    System.Threading.ThreadPool (4.3)
+      System.Runtime (>= 4.3)
+      System.Runtime.Handles (>= 4.3)
     xunit (2.9.3)
       xunit.analyzers (>= 1.18)
       xunit.assert (>= 2.9.3)
       xunit.core (2.9.3)
     xunit.abstractions (2.0.3)
-    xunit.analyzers (1.26)
+    xunit.analyzers (1.24)
     xunit.assert (2.9.3)
     xunit.core (2.9.3)
       xunit.extensibility.core (2.9.3)

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 1.7.55
-
-No user-facing changes.
-
 ## 1.7.54
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.55.md

@@ -1,3 +0,0 @@
-## 1.7.55
-
-No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.55
+lastReleaseVersion: 1.7.54

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.56-dev
+version: 1.7.55-dev
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,7 +1,3 @@
-## 1.7.55
-
-No user-facing changes.
-
 ## 1.7.54
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.55.md

@@ -1,3 +0,0 @@
-## 1.7.55
-
-No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.55
+lastReleaseVersion: 1.7.54

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.56-dev
+version: 1.7.55-dev
 groups:
   - csharp
   - solorigate

csharp/ql/integration-tests/all-platforms/autobuild/global.json

@@ -1,5 +1,5 @@
 {
     "sdk": {
-        "version": "10.0.100"
+        "version": "9.0.304"
     }
 }

csharp/ql/integration-tests/all-platforms/autobuild_slnx/Files.expected

@@ -1,4 +0,0 @@
-| proj1/Program.cs:0:0:0:0 | proj1/Program.cs |
-| proj1/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | proj1/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
-| proj1/obj/Debug/net10.0/proj1.AssemblyInfo.cs:0:0:0:0 | proj1/obj/Debug/net10.0/proj1.AssemblyInfo.cs |
-| proj1/obj/Debug/net10.0/proj1.GlobalUsings.g.cs:0:0:0:0 | proj1/obj/Debug/net10.0/proj1.GlobalUsings.g.cs |

csharp/ql/integration-tests/all-platforms/autobuild_slnx/Files.ql

@@ -1,5 +0,0 @@
-import csharp
-
-from File f
-where f.fromSource()
-select f

csharp/ql/integration-tests/all-platforms/autobuild_slnx/autobuild_slnx.slnx

@@ -1,5 +0,0 @@
-<Solution>
-  <!-- proj2/proj2.csproj is deliberately excluded from this solution
-       to test that only proj1 is built from the .slnx file. -->
-  <Project Path="proj1/proj1.csproj" />
-</Solution>

csharp/ql/integration-tests/all-platforms/autobuild_slnx/global.json

@@ -1,5 +0,0 @@
-{
-    "sdk": {
-        "version": "10.0.100"
-    }
-}

csharp/ql/integration-tests/all-platforms/autobuild_slnx/proj1/Program.cs

@@ -1,2 +0,0 @@
-// See https://aka.ms/new-console-template for more information
-Console.WriteLine("Hello, World!");

csharp/ql/integration-tests/all-platforms/autobuild_slnx/proj1/proj1.csproj

@@ -1,10 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <PropertyGroup>
-    <OutputType>Exe</OutputType>
-    <TargetFramework>net10.0</TargetFramework>
-    <ImplicitUsings>enable</ImplicitUsings>
-    <Nullable>enable</Nullable>
-  </PropertyGroup>
-
-</Project>

csharp/ql/integration-tests/all-platforms/autobuild_slnx/proj2/Program.cs

@@ -1,2 +0,0 @@
-// See https://aka.ms/new-console-template for more information
-Console.WriteLine("Hello, World!");

csharp/ql/integration-tests/all-platforms/autobuild_slnx/proj2/proj2.csproj

@@ -1,10 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <PropertyGroup>
-    <OutputType>Exe</OutputType>
-    <TargetFramework>net10.0</TargetFramework>
-    <ImplicitUsings>enable</ImplicitUsings>
-    <Nullable>enable</Nullable>
-  </PropertyGroup>
-
-</Project>

csharp/ql/integration-tests/all-platforms/autobuild_slnx/test.py

@@ -1,3 +0,0 @@
-def test(codeql, csharp):
-    # Only proj1 is included in the solution, so only it should be built (and extracted).
-    codeql.database.create()

csharp/ql/integration-tests/all-platforms/binlog/Files.expected

@@ -1,10 +1,10 @@
 | a/A.cs:0:0:0:0 | a/A.cs |
-| a/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | a/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
-| a/obj/Debug/net10.0/test.AssemblyInfo.cs:0:0:0:0 | a/obj/Debug/net10.0/test.AssemblyInfo.cs |
-| a/obj/Debug/net10.0/test.GlobalUsings.g.cs:0:0:0:0 | a/obj/Debug/net10.0/test.GlobalUsings.g.cs |
+| a/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | a/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
+| a/obj/Debug/net9.0/test.AssemblyInfo.cs:0:0:0:0 | a/obj/Debug/net9.0/test.AssemblyInfo.cs |
+| a/obj/Debug/net9.0/test.GlobalUsings.g.cs:0:0:0:0 | a/obj/Debug/net9.0/test.GlobalUsings.g.cs |
 | b/B.cs:0:0:0:0 | b/B.cs |
-| b/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | b/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
-| b/obj/Debug/net10.0/test.AssemblyInfo.cs:0:0:0:0 | b/obj/Debug/net10.0/test.AssemblyInfo.cs |
-| b/obj/Debug/net10.0/test.GlobalUsings.g.cs:0:0:0:0 | b/obj/Debug/net10.0/test.GlobalUsings.g.cs |
-| generated/a/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/a/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
-| generated/b/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/b/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
+| b/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | b/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
+| b/obj/Debug/net9.0/test.AssemblyInfo.cs:0:0:0:0 | b/obj/Debug/net9.0/test.AssemblyInfo.cs |
+| b/obj/Debug/net9.0/test.GlobalUsings.g.cs:0:0:0:0 | b/obj/Debug/net9.0/test.GlobalUsings.g.cs |
+| generated/a/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/a/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
+| generated/b/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/b/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |

csharp/ql/integration-tests/all-platforms/binlog/a/test.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net10.0</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
   </PropertyGroup>

csharp/ql/integration-tests/all-platforms/binlog/b/test.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net10.0</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
   </PropertyGroup>

csharp/ql/integration-tests/all-platforms/binlog/global.json

@@ -1,5 +1,5 @@
 {
     "sdk": {
-        "version": "10.0.100"
+        "version": "9.0.304"
     }
 }

csharp/ql/integration-tests/all-platforms/binlog_multiple/Files.expected

@@ -1,10 +1,10 @@
 | a/A.cs:0:0:0:0 | a/A.cs |
-| a/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | a/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
-| a/obj/Debug/net10.0/test.AssemblyInfo.cs:0:0:0:0 | a/obj/Debug/net10.0/test.AssemblyInfo.cs |
-| a/obj/Debug/net10.0/test.GlobalUsings.g.cs:0:0:0:0 | a/obj/Debug/net10.0/test.GlobalUsings.g.cs |
+| a/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | a/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
+| a/obj/Debug/net9.0/test.AssemblyInfo.cs:0:0:0:0 | a/obj/Debug/net9.0/test.AssemblyInfo.cs |
+| a/obj/Debug/net9.0/test.GlobalUsings.g.cs:0:0:0:0 | a/obj/Debug/net9.0/test.GlobalUsings.g.cs |
 | b/B.cs:0:0:0:0 | b/B.cs |
-| b/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | b/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
-| b/obj/Debug/net10.0/test.AssemblyInfo.cs:0:0:0:0 | b/obj/Debug/net10.0/test.AssemblyInfo.cs |
-| b/obj/Debug/net10.0/test.GlobalUsings.g.cs:0:0:0:0 | b/obj/Debug/net10.0/test.GlobalUsings.g.cs |
-| generated/a/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/a/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
-| generated/b/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/b/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
+| b/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | b/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
+| b/obj/Debug/net9.0/test.AssemblyInfo.cs:0:0:0:0 | b/obj/Debug/net9.0/test.AssemblyInfo.cs |
+| b/obj/Debug/net9.0/test.GlobalUsings.g.cs:0:0:0:0 | b/obj/Debug/net9.0/test.GlobalUsings.g.cs |
+| generated/a/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/a/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
+| generated/b/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/b/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |

csharp/ql/integration-tests/all-platforms/binlog_multiple/a/test.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net10.0</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
   </PropertyGroup>

csharp/ql/integration-tests/all-platforms/binlog_multiple/b/test.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>net10.0</TargetFramework>
+    <TargetFramework>net9.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
   </PropertyGroup>

csharp/ql/integration-tests/all-platforms/binlog_multiple/global.json

@@ -1,5 +1,5 @@
 {
     "sdk": {
-        "version": "10.0.100"
+        "version": "9.0.304"
     }
 }