Java: update @id of experimental ExecTainted.ql query

Revert "Java: remove duplicate query"
This reverts commit 0b59e408ba.
2026-06-03 04:40:14 +02:00 · 2021-06-28 13:18:25 +02:00 · 2021-06-28 13:15:10 +02:00 · 2021-06-28 12:29:54 +02:00
210 changed files with 13190 additions and 22657 deletions
--- a/.github/workflows/csv-coverage-pr-artifacts.yml
+++ b/.github/workflows/csv-coverage-pr-artifacts.yml
@@ -49,23 +49,19 @@ jobs:
         gh release download --repo "github/codeql-cli-binaries" --pattern "codeql-linux64.zip"
    - name: Unzip CodeQL CLI
      run: unzip -d codeql-cli codeql-linux64.zip
-    - name: Generate CSV files on merge commit of the PR
+    - name: Generate CSV files on merge and base of the PR
      run: |
        echo "Running generator on merge"
        PATH="$PATH:codeql-cli/codeql" python merge/misc/scripts/library-coverage/generate-report.py ci merge merge
        mkdir out_merge
        cp framework-coverage-*.csv out_merge/
        cp framework-coverage-*.rst out_merge/
-    - name: Generate CSV files on base commit of the PR
-      run: |
+
        echo "Running generator on base"
        PATH="$PATH:codeql-cli/codeql" python base/misc/scripts/library-coverage/generate-report.py ci base base
        mkdir out_base
        cp framework-coverage-*.csv out_base/
        cp framework-coverage-*.rst out_base/
-    - name: Generate diff of coverage reports
-      run: |
-        python base/misc/scripts/library-coverage/compare-folders.py out_base out_merge comparison.md
    - name: Upload CSV package list
      uses: actions/upload-artifact@v2
      with:
@@ -80,12 +76,6 @@ jobs:
        path: |
          out_base/framework-coverage-*.csv
          out_base/framework-coverage-*.rst
-    - name: Upload comparison results
-      uses: actions/upload-artifact@v2
-      with:
-        name: comparison
-        path: |
-          comparison.md
    - name: Save PR number
      run: |
        mkdir -p pr
--- a/.github/workflows/csv-coverage-pr-comment.yml
+++ b/.github/workflows/csv-coverage-pr-comment.yml
@@ -26,9 +26,40 @@ jobs:
      with:
        python-version: 3.8

-    - name: Check coverage difference file and comment
+    # download artifacts from the PR job:
+
+    - name: Download artifact - MERGE
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        RUN_ID: ${{ github.event.workflow_run.id }}
      run: |
-        python misc/scripts/library-coverage/comment-pr.py "$GITHUB_REPOSITORY" "$RUN_ID"
+        gh run download --name "csv-framework-coverage-merge" --dir "out_merge" "$RUN_ID"
+
+    - name: Download artifact - BASE
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        RUN_ID: ${{ github.event.workflow_run.id }}
+      run: |
+        gh run download --name "csv-framework-coverage-base" --dir "out_base" "$RUN_ID"
+
+    - name: Download artifact - PR
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        RUN_ID: ${{ github.event.workflow_run.id }}
+      run: |
+        gh run download --name "pr" --dir "pr" "$RUN_ID"
+
+    - name: Check coverage files
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        RUN_ID: ${{ github.event.workflow_run.id }}
+      run: |
+        PR=$(cat "pr/NR")
+        python misc/scripts/library-coverage/compare-files-comment-pr.py \
+          out_base out_merge comparison.md "$GITHUB_REPOSITORY" "$PR" "$RUN_ID"
+    - name: Upload comparison results
+      uses: actions/upload-artifact@v2
+      with:
+        name: comparison
+        path: |
+          comparison.md
--- a/.github/workflows/csv-coverage-update.yml
+++ b/.github/workflows/csv-coverage-update.yml
@@ -1,44 +0,0 @@
-name: Update framework coverage reports
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 0 * * *"
-
-jobs:
-  update:
-    name: Update framework coverage report
-    if: github.event.repository.fork == false
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Dump GitHub context
-      env:
-        GITHUB_CONTEXT: ${{ toJSON(github.event) }}
-      run: echo "$GITHUB_CONTEXT"
-    - name: Clone self (github/codeql)
-      uses: actions/checkout@v2
-      with:
-        path: ql
-        fetch-depth: 0
-    - name: Set up Python 3.8
-      uses: actions/setup-python@v2
-      with:
-        python-version: 3.8
-    - name: Download CodeQL CLI
-      env:
-         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-         gh release download --repo "github/codeql-cli-binaries" --pattern "codeql-linux64.zip"
-    - name: Unzip CodeQL CLI
-      run: unzip -d codeql-cli codeql-linux64.zip
-
-    - name: Generate coverage files
-      run: |
-        PATH="$PATH:codeql-cli/codeql" python ql/misc/scripts/library-coverage/generate-report.py ci ql ql
-
-    - name: Create pull request with changes
-      env:
-         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      run: |
-        python ql/misc/scripts/library-coverage/create-pr.py ql "$GITHUB_REPOSITORY"
--- a/cpp/change-notes/2021-06-24-dataflow-implicit-reads.md
+++ b/cpp/change-notes/2021-06-24-dataflow-implicit-reads.md
@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The DataFlow libraries have been augmented with support for `Configuration`-specific in-place read steps at, for example, sinks and custom taint steps. This means that it is now possible to specify sinks that accept flow with non-empty access paths.
--- a/cpp/ql/src/Summary/LinesOfCode.ql
+++ b/cpp/ql/src/Summary/LinesOfCode.ql
@@ -4,6 +4,7 @@
 * @description The total number of lines of C/C++ code across all files, including system headers, libraries, and auto-generated files. This is a useful metric of the size of a database. For all files that were seen during the build, this query counts the lines of code, excluding whitespace or comments.
 * @kind metric
 * @tags summary
+ *       lines-of-code
 */

 import cpp
--- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll
+++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll
--- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
+++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
--- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
+++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
--- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
+++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
--- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll
+++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll
@@ -724,6 +724,7 @@ private module Cached {
    Node node1, Content c, Node node2, DataFlowType contentType, DataFlowType containerType
  ) {
    storeStep(node1, c, node2) and
+    read(_, c, _) and
    contentType = getNodeDataFlowType(node1) and
    containerType = getNodeDataFlowType(node2)
    or
--- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
+++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
--- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll
+++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll
@@ -133,6 +133,46 @@ OutNode getAnOutNode(DataFlowCall call, ReturnKind kind) {
 */
 predicate jumpStep(Node n1, Node n2) { none() }

+private newtype TContent =
+  TFieldContent(Field f) or
+  TCollectionContent() or
+  TArrayContent()
+
+/**
+ * A reference contained in an object. Examples include instance fields, the
+ * contents of a collection object, or the contents of an array.
+ */
+class Content extends TContent {
+  /** Gets a textual representation of this element. */
+  abstract string toString();
+
+  predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
+    path = "" and sl = 0 and sc = 0 and el = 0 and ec = 0
+  }
+}
+
+private class FieldContent extends Content, TFieldContent {
+  Field f;
+
+  FieldContent() { this = TFieldContent(f) }
+
+  Field getField() { result = f }
+
+  override string toString() { result = f.toString() }
+
+  override predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
+    f.getLocation().hasLocationInfo(path, sl, sc, el, ec)
+  }
+}
+
+private class CollectionContent extends Content, TCollectionContent {
+  override string toString() { result = "collection" }
+}
+
+private class ArrayContent extends Content, TArrayContent {
+  override string toString() { result = "array" }
+}
+
 /**
 * Holds if data can flow from `node1` to `node2` via an assignment to `f`.
 * Thus, `node2` references an object with a field `f` that contains the
--- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll
+++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowUtil.qll
@@ -768,50 +768,6 @@ VariableAccess getAnAccessToAssignedVariable(Expr assign) {
  )
 }

-private newtype TContent =
-  TFieldContent(Field f) or
-  TCollectionContent() or
-  TArrayContent()
-
-/**
- * A description of the way data may be stored inside an object. Examples
- * include instance fields, the contents of a collection object, or the contents
- * of an array.
- */
-class Content extends TContent {
-  /** Gets a textual representation of this element. */
-  abstract string toString();
-
-  predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
-    path = "" and sl = 0 and sc = 0 and el = 0 and ec = 0
-  }
-}
-
-/** A reference through an instance field. */
-class FieldContent extends Content, TFieldContent {
-  Field f;
-
-  FieldContent() { this = TFieldContent(f) }
-
-  Field getField() { result = f }
-
-  override string toString() { result = f.toString() }
-
-  override predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
-    f.getLocation().hasLocationInfo(path, sl, sc, el, ec)
-  }
-}
-
-/** A reference through an array. */
-private class ArrayContent extends Content, TArrayContent {
-  override string toString() { result = "[]" }
-}
-
-/** A reference through the contents of some collection-like container. */
-private class CollectionContent extends Content, TCollectionContent {
-  override string toString() { result = "<element>" }
-}
-
 /**
 * A guard that validates some expression.
 *
--- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll
+++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/TaintTrackingUtil.qll
@@ -34,13 +34,6 @@ predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) {
  localAdditionalTaintStep(src, sink)
 }

-/**
- * Holds if default `TaintTracking::Configuration`s should allow implicit reads
- * of `c` at sinks and inputs to additional taint steps.
- */
-bindingset[node]
-predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() }
-
 /**
 * Holds if `node` should be a sanitizer in all global taint flow configurations
 * but not in local taint.
--- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
+++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
@@ -105,11 +105,6 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
-    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
-    defaultImplicitTaintRead(node, c)
-  }
-
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
+++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
@@ -105,11 +105,6 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
-    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
-    defaultImplicitTaintRead(node, c)
-  }
-
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll
@@ -724,6 +724,7 @@ private module Cached {
    Node node1, Content c, Node node2, DataFlowType contentType, DataFlowType containerType
  ) {
    storeStep(node1, c, node2) and
+    read(_, c, _) and
    contentType = getNodeDataFlowType(node1) and
    containerType = getNodeDataFlowType(node2)
    or
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
@@ -184,6 +184,64 @@ OutNode getAnOutNode(DataFlowCall call, ReturnKind kind) {
 */
 predicate jumpStep(Node n1, Node n2) { none() }

+/**
+ * Gets a field corresponding to the bit range `[startBit..endBit)` of class `c`, if any.
+ */
+private Field getAField(Class c, int startBit, int endBit) {
+  result.getDeclaringType() = c and
+  startBit = 8 * result.getByteOffset() and
+  endBit = 8 * result.getType().getSize() + startBit
+  or
+  exists(Field f, Class cInner |
+    f = c.getAField() and
+    cInner = f.getUnderlyingType() and
+    result = getAField(cInner, startBit - 8 * f.getByteOffset(), endBit - 8 * f.getByteOffset())
+  )
+}
+
+private newtype TContent =
+  TFieldContent(Class c, int startBit, int endBit) { exists(getAField(c, startBit, endBit)) } or
+  TCollectionContent() or
+  TArrayContent()
+
+/**
+ * A reference contained in an object. Examples include instance fields, the
+ * contents of a collection object, or the contents of an array.
+ */
+class Content extends TContent {
+  /** Gets a textual representation of this element. */
+  abstract string toString();
+
+  predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
+    path = "" and sl = 0 and sc = 0 and el = 0 and ec = 0
+  }
+}
+
+private class FieldContent extends Content, TFieldContent {
+  Class c;
+  int startBit;
+  int endBit;
+
+  FieldContent() { this = TFieldContent(c, startBit, endBit) }
+
+  // Ensure that there's just 1 result for `toString`.
+  override string toString() { result = min(Field f | f = getAField() | f.toString()) }
+
+  predicate hasOffset(Class cl, int start, int end) { cl = c and start = startBit and end = endBit }
+
+  Field getAField() { result = getAField(c, startBit, endBit) }
+}
+
+private class CollectionContent extends Content, TCollectionContent {
+  override string toString() { result = "collection" }
+}
+
+private class ArrayContent extends Content, TArrayContent {
+  ArrayContent() { this = TArrayContent() }
+
+  override string toString() { result = "array content" }
+}
+
 private predicate fieldStoreStepNoChi(Node node1, FieldContent f, PostUpdateNode node2) {
  exists(StoreInstruction store, Class c |
    store = node2.asInstruction() and
@@ -230,7 +288,7 @@ private predicate fieldStoreStepChi(Node node1, FieldContent f, PostUpdateNode n
 }

 private predicate arrayStoreStepChi(Node node1, ArrayContent a, PostUpdateNode node2) {
-  exists(a) and
+  a = TArrayContent() and
  exists(ChiPartialOperand operand, ChiInstruction chi, StoreInstruction store |
    chi.getPartialOperand() = operand and
    store = operand.getDef() and
@@ -325,7 +383,7 @@ private predicate fieldReadStep(Node node1, FieldContent f, Node node2) {
 * predicate in `storeStep` ensures that we push the right `FieldContent` onto the access path.
 */
 predicate suppressArrayRead(Node node1, ArrayContent a, Node node2) {
-  exists(a) and
+  a = TArrayContent() and
  exists(WriteSideEffectInstruction write, ChiInstruction chi |
    node1.asInstruction() = write and
    node2.asInstruction() = chi and
@@ -354,7 +412,7 @@ private Instruction skipCopyValueInstructions(Operand op) {
 }

 private predicate arrayReadStep(Node node1, ArrayContent a, Node node2) {
-  exists(a) and
+  a = TArrayContent() and
  // Explicit dereferences such as `*p` or `p[i]` where `p` is a pointer or array.
  exists(LoadOperand operand, Instruction address |
    operand.isDefinitionInexact() and
@@ -385,7 +443,7 @@ private predicate arrayReadStep(Node node1, ArrayContent a, Node node2) {
 * from the access path.
 */
 private predicate exactReadStep(Node node1, ArrayContent a, Node node2) {
-  exists(a) and
+  a = TArrayContent() and
  exists(WriteSideEffectInstruction write, ChiInstruction chi |
    not chi.isResultConflated() and
    chi.getPartial() = write and
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -788,66 +788,6 @@ predicate localInstructionFlow(Instruction e1, Instruction e2) {
 */
 predicate localExprFlow(Expr e1, Expr e2) { localFlow(exprNode(e1), exprNode(e2)) }

-/**
- * Gets a field corresponding to the bit range `[startBit..endBit)` of class `c`, if any.
- */
-private Field getAField(Class c, int startBit, int endBit) {
-  result.getDeclaringType() = c and
-  startBit = 8 * result.getByteOffset() and
-  endBit = 8 * result.getType().getSize() + startBit
-  or
-  exists(Field f, Class cInner |
-    f = c.getAField() and
-    cInner = f.getUnderlyingType() and
-    result = getAField(cInner, startBit - 8 * f.getByteOffset(), endBit - 8 * f.getByteOffset())
-  )
-}
-
-private newtype TContent =
-  TFieldContent(Class c, int startBit, int endBit) { exists(getAField(c, startBit, endBit)) } or
-  TCollectionContent() or
-  TArrayContent()
-
-/**
- * A description of the way data may be stored inside an object. Examples
- * include instance fields, the contents of a collection object, or the contents
- * of an array.
- */
-class Content extends TContent {
-  /** Gets a textual representation of this element. */
-  abstract string toString();
-
-  predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
-    path = "" and sl = 0 and sc = 0 and el = 0 and ec = 0
-  }
-}
-
-/** A reference through an instance field. */
-class FieldContent extends Content, TFieldContent {
-  Class c;
-  int startBit;
-  int endBit;
-
-  FieldContent() { this = TFieldContent(c, startBit, endBit) }
-
-  // Ensure that there's just 1 result for `toString`.
-  override string toString() { result = min(Field f | f = getAField() | f.toString()) }
-
-  predicate hasOffset(Class cl, int start, int end) { cl = c and start = startBit and end = endBit }
-
-  Field getAField() { result = getAField(c, startBit, endBit) }
-}
-
-/** A reference through an array. */
-class ArrayContent extends Content, TArrayContent {
-  override string toString() { result = "[]" }
-}
-
-/** A reference through the contents of some collection-like container. */
-private class CollectionContent extends Content, TCollectionContent {
-  override string toString() { result = "<element>" }
-}
-
 /**
 * A guard that validates some instruction.
 *
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
@@ -151,13 +151,6 @@ predicate defaultAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) {
  localAdditionalTaintStep(src, sink)
 }

-/**
- * Holds if default `TaintTracking::Configuration`s should allow implicit reads
- * of `c` at sinks and inputs to additional taint steps.
- */
-bindingset[node]
-predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() }
-
 /**
 * Holds if `node` should be a sanitizer in all global taint flow configurations
 * but not in local taint.
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
@@ -105,11 +105,6 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
-    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
-    defaultImplicitTaintRead(node, c)
-  }
-
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
@@ -105,11 +105,6 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
-    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
-    defaultImplicitTaintRead(node, c)
-  }
-
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/tainttracking3/TaintTrackingImpl.qll
@@ -105,11 +105,6 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
-    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
-    defaultImplicitTaintRead(node, c)
-  }
-
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
+++ b/cpp/ql/test/library-tests/dataflow/fields/ir-path-flow.expected
@@ -58,29 +58,29 @@ edges
 | aliasing.cpp:98:3:98:21 | Chi [m1] | aliasing.cpp:100:14:100:14 | Store [m1] |
 | aliasing.cpp:98:10:98:19 | call to user_input | aliasing.cpp:98:3:98:21 | Chi [m1] |
 | aliasing.cpp:100:14:100:14 | Store [m1] | aliasing.cpp:102:8:102:10 | * ... |
-| aliasing.cpp:106:3:106:20 | Chi [[]] | aliasing.cpp:121:15:121:16 | taint_a_ptr output argument [[]] |
-| aliasing.cpp:106:3:106:20 | Chi [[]] | aliasing.cpp:131:15:131:16 | taint_a_ptr output argument [[]] |
-| aliasing.cpp:106:3:106:20 | Chi [[]] | aliasing.cpp:136:15:136:17 | taint_a_ptr output argument [[]] |
-| aliasing.cpp:106:3:106:20 | Chi [[]] | aliasing.cpp:175:15:175:22 | taint_a_ptr output argument [[]] |
-| aliasing.cpp:106:3:106:20 | Chi [[]] | aliasing.cpp:187:15:187:22 | taint_a_ptr output argument [[]] |
-| aliasing.cpp:106:3:106:20 | Chi [[]] | aliasing.cpp:200:15:200:24 | taint_a_ptr output argument [[]] |
-| aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:106:3:106:20 | Chi [[]] |
-| aliasing.cpp:121:15:121:16 | Chi [[]] | aliasing.cpp:122:8:122:12 | access to array |
-| aliasing.cpp:121:15:121:16 | taint_a_ptr output argument [[]] | aliasing.cpp:121:15:121:16 | Chi [[]] |
-| aliasing.cpp:131:15:131:16 | Chi [[]] | aliasing.cpp:132:8:132:14 | * ... |
-| aliasing.cpp:131:15:131:16 | taint_a_ptr output argument [[]] | aliasing.cpp:131:15:131:16 | Chi [[]] |
-| aliasing.cpp:136:15:136:17 | Chi [[]] | aliasing.cpp:137:8:137:11 | * ... |
-| aliasing.cpp:136:15:136:17 | taint_a_ptr output argument [[]] | aliasing.cpp:136:15:136:17 | Chi [[]] |
+| aliasing.cpp:106:3:106:20 | Chi [array content] | aliasing.cpp:121:15:121:16 | taint_a_ptr output argument [array content] |
+| aliasing.cpp:106:3:106:20 | Chi [array content] | aliasing.cpp:131:15:131:16 | taint_a_ptr output argument [array content] |
+| aliasing.cpp:106:3:106:20 | Chi [array content] | aliasing.cpp:136:15:136:17 | taint_a_ptr output argument [array content] |
+| aliasing.cpp:106:3:106:20 | Chi [array content] | aliasing.cpp:175:15:175:22 | taint_a_ptr output argument [array content] |
+| aliasing.cpp:106:3:106:20 | Chi [array content] | aliasing.cpp:187:15:187:22 | taint_a_ptr output argument [array content] |
+| aliasing.cpp:106:3:106:20 | Chi [array content] | aliasing.cpp:200:15:200:24 | taint_a_ptr output argument [array content] |
+| aliasing.cpp:106:9:106:18 | call to user_input | aliasing.cpp:106:3:106:20 | Chi [array content] |
+| aliasing.cpp:121:15:121:16 | Chi [array content] | aliasing.cpp:122:8:122:12 | access to array |
+| aliasing.cpp:121:15:121:16 | taint_a_ptr output argument [array content] | aliasing.cpp:121:15:121:16 | Chi [array content] |
+| aliasing.cpp:131:15:131:16 | Chi [array content] | aliasing.cpp:132:8:132:14 | * ... |
+| aliasing.cpp:131:15:131:16 | taint_a_ptr output argument [array content] | aliasing.cpp:131:15:131:16 | Chi [array content] |
+| aliasing.cpp:136:15:136:17 | Chi [array content] | aliasing.cpp:137:8:137:11 | * ... |
+| aliasing.cpp:136:15:136:17 | taint_a_ptr output argument [array content] | aliasing.cpp:136:15:136:17 | Chi [array content] |
 | aliasing.cpp:175:15:175:22 | Chi | aliasing.cpp:175:15:175:22 | Chi [m1] |
 | aliasing.cpp:175:15:175:22 | Chi [m1] | aliasing.cpp:176:13:176:14 | m1 |
-| aliasing.cpp:175:15:175:22 | taint_a_ptr output argument [[]] | aliasing.cpp:175:15:175:22 | Chi |
+| aliasing.cpp:175:15:175:22 | taint_a_ptr output argument [array content] | aliasing.cpp:175:15:175:22 | Chi |
 | aliasing.cpp:187:15:187:22 | Chi | aliasing.cpp:187:15:187:22 | Chi [m1] |
 | aliasing.cpp:187:15:187:22 | Chi [m1] | aliasing.cpp:188:13:188:14 | Store [m1] |
-| aliasing.cpp:187:15:187:22 | taint_a_ptr output argument [[]] | aliasing.cpp:187:15:187:22 | Chi |
+| aliasing.cpp:187:15:187:22 | taint_a_ptr output argument [array content] | aliasing.cpp:187:15:187:22 | Chi |
 | aliasing.cpp:188:13:188:14 | Store [m1] | aliasing.cpp:189:15:189:16 | m1 |
 | aliasing.cpp:200:15:200:24 | Chi | aliasing.cpp:200:15:200:24 | Chi [m1] |
 | aliasing.cpp:200:15:200:24 | Chi [m1] | aliasing.cpp:201:15:201:16 | m1 |
-| aliasing.cpp:200:15:200:24 | taint_a_ptr output argument [[]] | aliasing.cpp:200:15:200:24 | Chi |
+| aliasing.cpp:200:15:200:24 | taint_a_ptr output argument [array content] | aliasing.cpp:200:15:200:24 | Chi |
 | arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:7:8:7:13 | access to array |
 | arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:9:8:9:11 | * ... |
 | arrays.cpp:6:12:6:21 | call to user_input | arrays.cpp:10:8:10:15 | * ... |
@@ -108,32 +108,32 @@ edges
 | by_reference.cpp:88:3:88:24 | Chi [a] | by_reference.cpp:122:21:122:38 | taint_inner_a_ref output argument [a] |
 | by_reference.cpp:88:3:88:24 | Chi [a] | by_reference.cpp:126:21:126:40 | taint_inner_a_ref output argument [a] |
 | by_reference.cpp:88:13:88:22 | call to user_input | by_reference.cpp:88:3:88:24 | Chi [a] |
-| by_reference.cpp:92:3:92:20 | Chi [[]] | by_reference.cpp:104:15:104:22 | taint_a_ptr output argument [[]] |
-| by_reference.cpp:92:3:92:20 | Chi [[]] | by_reference.cpp:108:15:108:24 | taint_a_ptr output argument [[]] |
-| by_reference.cpp:92:9:92:18 | call to user_input | by_reference.cpp:92:3:92:20 | Chi [[]] |
-| by_reference.cpp:96:3:96:19 | Chi [[]] | by_reference.cpp:124:15:124:21 | taint_a_ref output argument [[]] |
-| by_reference.cpp:96:3:96:19 | Chi [[]] | by_reference.cpp:128:15:128:23 | taint_a_ref output argument [[]] |
-| by_reference.cpp:96:8:96:17 | call to user_input | by_reference.cpp:96:3:96:19 | Chi [[]] |
+| by_reference.cpp:92:3:92:20 | Chi [array content] | by_reference.cpp:104:15:104:22 | taint_a_ptr output argument [array content] |
+| by_reference.cpp:92:3:92:20 | Chi [array content] | by_reference.cpp:108:15:108:24 | taint_a_ptr output argument [array content] |
+| by_reference.cpp:92:9:92:18 | call to user_input | by_reference.cpp:92:3:92:20 | Chi [array content] |
+| by_reference.cpp:96:3:96:19 | Chi [array content] | by_reference.cpp:124:15:124:21 | taint_a_ref output argument [array content] |
+| by_reference.cpp:96:3:96:19 | Chi [array content] | by_reference.cpp:128:15:128:23 | taint_a_ref output argument [array content] |
+| by_reference.cpp:96:8:96:17 | call to user_input | by_reference.cpp:96:3:96:19 | Chi [array content] |
 | by_reference.cpp:102:21:102:39 | Chi [a] | by_reference.cpp:110:27:110:27 | a |
 | by_reference.cpp:102:21:102:39 | taint_inner_a_ptr output argument [a] | by_reference.cpp:102:21:102:39 | Chi [a] |
 | by_reference.cpp:104:15:104:22 | Chi | by_reference.cpp:104:15:104:22 | Chi [a] |
 | by_reference.cpp:104:15:104:22 | Chi [a] | by_reference.cpp:112:14:112:14 | a |
-| by_reference.cpp:104:15:104:22 | taint_a_ptr output argument [[]] | by_reference.cpp:104:15:104:22 | Chi |
+| by_reference.cpp:104:15:104:22 | taint_a_ptr output argument [array content] | by_reference.cpp:104:15:104:22 | Chi |
 | by_reference.cpp:106:21:106:41 | Chi [a] | by_reference.cpp:114:29:114:29 | a |
 | by_reference.cpp:106:21:106:41 | taint_inner_a_ptr output argument [a] | by_reference.cpp:106:21:106:41 | Chi [a] |
 | by_reference.cpp:108:15:108:24 | Chi | by_reference.cpp:108:15:108:24 | Chi [a] |
 | by_reference.cpp:108:15:108:24 | Chi [a] | by_reference.cpp:116:16:116:16 | a |
-| by_reference.cpp:108:15:108:24 | taint_a_ptr output argument [[]] | by_reference.cpp:108:15:108:24 | Chi |
+| by_reference.cpp:108:15:108:24 | taint_a_ptr output argument [array content] | by_reference.cpp:108:15:108:24 | Chi |
 | by_reference.cpp:122:21:122:38 | Chi [a] | by_reference.cpp:130:27:130:27 | a |
 | by_reference.cpp:122:21:122:38 | taint_inner_a_ref output argument [a] | by_reference.cpp:122:21:122:38 | Chi [a] |
 | by_reference.cpp:124:15:124:21 | Chi | by_reference.cpp:124:15:124:21 | Chi [a] |
 | by_reference.cpp:124:15:124:21 | Chi [a] | by_reference.cpp:132:14:132:14 | a |
-| by_reference.cpp:124:15:124:21 | taint_a_ref output argument [[]] | by_reference.cpp:124:15:124:21 | Chi |
+| by_reference.cpp:124:15:124:21 | taint_a_ref output argument [array content] | by_reference.cpp:124:15:124:21 | Chi |
 | by_reference.cpp:126:21:126:40 | Chi [a] | by_reference.cpp:134:29:134:29 | a |
 | by_reference.cpp:126:21:126:40 | taint_inner_a_ref output argument [a] | by_reference.cpp:126:21:126:40 | Chi [a] |
 | by_reference.cpp:128:15:128:23 | Chi | by_reference.cpp:128:15:128:23 | Chi [a] |
 | by_reference.cpp:128:15:128:23 | Chi [a] | by_reference.cpp:136:16:136:16 | a |
-| by_reference.cpp:128:15:128:23 | taint_a_ref output argument [[]] | by_reference.cpp:128:15:128:23 | Chi |
+| by_reference.cpp:128:15:128:23 | taint_a_ref output argument [array content] | by_reference.cpp:128:15:128:23 | Chi |
 | complex.cpp:40:17:40:17 | *b [a_] | complex.cpp:42:16:42:16 | f indirection [a_] |
 | complex.cpp:40:17:40:17 | *b [b_] | complex.cpp:42:16:42:16 | f indirection [b_] |
 | complex.cpp:40:17:40:17 | *b [b_] | complex.cpp:43:16:43:16 | f indirection [b_] |
@@ -304,29 +304,29 @@ nodes
 | aliasing.cpp:98:10:98:19 | call to user_input | semmle.label | call to user_input |
 | aliasing.cpp:100:14:100:14 | Store [m1] | semmle.label | Store [m1] |
 | aliasing.cpp:102:8:102:10 | * ... | semmle.label | * ... |
-| aliasing.cpp:106:3:106:20 | Chi [[]] | semmle.label | Chi [[]] |
+| aliasing.cpp:106:3:106:20 | Chi [array content] | semmle.label | Chi [array content] |
 | aliasing.cpp:106:9:106:18 | call to user_input | semmle.label | call to user_input |
-| aliasing.cpp:121:15:121:16 | Chi [[]] | semmle.label | Chi [[]] |
-| aliasing.cpp:121:15:121:16 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] |
+| aliasing.cpp:121:15:121:16 | Chi [array content] | semmle.label | Chi [array content] |
+| aliasing.cpp:121:15:121:16 | taint_a_ptr output argument [array content] | semmle.label | taint_a_ptr output argument [array content] |
 | aliasing.cpp:122:8:122:12 | access to array | semmle.label | access to array |
-| aliasing.cpp:131:15:131:16 | Chi [[]] | semmle.label | Chi [[]] |
-| aliasing.cpp:131:15:131:16 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] |
+| aliasing.cpp:131:15:131:16 | Chi [array content] | semmle.label | Chi [array content] |
+| aliasing.cpp:131:15:131:16 | taint_a_ptr output argument [array content] | semmle.label | taint_a_ptr output argument [array content] |
 | aliasing.cpp:132:8:132:14 | * ... | semmle.label | * ... |
-| aliasing.cpp:136:15:136:17 | Chi [[]] | semmle.label | Chi [[]] |
-| aliasing.cpp:136:15:136:17 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] |
+| aliasing.cpp:136:15:136:17 | Chi [array content] | semmle.label | Chi [array content] |
+| aliasing.cpp:136:15:136:17 | taint_a_ptr output argument [array content] | semmle.label | taint_a_ptr output argument [array content] |
 | aliasing.cpp:137:8:137:11 | * ... | semmle.label | * ... |
 | aliasing.cpp:175:15:175:22 | Chi | semmle.label | Chi |
 | aliasing.cpp:175:15:175:22 | Chi [m1] | semmle.label | Chi [m1] |
-| aliasing.cpp:175:15:175:22 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] |
+| aliasing.cpp:175:15:175:22 | taint_a_ptr output argument [array content] | semmle.label | taint_a_ptr output argument [array content] |
 | aliasing.cpp:176:13:176:14 | m1 | semmle.label | m1 |
 | aliasing.cpp:187:15:187:22 | Chi | semmle.label | Chi |
 | aliasing.cpp:187:15:187:22 | Chi [m1] | semmle.label | Chi [m1] |
-| aliasing.cpp:187:15:187:22 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] |
+| aliasing.cpp:187:15:187:22 | taint_a_ptr output argument [array content] | semmle.label | taint_a_ptr output argument [array content] |
 | aliasing.cpp:188:13:188:14 | Store [m1] | semmle.label | Store [m1] |
 | aliasing.cpp:189:15:189:16 | m1 | semmle.label | m1 |
 | aliasing.cpp:200:15:200:24 | Chi | semmle.label | Chi |
 | aliasing.cpp:200:15:200:24 | Chi [m1] | semmle.label | Chi [m1] |
-| aliasing.cpp:200:15:200:24 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] |
+| aliasing.cpp:200:15:200:24 | taint_a_ptr output argument [array content] | semmle.label | taint_a_ptr output argument [array content] |
 | aliasing.cpp:201:15:201:16 | m1 | semmle.label | m1 |
 | arrays.cpp:6:12:6:21 | call to user_input | semmle.label | call to user_input |
 | arrays.cpp:7:8:7:13 | access to array | semmle.label | access to array |
@@ -360,20 +360,20 @@ nodes
 | by_reference.cpp:84:14:84:23 | call to user_input | semmle.label | call to user_input |
 | by_reference.cpp:88:3:88:24 | Chi [a] | semmle.label | Chi [a] |
 | by_reference.cpp:88:13:88:22 | call to user_input | semmle.label | call to user_input |
-| by_reference.cpp:92:3:92:20 | Chi [[]] | semmle.label | Chi [[]] |
+| by_reference.cpp:92:3:92:20 | Chi [array content] | semmle.label | Chi [array content] |
 | by_reference.cpp:92:9:92:18 | call to user_input | semmle.label | call to user_input |
-| by_reference.cpp:96:3:96:19 | Chi [[]] | semmle.label | Chi [[]] |
+| by_reference.cpp:96:3:96:19 | Chi [array content] | semmle.label | Chi [array content] |
 | by_reference.cpp:96:8:96:17 | call to user_input | semmle.label | call to user_input |
 | by_reference.cpp:102:21:102:39 | Chi [a] | semmle.label | Chi [a] |
 | by_reference.cpp:102:21:102:39 | taint_inner_a_ptr output argument [a] | semmle.label | taint_inner_a_ptr output argument [a] |
 | by_reference.cpp:104:15:104:22 | Chi | semmle.label | Chi |
 | by_reference.cpp:104:15:104:22 | Chi [a] | semmle.label | Chi [a] |
-| by_reference.cpp:104:15:104:22 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] |
+| by_reference.cpp:104:15:104:22 | taint_a_ptr output argument [array content] | semmle.label | taint_a_ptr output argument [array content] |
 | by_reference.cpp:106:21:106:41 | Chi [a] | semmle.label | Chi [a] |
 | by_reference.cpp:106:21:106:41 | taint_inner_a_ptr output argument [a] | semmle.label | taint_inner_a_ptr output argument [a] |
 | by_reference.cpp:108:15:108:24 | Chi | semmle.label | Chi |
 | by_reference.cpp:108:15:108:24 | Chi [a] | semmle.label | Chi [a] |
-| by_reference.cpp:108:15:108:24 | taint_a_ptr output argument [[]] | semmle.label | taint_a_ptr output argument [[]] |
+| by_reference.cpp:108:15:108:24 | taint_a_ptr output argument [array content] | semmle.label | taint_a_ptr output argument [array content] |
 | by_reference.cpp:110:27:110:27 | a | semmle.label | a |
 | by_reference.cpp:112:14:112:14 | a | semmle.label | a |
 | by_reference.cpp:114:29:114:29 | a | semmle.label | a |
@@ -382,12 +382,12 @@ nodes
 | by_reference.cpp:122:21:122:38 | taint_inner_a_ref output argument [a] | semmle.label | taint_inner_a_ref output argument [a] |
 | by_reference.cpp:124:15:124:21 | Chi | semmle.label | Chi |
 | by_reference.cpp:124:15:124:21 | Chi [a] | semmle.label | Chi [a] |
-| by_reference.cpp:124:15:124:21 | taint_a_ref output argument [[]] | semmle.label | taint_a_ref output argument [[]] |
+| by_reference.cpp:124:15:124:21 | taint_a_ref output argument [array content] | semmle.label | taint_a_ref output argument [array content] |
 | by_reference.cpp:126:21:126:40 | Chi [a] | semmle.label | Chi [a] |
 | by_reference.cpp:126:21:126:40 | taint_inner_a_ref output argument [a] | semmle.label | taint_inner_a_ref output argument [a] |
 | by_reference.cpp:128:15:128:23 | Chi | semmle.label | Chi |
 | by_reference.cpp:128:15:128:23 | Chi [a] | semmle.label | Chi [a] |
-| by_reference.cpp:128:15:128:23 | taint_a_ref output argument [[]] | semmle.label | taint_a_ref output argument [[]] |
+| by_reference.cpp:128:15:128:23 | taint_a_ref output argument [array content] | semmle.label | taint_a_ref output argument [array content] |
 | by_reference.cpp:130:27:130:27 | a | semmle.label | a |
 | by_reference.cpp:132:14:132:14 | a | semmle.label | a |
 | by_reference.cpp:134:29:134:29 | a | semmle.label | a |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
@@ -59,20 +59,20 @@ edges
 | test.cpp:237:24:237:37 | (const char *)... | test.cpp:247:2:247:8 | local_size |
 | test.cpp:245:2:245:9 | local_size | test.cpp:224:23:224:23 | s |
 | test.cpp:247:2:247:8 | local_size | test.cpp:230:21:230:21 | s |
-| test.cpp:251:2:251:32 | Chi [[]] | test.cpp:289:17:289:20 | get_size output argument [[]] |
-| test.cpp:251:2:251:32 | Chi [[]] | test.cpp:305:18:305:21 | get_size output argument [[]] |
-| test.cpp:251:18:251:23 | call to getenv | test.cpp:251:2:251:32 | Chi [[]] |
-| test.cpp:251:18:251:31 | (const char *)... | test.cpp:251:2:251:32 | Chi [[]] |
+| test.cpp:251:2:251:32 | Chi [array content] | test.cpp:289:17:289:20 | get_size output argument [array content] |
+| test.cpp:251:2:251:32 | Chi [array content] | test.cpp:305:18:305:21 | get_size output argument [array content] |
+| test.cpp:251:18:251:23 | call to getenv | test.cpp:251:2:251:32 | Chi [array content] |
+| test.cpp:251:18:251:31 | (const char *)... | test.cpp:251:2:251:32 | Chi [array content] |
 | test.cpp:259:20:259:25 | call to getenv | test.cpp:263:11:263:29 | ... * ... |
 | test.cpp:259:20:259:25 | call to getenv | test.cpp:263:11:263:29 | ... * ... |
 | test.cpp:259:20:259:33 | (const char *)... | test.cpp:263:11:263:29 | ... * ... |
 | test.cpp:259:20:259:33 | (const char *)... | test.cpp:263:11:263:29 | ... * ... |
 | test.cpp:289:17:289:20 | Chi | test.cpp:291:11:291:28 | ... * ... |
 | test.cpp:289:17:289:20 | Chi | test.cpp:291:11:291:28 | ... * ... |
-| test.cpp:289:17:289:20 | get_size output argument [[]] | test.cpp:289:17:289:20 | Chi |
+| test.cpp:289:17:289:20 | get_size output argument [array content] | test.cpp:289:17:289:20 | Chi |
 | test.cpp:305:18:305:21 | Chi | test.cpp:308:10:308:27 | ... * ... |
 | test.cpp:305:18:305:21 | Chi | test.cpp:308:10:308:27 | ... * ... |
-| test.cpp:305:18:305:21 | get_size output argument [[]] | test.cpp:305:18:305:21 | Chi |
+| test.cpp:305:18:305:21 | get_size output argument [array content] | test.cpp:305:18:305:21 | Chi |
 nodes
 | test.cpp:40:21:40:24 | argv | semmle.label | argv |
 | test.cpp:40:21:40:24 | argv | semmle.label | argv |
@@ -136,7 +136,7 @@ nodes
 | test.cpp:241:9:241:24 | call to get_tainted_size | semmle.label | call to get_tainted_size |
 | test.cpp:245:2:245:9 | local_size | semmle.label | local_size |
 | test.cpp:247:2:247:8 | local_size | semmle.label | local_size |
-| test.cpp:251:2:251:32 | Chi [[]] | semmle.label | Chi [[]] |
+| test.cpp:251:2:251:32 | Chi [array content] | semmle.label | Chi [array content] |
 | test.cpp:251:2:251:32 | ChiPartial | semmle.label | ChiPartial |
 | test.cpp:251:18:251:23 | call to getenv | semmle.label | call to getenv |
 | test.cpp:251:18:251:31 | (const char *)... | semmle.label | (const char *)... |
@@ -146,12 +146,12 @@ nodes
 | test.cpp:263:11:263:29 | ... * ... | semmle.label | ... * ... |
 | test.cpp:263:11:263:29 | ... * ... | semmle.label | ... * ... |
 | test.cpp:289:17:289:20 | Chi | semmle.label | Chi |
-| test.cpp:289:17:289:20 | get_size output argument [[]] | semmle.label | get_size output argument [[]] |
+| test.cpp:289:17:289:20 | get_size output argument [array content] | semmle.label | get_size output argument [array content] |
 | test.cpp:291:11:291:28 | ... * ... | semmle.label | ... * ... |
 | test.cpp:291:11:291:28 | ... * ... | semmle.label | ... * ... |
 | test.cpp:291:11:291:28 | ... * ... | semmle.label | ... * ... |
 | test.cpp:305:18:305:21 | Chi | semmle.label | Chi |
-| test.cpp:305:18:305:21 | get_size output argument [[]] | semmle.label | get_size output argument [[]] |
+| test.cpp:305:18:305:21 | get_size output argument [array content] | semmle.label | get_size output argument [array content] |
 | test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... |
 | test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... |
 | test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/uncontrolled/ArithmeticUncontrolled.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/uncontrolled/ArithmeticUncontrolled.expected
@@ -22,20 +22,20 @@ edges
 | test.cpp:8:9:8:12 | Store | test.cpp:24:11:24:18 | call to get_rand |
 | test.cpp:8:9:8:12 | call to rand | test.cpp:8:9:8:12 | Store |
 | test.cpp:8:9:8:12 | call to rand | test.cpp:8:9:8:12 | Store |
-| test.cpp:13:2:13:15 | Chi [[]] | test.cpp:30:13:30:14 | get_rand2 output argument [[]] |
-| test.cpp:13:10:13:13 | call to rand | test.cpp:13:2:13:15 | Chi [[]] |
-| test.cpp:13:10:13:13 | call to rand | test.cpp:13:2:13:15 | Chi [[]] |
-| test.cpp:18:2:18:14 | Chi [[]] | test.cpp:36:13:36:13 | get_rand3 output argument [[]] |
-| test.cpp:18:9:18:12 | call to rand | test.cpp:18:2:18:14 | Chi [[]] |
-| test.cpp:18:9:18:12 | call to rand | test.cpp:18:2:18:14 | Chi [[]] |
+| test.cpp:13:2:13:15 | Chi [array content] | test.cpp:30:13:30:14 | get_rand2 output argument [array content] |
+| test.cpp:13:10:13:13 | call to rand | test.cpp:13:2:13:15 | Chi [array content] |
+| test.cpp:13:10:13:13 | call to rand | test.cpp:13:2:13:15 | Chi [array content] |
+| test.cpp:18:2:18:14 | Chi [array content] | test.cpp:36:13:36:13 | get_rand3 output argument [array content] |
+| test.cpp:18:9:18:12 | call to rand | test.cpp:18:2:18:14 | Chi [array content] |
+| test.cpp:18:9:18:12 | call to rand | test.cpp:18:2:18:14 | Chi [array content] |
 | test.cpp:24:11:24:18 | call to get_rand | test.cpp:25:7:25:7 | r |
 | test.cpp:24:11:24:18 | call to get_rand | test.cpp:25:7:25:7 | r |
 | test.cpp:30:13:30:14 | Chi | test.cpp:31:7:31:7 | r |
 | test.cpp:30:13:30:14 | Chi | test.cpp:31:7:31:7 | r |
-| test.cpp:30:13:30:14 | get_rand2 output argument [[]] | test.cpp:30:13:30:14 | Chi |
+| test.cpp:30:13:30:14 | get_rand2 output argument [array content] | test.cpp:30:13:30:14 | Chi |
 | test.cpp:36:13:36:13 | Chi | test.cpp:37:7:37:7 | r |
 | test.cpp:36:13:36:13 | Chi | test.cpp:37:7:37:7 | r |
-| test.cpp:36:13:36:13 | get_rand3 output argument [[]] | test.cpp:36:13:36:13 | Chi |
+| test.cpp:36:13:36:13 | get_rand3 output argument [array content] | test.cpp:36:13:36:13 | Chi |
 nodes
 | test.c:18:13:18:16 | call to rand | semmle.label | call to rand |
 | test.c:18:13:18:16 | call to rand | semmle.label | call to rand |
@@ -65,11 +65,11 @@ nodes
 | test.cpp:8:9:8:12 | Store | semmle.label | Store |
 | test.cpp:8:9:8:12 | call to rand | semmle.label | call to rand |
 | test.cpp:8:9:8:12 | call to rand | semmle.label | call to rand |
-| test.cpp:13:2:13:15 | Chi [[]] | semmle.label | Chi [[]] |
+| test.cpp:13:2:13:15 | Chi [array content] | semmle.label | Chi [array content] |
 | test.cpp:13:2:13:15 | ChiPartial | semmle.label | ChiPartial |
 | test.cpp:13:10:13:13 | call to rand | semmle.label | call to rand |
 | test.cpp:13:10:13:13 | call to rand | semmle.label | call to rand |
-| test.cpp:18:2:18:14 | Chi [[]] | semmle.label | Chi [[]] |
+| test.cpp:18:2:18:14 | Chi [array content] | semmle.label | Chi [array content] |
 | test.cpp:18:2:18:14 | ChiPartial | semmle.label | ChiPartial |
 | test.cpp:18:9:18:12 | call to rand | semmle.label | call to rand |
 | test.cpp:18:9:18:12 | call to rand | semmle.label | call to rand |
@@ -78,12 +78,12 @@ nodes
 | test.cpp:25:7:25:7 | r | semmle.label | r |
 | test.cpp:25:7:25:7 | r | semmle.label | r |
 | test.cpp:30:13:30:14 | Chi | semmle.label | Chi |
-| test.cpp:30:13:30:14 | get_rand2 output argument [[]] | semmle.label | get_rand2 output argument [[]] |
+| test.cpp:30:13:30:14 | get_rand2 output argument [array content] | semmle.label | get_rand2 output argument [array content] |
 | test.cpp:31:7:31:7 | r | semmle.label | r |
 | test.cpp:31:7:31:7 | r | semmle.label | r |
 | test.cpp:31:7:31:7 | r | semmle.label | r |
 | test.cpp:36:13:36:13 | Chi | semmle.label | Chi |
-| test.cpp:36:13:36:13 | get_rand3 output argument [[]] | semmle.label | get_rand3 output argument [[]] |
+| test.cpp:36:13:36:13 | get_rand3 output argument [array content] | semmle.label | get_rand3 output argument [array content] |
 | test.cpp:37:7:37:7 | r | semmle.label | r |
 | test.cpp:37:7:37:7 | r | semmle.label | r |
 | test.cpp:37:7:37:7 | r | semmle.label | r |
--- a/csharp/change-notes/2021-06-24-dataflow-implicit-reads.md
+++ b/csharp/change-notes/2021-06-24-dataflow-implicit-reads.md
@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The DataFlow libraries have been augmented with support for `Configuration`-specific in-place read steps at, for example, sinks and custom taint steps. This means that it is now possible to specify sinks that accept flow with non-empty access paths.
--- a/csharp/ql/src/semmle/code/csharp/dataflow/FlowSummary.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/FlowSummary.qll
@@ -35,6 +35,22 @@ module SummaryComponent {
  /** Gets a summary component that represents the return value of a call. */
  SummaryComponent return() { result = return(any(NormalReturnKind rk)) }

+  /**
+   * Gets a summary component that represents the return value through the `i`th
+   * `out` argument of a call.
+   */
+  SummaryComponent outArgument(int i) {
+    result = return(any(OutReturnKind rk | rk.getPosition() = i))
+  }
+
+  /**
+   * Gets a summary component that represents the return value through the `i`th
+   * `ref` argument of a call.
+   */
+  SummaryComponent refArgument(int i) {
+    result = return(any(RefReturnKind rk | rk.getPosition() = i))
+  }
+
  /** Gets a summary component that represents a jump to `c`. */
  SummaryComponent jump(Callable c) {
    result =
@@ -72,6 +88,18 @@ module SummaryComponentStack {
  /** Gets a singleton stack representing the return value of a call. */
  SummaryComponentStack return() { result = singleton(SummaryComponent::return()) }

+  /**
+   * Gets a singleton stack representing the return value through the `i`th
+   * `out` argument of a call.
+   */
+  SummaryComponentStack outArgument(int i) { result = singleton(SummaryComponent::outArgument(i)) }
+
+  /**
+   * Gets a singleton stack representing the return value through the `i`th
+   * `ref` argument of a call.
+   */
+  SummaryComponentStack refArgument(int i) { result = singleton(SummaryComponent::refArgument(i)) }
+
  /** Gets a singleton stack representing a jump to `c`. */
  SummaryComponentStack jump(Callable c) { result = singleton(SummaryComponent::jump(c)) }
 }
--- a/csharp/ql/src/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll
@@ -383,7 +383,7 @@ private module FrameworkDataFlowAdaptor {
    or
    exists(int i |
      result = TCallableFlowSinkArg(i) and
-      output = SummaryComponentStack::argument(i)
+      output = SummaryComponentStack::outArgument(i)
    )
    or
    exists(int i, int j | result = TCallableFlowSinkDelegateArg(i, j) |
--- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll
--- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll
--- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll
--- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll
--- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll
--- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll
@@ -724,6 +724,7 @@ private module Cached {
    Node node1, Content c, Node node2, DataFlowType contentType, DataFlowType containerType
  ) {
    storeStep(node1, c, node2) and
+    read(_, c, _) and
    contentType = getNodeDataFlowType(node1) and
    containerType = getNodeDataFlowType(node2)
    or
--- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
@@ -1258,33 +1258,12 @@ private module ReturnNodes {
    SummaryReturnNode() {
      FlowSummaryImpl::Private::summaryReturnNode(this, rk) and
      not rk instanceof JumpReturnKind
-      or
-      exists(Parameter p, int pos |
-        summaryPostUpdateNodeIsOutOrRef(this, p) and
-        pos = p.getPosition()
-      |
-        p.isOut() and rk.(OutReturnKind).getPosition() = pos
-        or
-        p.isRef() and rk.(RefReturnKind).getPosition() = pos
-      )
    }

    override ReturnKind getKind() { result = rk }
  }
 }

-/**
- * Holds if summary node `n` is a post-update node for `out`/`ref` parameter `p`.
- * In this case we adjust it to instead be a return node.
- */
-private predicate summaryPostUpdateNodeIsOutOrRef(SummaryNode n, Parameter p) {
-  exists(ParameterNode pn |
-    FlowSummaryImpl::Private::summaryPostUpdateNode(n, pn) and
-    pn.getParameter() = p and
-    p.isOutOrRef()
-  )
-}
-
 import ReturnNodes

 /** A data-flow node that represents the output of a call. */
@@ -1862,10 +1841,7 @@ private module PostUpdateNodes {
  }

  private class SummaryPostUpdateNode extends SummaryNode, PostUpdateNode {
-    SummaryPostUpdateNode() {
-      FlowSummaryImpl::Private::summaryPostUpdateNode(this, _) and
-      not summaryPostUpdateNodeIsOutOrRef(this, _)
-    }
+    SummaryPostUpdateNode() { FlowSummaryImpl::Private::summaryPostUpdateNode(this, _) }

    override Node getPreUpdateNode() {
      FlowSummaryImpl::Private::summaryPostUpdateNode(this, result)
--- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll
@@ -18,13 +18,6 @@ private import semmle.code.csharp.frameworks.WCF
 */
 predicate defaultTaintSanitizer(DataFlow::Node node) { none() }

-/**
- * Holds if default `TaintTracking::Configuration`s should allow implicit reads
- * of `c` at sinks and inputs to additional taint steps.
- */
-bindingset[node]
-predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) { none() }
-
 deprecated predicate localAdditionalTaintStep = defaultAdditionalTaintStep/2;

 private CIL::DataFlowNode asCilDataFlowNode(DataFlow::Node node) {
--- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
@@ -105,11 +105,6 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
-    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
-    defaultImplicitTaintRead(node, c)
-  }
-
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
@@ -105,11 +105,6 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
-    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
-    defaultImplicitTaintRead(node, c)
-  }
-
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking3/TaintTrackingImpl.qll
@@ -105,11 +105,6 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
-    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
-    defaultImplicitTaintRead(node, c)
-  }
-
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking4/TaintTrackingImpl.qll
@@ -105,11 +105,6 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
-    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
-    defaultImplicitTaintRead(node, c)
-  }
-
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll
@@ -105,11 +105,6 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
-    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
-    defaultImplicitTaintRead(node, c)
-  }
-
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.cs
+++ b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.cs
@@ -85,13 +85,6 @@ namespace My.Qltest
            Sink(objs2[0]);
        }

-        void M14()
-        {
-            var s = new string("");
-            Parse(s, out var i);
-            Sink(i);
-        }
-
        object StepArgRes(object x) { return null; }

        void StepArgArg(object @in, object @out) { }
@@ -122,8 +115,6 @@ namespace My.Qltest

        static S[] Map<S, T>(S[] elements, Func<S, T> f) => throw null;

-        static void Parse(string s, out int i) => throw null;
-
        static void Sink(object o) { }
    }
 }
--- a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected
+++ b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected
@@ -24,12 +24,12 @@ edges
 | ExternalFlow.cs:54:36:54:47 | object creation of type Object : Object | ExternalFlow.cs:54:13:54:16 | [post] this access [element] : Object |
 | ExternalFlow.cs:55:18:55:21 | this access [element] : Object | ExternalFlow.cs:55:18:55:41 | call to method StepElementGetter |
 | ExternalFlow.cs:60:35:60:35 | o : Object | ExternalFlow.cs:60:47:60:47 | access to parameter o |
-| ExternalFlow.cs:60:64:60:75 | object creation of type Object : Object | ExternalFlow.cs:121:46:121:46 | s : Object |
+| ExternalFlow.cs:60:64:60:75 | object creation of type Object : Object | ExternalFlow.cs:114:46:114:46 | s : Object |
 | ExternalFlow.cs:65:21:65:60 | call to method Apply : Object | ExternalFlow.cs:66:18:66:18 | access to local variable o |
 | ExternalFlow.cs:65:45:65:56 | object creation of type Object : Object | ExternalFlow.cs:65:21:65:60 | call to method Apply : Object |
 | ExternalFlow.cs:71:30:71:45 | { ..., ... } [element] : Object | ExternalFlow.cs:72:17:72:20 | access to local variable objs [element] : Object |
 | ExternalFlow.cs:71:32:71:43 | object creation of type Object : Object | ExternalFlow.cs:71:30:71:45 | { ..., ... } [element] : Object |
-| ExternalFlow.cs:72:17:72:20 | access to local variable objs [element] : Object | ExternalFlow.cs:123:34:123:41 | elements [element] : Object |
+| ExternalFlow.cs:72:17:72:20 | access to local variable objs [element] : Object | ExternalFlow.cs:116:34:116:41 | elements [element] : Object |
 | ExternalFlow.cs:72:23:72:23 | o : Object | ExternalFlow.cs:72:35:72:35 | access to parameter o |
 | ExternalFlow.cs:77:24:77:58 | call to method Map [element] : Object | ExternalFlow.cs:78:18:78:21 | access to local variable objs [element] : Object |
 | ExternalFlow.cs:77:46:77:57 | object creation of type Object : Object | ExternalFlow.cs:77:24:77:58 | call to method Map [element] : Object |
@@ -40,11 +40,8 @@ edges
 | ExternalFlow.cs:84:25:84:41 | call to method Map [element] : Object | ExternalFlow.cs:85:18:85:22 | access to local variable objs2 [element] : Object |
 | ExternalFlow.cs:84:29:84:32 | access to local variable objs [element] : Object | ExternalFlow.cs:84:25:84:41 | call to method Map [element] : Object |
 | ExternalFlow.cs:85:18:85:22 | access to local variable objs2 [element] : Object | ExternalFlow.cs:85:18:85:25 | access to array element |
-| ExternalFlow.cs:90:21:90:34 | object creation of type String : String | ExternalFlow.cs:91:19:91:19 | access to local variable s : String |
-| ExternalFlow.cs:91:19:91:19 | access to local variable s : String | ExternalFlow.cs:91:30:91:30 | SSA def(i) : Int32 |
-| ExternalFlow.cs:91:30:91:30 | SSA def(i) : Int32 | ExternalFlow.cs:92:18:92:18 | (...) ... |
-| ExternalFlow.cs:121:46:121:46 | s : Object | ExternalFlow.cs:60:35:60:35 | o : Object |
-| ExternalFlow.cs:123:34:123:41 | elements [element] : Object | ExternalFlow.cs:72:23:72:23 | o : Object |
+| ExternalFlow.cs:114:46:114:46 | s : Object | ExternalFlow.cs:60:35:60:35 | o : Object |
+| ExternalFlow.cs:116:34:116:41 | elements [element] : Object | ExternalFlow.cs:72:23:72:23 | o : Object |
 nodes
 | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
 | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | semmle.label | call to method StepArgRes |
@@ -100,12 +97,8 @@ nodes
 | ExternalFlow.cs:84:29:84:32 | access to local variable objs [element] : Object | semmle.label | access to local variable objs [element] : Object |
 | ExternalFlow.cs:85:18:85:22 | access to local variable objs2 [element] : Object | semmle.label | access to local variable objs2 [element] : Object |
 | ExternalFlow.cs:85:18:85:25 | access to array element | semmle.label | access to array element |
-| ExternalFlow.cs:90:21:90:34 | object creation of type String : String | semmle.label | object creation of type String : String |
-| ExternalFlow.cs:91:19:91:19 | access to local variable s : String | semmle.label | access to local variable s : String |
-| ExternalFlow.cs:91:30:91:30 | SSA def(i) : Int32 | semmle.label | SSA def(i) : Int32 |
-| ExternalFlow.cs:92:18:92:18 | (...) ... | semmle.label | (...) ... |
-| ExternalFlow.cs:121:46:121:46 | s : Object | semmle.label | s : Object |
-| ExternalFlow.cs:123:34:123:41 | elements [element] : Object | semmle.label | elements [element] : Object |
+| ExternalFlow.cs:114:46:114:46 | s : Object | semmle.label | s : Object |
+| ExternalFlow.cs:116:34:116:41 | elements [element] : Object | semmle.label | elements [element] : Object |
 invalidModelRow
 #select
 | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | $@ | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | object creation of type Object : Object |
@@ -122,4 +115,3 @@ invalidModelRow
 | ExternalFlow.cs:72:35:72:35 | access to parameter o | ExternalFlow.cs:71:32:71:43 | object creation of type Object : Object | ExternalFlow.cs:72:35:72:35 | access to parameter o | $@ | ExternalFlow.cs:71:32:71:43 | object creation of type Object : Object | object creation of type Object : Object |
 | ExternalFlow.cs:78:18:78:24 | (...) ... | ExternalFlow.cs:77:46:77:57 | object creation of type Object : Object | ExternalFlow.cs:78:18:78:24 | (...) ... | $@ | ExternalFlow.cs:77:46:77:57 | object creation of type Object : Object | object creation of type Object : Object |
 | ExternalFlow.cs:85:18:85:25 | access to array element | ExternalFlow.cs:83:32:83:43 | object creation of type Object : Object | ExternalFlow.cs:85:18:85:25 | access to array element | $@ | ExternalFlow.cs:83:32:83:43 | object creation of type Object : Object | object creation of type Object : Object |
-| ExternalFlow.cs:92:18:92:18 | (...) ... | ExternalFlow.cs:90:21:90:34 | object creation of type String : String | ExternalFlow.cs:92:18:92:18 | (...) ... | $@ | ExternalFlow.cs:90:21:90:34 | object creation of type String : String | object creation of type String : String |
--- a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ql
+++ b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ql
@@ -24,8 +24,7 @@ class SummaryModelTest extends SummaryModelCsv {
        "My.Qltest;D;false;Apply;(System.Func<S,T>,S);;Argument[1];Parameter[0] of Argument[0];value",
        "My.Qltest;D;false;Apply;(System.Func<S,T>,S);;ReturnValue of Argument[0];ReturnValue;value",
        "My.Qltest;D;false;Map;(S[],System.Func<S,T>);;Element of Argument[0];Parameter[0] of Argument[1];value",
-        "My.Qltest;D;false;Map;(S[],System.Func<S,T>);;ReturnValue of Argument[1];Element of ReturnValue;value",
-        "My.Qltest;D;false;Parse;(System.String,System.Int32);;Argument[0];Argument[1];taint"
+        "My.Qltest;D;false;Map;(S[],System.Func<S,T>);;ReturnValue of Argument[1];Element of ReturnValue;value"
      ]
  }
 }
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
--- a/csharp/ql/test/library-tests/frameworks/EntityFramework/EntityFramework.cs
+++ b/csharp/ql/test/library-tests/frameworks/EntityFramework/EntityFramework.cs
@@ -1,5 +1,5 @@
 // semmle-extractor-options: /r:System.Data.dll /r:System.ComponentModel.Primitives.dll /r:System.ComponentModel.TypeConverter.dll ${testdir}/../../../resources/stubs/EntityFramework.cs ${testdir}/../../../resources/stubs/System.Data.cs /r:System.ComponentModel.TypeConverter.dll /r:System.Data.Common.dll /r:System.Linq.dll
-// semmle-extractor-options: ${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/System.ComponentModel.Annotations.cs ${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/System.ComponentModel.cs
+
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations.Schema;
 using System.Data.Entity;
--- a/csharp/ql/test/library-tests/frameworks/JsonNET/Json.cs
+++ b/csharp/ql/test/library-tests/frameworks/JsonNET/Json.cs
@@ -34,7 +34,7 @@ namespace JsonTest

            Object taintedPopulatedObject = new Object();
            JsonConvert.PopulateObject(t, taintedPopulatedObject);
-            Sink(taintedPopulatedObject.tainted);
+            Sink(taintedPopulatedObject.tainted);  // False negative

            Object untaintedObject = JsonConvert.DeserializeObject<Object>(u);
            Sink(untaintedObject);
--- a/csharp/ql/test/library-tests/frameworks/JsonNET/Json.expected
+++ b/csharp/ql/test/library-tests/frameworks/JsonNET/Json.expected
@@ -5,7 +5,6 @@
 | Json.cs:18:24:18:32 | "tainted" | Json.cs:28:18:28:49 | access to indexer |
 | Json.cs:18:24:18:32 | "tainted" | Json.cs:29:18:29:46 | access to array element |
 | Json.cs:18:24:18:32 | "tainted" | Json.cs:32:18:32:39 | (...) ... |
-| Json.cs:18:24:18:32 | "tainted" | Json.cs:37:18:37:47 | (...) ... |
 | Json.cs:18:24:18:32 | "tainted" | Json.cs:44:18:44:24 | access to local variable jobject |
 | Json.cs:18:24:18:32 | "tainted" | Json.cs:45:18:45:29 | access to indexer |
 | Json.cs:18:24:18:32 | "tainted" | Json.cs:46:18:46:34 | access to indexer |
--- a/csharp/ql/test/query-tests/Security
+++ b/csharp/ql/test/query-tests/Security
@@ -1,13 +1,13 @@
-// semmle-extractor-options: /nostdlib /noconfig
-// semmle-extractor-options: --load-sources-from-project:../../../resources/stubs/Dapper/2.0.90/Dapper.csproj
-// semmle-extractor-options: --load-sources-from-project:../../../resources/stubs/System.Data.SqlClient/4.8.2/System.Data.SqlClient.csproj
-// semmle-extractor-options: ${testdir}/../../../resources/stubs/EntityFramework.cs
-// semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Windows.cs
+// semmle-extractor-options: /r:System.ComponentModel.Primitives.dll /r:System.ComponentModel.TypeConverter.dll /r:System.Data.Common.dll ${testdir}/../../../resources/stubs/EntityFramework.cs ${testdir}/../../../resources/stubs/System.Data.cs ${testdir}/../../../resources/stubs/System.Windows.cs ${testdir}/../../../resources/stubs/Dapper.cs /r:System.Linq.Expressions.dll
+
 using System;

 namespace System.Web.UI.WebControls
 {
-    public class TextBox { public string Text { get; set; } }
+    public class TextBox
+    {
+        public string Text { get; set; }
+    }
 }

 namespace Test
--- a/csharp/ql/test/resources/stubs/Dapper.cs
+++ b/csharp/ql/test/resources/stubs/Dapper.cs
@@ -0,0 +1,34 @@
+// This file contains auto-generated code.
+// original-extractor-options: /r:Dapper.dll /r:System.Data.SqlClient.dll ...
+
+namespace Dapper
+{
+    // Generated from `Dapper.CommandDefinition` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
+    public struct CommandDefinition
+    {
+        public CommandDefinition(string commandText, object parameters = null, System.Data.IDbTransaction transaction = null, int? commandTimeout = null, System.Data.CommandType? commandType = null, Dapper.CommandFlags flags = CommandFlags.Buffered, System.Threading.CancellationToken cancellationToken = default) => throw null;
+    }
+
+    // Generated from `Dapper.CommandFlags` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
+    [System.Flags]
+    public enum CommandFlags
+    {
+        None = 0x0,
+        Buffered = 0x1,
+        Pipelined = 0x2,
+        NoCache = 0x4
+    }
+
+    // Generated from `Dapper.SqlMapper` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
+    static public class SqlMapper
+    {
+        public static System.Collections.Generic.IEnumerable<T> Query<T>(this System.Data.IDbConnection cnn, string sql, object param = null, System.Data.IDbTransaction transaction = null, bool buffered = true, int? commandTimeout = null, System.Data.CommandType? commandType = null) => throw null;
+        public static System.Data.IDataReader ExecuteReader(this System.Data.IDbConnection cnn, string sql, object param = null, System.Data.IDbTransaction transaction = null, int? commandTimeout = null, System.Data.CommandType? commandType = null) => throw null;
+        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<T>> QueryAsync<T>(this System.Data.IDbConnection cnn, string sql, object param = null, System.Data.IDbTransaction transaction = null, int? commandTimeout = null, System.Data.CommandType? commandType = null) => throw null;
+        public static System.Threading.Tasks.Task<dynamic> QueryFirstAsync(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
+        public static System.Threading.Tasks.Task<dynamic> QueryFirstAsync(this System.Data.IDbConnection cnn, string sql, object param = null, System.Data.IDbTransaction transaction = null, int? commandTimeout = null, System.Data.CommandType? commandType = null) => throw null;
+        public static System.Threading.Tasks.Task<int> ExecuteAsync(this System.Data.IDbConnection cnn, string sql, object param = null, System.Data.IDbTransaction transaction = null, int? commandTimeout = null, System.Data.CommandType? commandType = null) => throw null;
+        public static object ExecuteScalar(this System.Data.IDbConnection cnn, string sql, object param = null, System.Data.IDbTransaction transaction = null, int? commandTimeout = null, System.Data.CommandType? commandType = null) => throw null;
+    }
+}
+
--- a/csharp/ql/test/resources/stubs/Dapper/2.0.90/Dapper.cs
+++ b/csharp/ql/test/resources/stubs/Dapper/2.0.90/Dapper.cs
@@ -1,408 +0,0 @@
-// This file contains auto-generated code.
-
-namespace Dapper
-{
-    // Generated from `Dapper.CommandDefinition` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-    public struct CommandDefinition
-    {
-        public bool Buffered { get => throw null; }
-        public System.Threading.CancellationToken CancellationToken { get => throw null; }
-        public CommandDefinition(string commandText, object parameters = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?), Dapper.CommandFlags flags = default(Dapper.CommandFlags), System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) => throw null;
-        // Stub generator skipped constructor 
-        public string CommandText { get => throw null; }
-        public int? CommandTimeout { get => throw null; }
-        public System.Data.CommandType? CommandType { get => throw null; }
-        public Dapper.CommandFlags Flags { get => throw null; }
-        public object Parameters { get => throw null; }
-        public bool Pipelined { get => throw null; }
-        public System.Data.IDbTransaction Transaction { get => throw null; }
-    }
-
-    // Generated from `Dapper.CommandFlags` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-    [System.Flags]
-    public enum CommandFlags
-    {
-        Buffered,
-        NoCache,
-        None,
-        Pipelined,
-    }
-
-    // Generated from `Dapper.CustomPropertyTypeMap` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-    public class CustomPropertyTypeMap : Dapper.SqlMapper.ITypeMap
-    {
-        public CustomPropertyTypeMap(System.Type type, System.Func<System.Type, string, System.Reflection.PropertyInfo> propertySelector) => throw null;
-        public System.Reflection.ConstructorInfo FindConstructor(string[] names, System.Type[] types) => throw null;
-        public System.Reflection.ConstructorInfo FindExplicitConstructor() => throw null;
-        public Dapper.SqlMapper.IMemberMap GetConstructorParameter(System.Reflection.ConstructorInfo constructor, string columnName) => throw null;
-        public Dapper.SqlMapper.IMemberMap GetMember(string columnName) => throw null;
-    }
-
-    // Generated from `Dapper.DbString` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-    public class DbString : Dapper.SqlMapper.ICustomQueryParameter
-    {
-        public void AddParameter(System.Data.IDbCommand command, string name) => throw null;
-        public DbString() => throw null;
-        public const int DefaultLength = default;
-        public bool IsAnsi { get => throw null; set => throw null; }
-        public static bool IsAnsiDefault { get => throw null; set => throw null; }
-        public bool IsFixedLength { get => throw null; set => throw null; }
-        public int Length { get => throw null; set => throw null; }
-        public string Value { get => throw null; set => throw null; }
-    }
-
-    // Generated from `Dapper.DefaultTypeMap` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-    public class DefaultTypeMap : Dapper.SqlMapper.ITypeMap
-    {
-        public DefaultTypeMap(System.Type type) => throw null;
-        public System.Reflection.ConstructorInfo FindConstructor(string[] names, System.Type[] types) => throw null;
-        public System.Reflection.ConstructorInfo FindExplicitConstructor() => throw null;
-        public Dapper.SqlMapper.IMemberMap GetConstructorParameter(System.Reflection.ConstructorInfo constructor, string columnName) => throw null;
-        public Dapper.SqlMapper.IMemberMap GetMember(string columnName) => throw null;
-        public static bool MatchNamesWithUnderscores { get => throw null; set => throw null; }
-        public System.Collections.Generic.List<System.Reflection.PropertyInfo> Properties { get => throw null; }
-    }
-
-    // Generated from `Dapper.DynamicParameters` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-    public class DynamicParameters : Dapper.SqlMapper.IParameterLookup, Dapper.SqlMapper.IParameterCallbacks, Dapper.SqlMapper.IDynamicParameters
-    {
-        public void Add(string name, object value, System.Data.DbType? dbType, System.Data.ParameterDirection? direction, int? size) => throw null;
-        public void Add(string name, object value = default(object), System.Data.DbType? dbType = default(System.Data.DbType?), System.Data.ParameterDirection? direction = default(System.Data.ParameterDirection?), int? size = default(int?), System.Byte? precision = default(System.Byte?), System.Byte? scale = default(System.Byte?)) => throw null;
-        public void AddDynamicParams(object param) => throw null;
-        void Dapper.SqlMapper.IDynamicParameters.AddParameters(System.Data.IDbCommand command, Dapper.SqlMapper.Identity identity) => throw null;
-        protected void AddParameters(System.Data.IDbCommand command, Dapper.SqlMapper.Identity identity) => throw null;
-        public DynamicParameters(object template) => throw null;
-        public DynamicParameters() => throw null;
-        public T Get<T>(string name) => throw null;
-        object Dapper.SqlMapper.IParameterLookup.this[string name] { get => throw null; }
-        void Dapper.SqlMapper.IParameterCallbacks.OnCompleted() => throw null;
-        public Dapper.DynamicParameters Output<T>(T target, System.Linq.Expressions.Expression<System.Func<T, object>> expression, System.Data.DbType? dbType = default(System.Data.DbType?), int? size = default(int?)) => throw null;
-        public System.Collections.Generic.IEnumerable<string> ParameterNames { get => throw null; }
-        public bool RemoveUnused { get => throw null; set => throw null; }
-    }
-
-    // Generated from `Dapper.ExplicitConstructorAttribute` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-    public class ExplicitConstructorAttribute : System.Attribute
-    {
-        public ExplicitConstructorAttribute() => throw null;
-    }
-
-    // Generated from `Dapper.IWrappedDataReader` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-    public interface IWrappedDataReader : System.IDisposable, System.Data.IDataRecord, System.Data.IDataReader
-    {
-        System.Data.IDbCommand Command { get; }
-        System.Data.IDataReader Reader { get; }
-    }
-
-    // Generated from `Dapper.SqlMapper` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-    public static class SqlMapper
-    {
-        public static void AddTypeHandler<T>(Dapper.SqlMapper.TypeHandler<T> handler) => throw null;
-        public static void AddTypeHandler(System.Type type, Dapper.SqlMapper.ITypeHandler handler) => throw null;
-        public static void AddTypeHandlerImpl(System.Type type, Dapper.SqlMapper.ITypeHandler handler, bool clone) => throw null;
-        public static void AddTypeMap(System.Type type, System.Data.DbType dbType) => throw null;
-        public static System.Collections.Generic.List<T> AsList<T>(this System.Collections.Generic.IEnumerable<T> source) => throw null;
-        public static Dapper.SqlMapper.ICustomQueryParameter AsTableValuedParameter<T>(this System.Collections.Generic.IEnumerable<T> list, string typeName = default(string)) where T : System.Data.IDataRecord => throw null;
-        public static Dapper.SqlMapper.ICustomQueryParameter AsTableValuedParameter(this System.Data.DataTable table, string typeName = default(string)) => throw null;
-        public static System.Collections.Generic.IEqualityComparer<string> ConnectionStringComparer { get => throw null; set => throw null; }
-        public static System.Action<System.Data.IDbCommand, object> CreateParamInfoGenerator(Dapper.SqlMapper.Identity identity, bool checkForDuplicates, bool removeUnused) => throw null;
-        public static int Execute(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static int Execute(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<int> ExecuteAsync(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<int> ExecuteAsync(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Data.IDataReader ExecuteReader(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Data.IDataReader ExecuteReader(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command, System.Data.CommandBehavior commandBehavior) => throw null;
-        public static System.Data.IDataReader ExecuteReader(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<System.Data.IDataReader> ExecuteReaderAsync(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<System.Data.IDataReader> ExecuteReaderAsync(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command, System.Data.CommandBehavior commandBehavior) => throw null;
-        public static System.Threading.Tasks.Task<System.Data.IDataReader> ExecuteReaderAsync(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<System.Data.Common.DbDataReader> ExecuteReaderAsync(this System.Data.Common.DbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<System.Data.Common.DbDataReader> ExecuteReaderAsync(this System.Data.Common.DbConnection cnn, Dapper.CommandDefinition command, System.Data.CommandBehavior commandBehavior) => throw null;
-        public static System.Threading.Tasks.Task<System.Data.Common.DbDataReader> ExecuteReaderAsync(this System.Data.Common.DbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static object ExecuteScalar(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static object ExecuteScalar(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static T ExecuteScalar<T>(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static T ExecuteScalar<T>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<object> ExecuteScalarAsync(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<object> ExecuteScalarAsync(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<T> ExecuteScalarAsync<T>(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<T> ExecuteScalarAsync<T>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Data.IDbDataParameter FindOrAddParameter(System.Data.IDataParameterCollection parameters, System.Data.IDbCommand command, string name) => throw null;
-        public static string Format(object value) => throw null;
-        public static System.Collections.Generic.IEnumerable<System.Tuple<string, string, int>> GetCachedSQL(int ignoreHitCountAbove = default(int)) => throw null;
-        public static int GetCachedSQLCount() => throw null;
-        public static System.Data.DbType GetDbType(object value) => throw null;
-        public static System.Collections.Generic.IEnumerable<System.Tuple<int, int>> GetHashCollissions() => throw null;
-        public static System.Func<System.Data.IDataReader, object> GetRowParser(this System.Data.IDataReader reader, System.Type type, int startIndex = default(int), int length = default(int), bool returnNullIfFirstMissing = default(bool)) => throw null;
-        public static System.Func<System.Data.IDataReader, T> GetRowParser<T>(this System.Data.IDataReader reader, System.Type concreteType = default(System.Type), int startIndex = default(int), int length = default(int), bool returnNullIfFirstMissing = default(bool)) => throw null;
-        public static System.Func<System.Data.IDataReader, object> GetTypeDeserializer(System.Type type, System.Data.IDataReader reader, int startBound = default(int), int length = default(int), bool returnNullIfFirstMissing = default(bool)) => throw null;
-        public static Dapper.SqlMapper.ITypeMap GetTypeMap(System.Type type) => throw null;
-        public static string GetTypeName(this System.Data.DataTable table) => throw null;
-        // Generated from `Dapper.SqlMapper+GridReader` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-        public class GridReader : System.IDisposable
-        {
-            public System.Data.IDbCommand Command { get => throw null; set => throw null; }
-            public void Dispose() => throw null;
-            public bool IsConsumed { get => throw null; set => throw null; }
-            public System.Collections.Generic.IEnumerable<object> Read(System.Type type, bool buffered = default(bool)) => throw null;
-            public System.Collections.Generic.IEnumerable<dynamic> Read(bool buffered = default(bool)) => throw null;
-            public System.Collections.Generic.IEnumerable<TReturn> Read<TReturn>(System.Type[] types, System.Func<object[], TReturn> map, string splitOn = default(string), bool buffered = default(bool)) => throw null;
-            public System.Collections.Generic.IEnumerable<TReturn> Read<TFirst, TSecond, TThird, TReturn>(System.Func<TFirst, TSecond, TThird, TReturn> func, string splitOn = default(string), bool buffered = default(bool)) => throw null;
-            public System.Collections.Generic.IEnumerable<TReturn> Read<TFirst, TSecond, TThird, TFourth, TReturn>(System.Func<TFirst, TSecond, TThird, TFourth, TReturn> func, string splitOn = default(string), bool buffered = default(bool)) => throw null;
-            public System.Collections.Generic.IEnumerable<TReturn> Read<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TSeventh, TReturn>(System.Func<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TSeventh, TReturn> func, string splitOn = default(string), bool buffered = default(bool)) => throw null;
-            public System.Collections.Generic.IEnumerable<TReturn> Read<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TReturn>(System.Func<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TReturn> func, string splitOn = default(string), bool buffered = default(bool)) => throw null;
-            public System.Collections.Generic.IEnumerable<TReturn> Read<TFirst, TSecond, TThird, TFourth, TFifth, TReturn>(System.Func<TFirst, TSecond, TThird, TFourth, TFifth, TReturn> func, string splitOn = default(string), bool buffered = default(bool)) => throw null;
-            public System.Collections.Generic.IEnumerable<TReturn> Read<TFirst, TSecond, TReturn>(System.Func<TFirst, TSecond, TReturn> func, string splitOn = default(string), bool buffered = default(bool)) => throw null;
-            public System.Collections.Generic.IEnumerable<T> Read<T>(bool buffered = default(bool)) => throw null;
-            public System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<object>> ReadAsync(System.Type type, bool buffered = default(bool)) => throw null;
-            public System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<dynamic>> ReadAsync(bool buffered = default(bool)) => throw null;
-            public System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<T>> ReadAsync<T>(bool buffered = default(bool)) => throw null;
-            public object ReadFirst(System.Type type) => throw null;
-            public dynamic ReadFirst() => throw null;
-            public T ReadFirst<T>() => throw null;
-            public System.Threading.Tasks.Task<object> ReadFirstAsync(System.Type type) => throw null;
-            public System.Threading.Tasks.Task<dynamic> ReadFirstAsync() => throw null;
-            public System.Threading.Tasks.Task<T> ReadFirstAsync<T>() => throw null;
-            public object ReadFirstOrDefault(System.Type type) => throw null;
-            public dynamic ReadFirstOrDefault() => throw null;
-            public T ReadFirstOrDefault<T>() => throw null;
-            public System.Threading.Tasks.Task<object> ReadFirstOrDefaultAsync(System.Type type) => throw null;
-            public System.Threading.Tasks.Task<dynamic> ReadFirstOrDefaultAsync() => throw null;
-            public System.Threading.Tasks.Task<T> ReadFirstOrDefaultAsync<T>() => throw null;
-            public object ReadSingle(System.Type type) => throw null;
-            public dynamic ReadSingle() => throw null;
-            public T ReadSingle<T>() => throw null;
-            public System.Threading.Tasks.Task<object> ReadSingleAsync(System.Type type) => throw null;
-            public System.Threading.Tasks.Task<dynamic> ReadSingleAsync() => throw null;
-            public System.Threading.Tasks.Task<T> ReadSingleAsync<T>() => throw null;
-            public object ReadSingleOrDefault(System.Type type) => throw null;
-            public dynamic ReadSingleOrDefault() => throw null;
-            public T ReadSingleOrDefault<T>() => throw null;
-            public System.Threading.Tasks.Task<object> ReadSingleOrDefaultAsync(System.Type type) => throw null;
-            public System.Threading.Tasks.Task<dynamic> ReadSingleOrDefaultAsync() => throw null;
-            public System.Threading.Tasks.Task<T> ReadSingleOrDefaultAsync<T>() => throw null;
-        }
-
-
-        // Generated from `Dapper.SqlMapper+ICustomQueryParameter` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-        public interface ICustomQueryParameter
-        {
-            void AddParameter(System.Data.IDbCommand command, string name);
-        }
-
-
-        // Generated from `Dapper.SqlMapper+IDynamicParameters` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-        public interface IDynamicParameters
-        {
-            void AddParameters(System.Data.IDbCommand command, Dapper.SqlMapper.Identity identity);
-        }
-
-
-        // Generated from `Dapper.SqlMapper+IMemberMap` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-        public interface IMemberMap
-        {
-            string ColumnName { get; }
-            System.Reflection.FieldInfo Field { get; }
-            System.Type MemberType { get; }
-            System.Reflection.ParameterInfo Parameter { get; }
-            System.Reflection.PropertyInfo Property { get; }
-        }
-
-
-        // Generated from `Dapper.SqlMapper+IParameterCallbacks` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-        public interface IParameterCallbacks : Dapper.SqlMapper.IDynamicParameters
-        {
-            void OnCompleted();
-        }
-
-
-        // Generated from `Dapper.SqlMapper+IParameterLookup` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-        public interface IParameterLookup : Dapper.SqlMapper.IDynamicParameters
-        {
-            object this[string name] { get; }
-        }
-
-
-        // Generated from `Dapper.SqlMapper+ITypeHandler` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-        public interface ITypeHandler
-        {
-            object Parse(System.Type destinationType, object value);
-            void SetValue(System.Data.IDbDataParameter parameter, object value);
-        }
-
-
-        // Generated from `Dapper.SqlMapper+ITypeMap` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-        public interface ITypeMap
-        {
-            System.Reflection.ConstructorInfo FindConstructor(string[] names, System.Type[] types);
-            System.Reflection.ConstructorInfo FindExplicitConstructor();
-            Dapper.SqlMapper.IMemberMap GetConstructorParameter(System.Reflection.ConstructorInfo constructor, string columnName);
-            Dapper.SqlMapper.IMemberMap GetMember(string columnName);
-        }
-
-
-        // Generated from `Dapper.SqlMapper+Identity` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-        public class Identity : System.IEquatable<Dapper.SqlMapper.Identity>
-        {
-            public override bool Equals(object obj) => throw null;
-            public bool Equals(Dapper.SqlMapper.Identity other) => throw null;
-            public Dapper.SqlMapper.Identity ForDynamicParameters(System.Type type) => throw null;
-            public override int GetHashCode() => throw null;
-            internal Identity(string sql, System.Data.CommandType? commandType, System.Data.IDbConnection connection, System.Type type, System.Type parametersType) => throw null;
-            public override string ToString() => throw null;
-            public System.Data.CommandType? commandType;
-            public string connectionString;
-            public int gridIndex;
-            public int hashCode;
-            public System.Type parametersType;
-            public string sql;
-            public System.Type type;
-        }
-
-
-        public static System.Data.DbType LookupDbType(System.Type type, string name, bool demand, out Dapper.SqlMapper.ITypeHandler handler) => throw null;
-        public static void PackListParameters(System.Data.IDbCommand command, string namePrefix, object value) => throw null;
-        public static System.Collections.Generic.IEnumerable<object> Parse(this System.Data.IDataReader reader, System.Type type) => throw null;
-        public static System.Collections.Generic.IEnumerable<dynamic> Parse(this System.Data.IDataReader reader) => throw null;
-        public static System.Collections.Generic.IEnumerable<T> Parse<T>(this System.Data.IDataReader reader) => throw null;
-        public static void PurgeQueryCache() => throw null;
-        public static System.Collections.Generic.IEnumerable<object> Query(this System.Data.IDbConnection cnn, System.Type type, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Collections.Generic.IEnumerable<dynamic> Query(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Collections.Generic.IEnumerable<TReturn> Query<TReturn>(this System.Data.IDbConnection cnn, string sql, System.Type[] types, System.Func<object[], TReturn> map, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), string splitOn = default(string), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Collections.Generic.IEnumerable<TReturn> Query<TFirst, TSecond, TThird, TReturn>(this System.Data.IDbConnection cnn, string sql, System.Func<TFirst, TSecond, TThird, TReturn> map, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), string splitOn = default(string), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Collections.Generic.IEnumerable<TReturn> Query<TFirst, TSecond, TThird, TFourth, TReturn>(this System.Data.IDbConnection cnn, string sql, System.Func<TFirst, TSecond, TThird, TFourth, TReturn> map, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), string splitOn = default(string), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Collections.Generic.IEnumerable<TReturn> Query<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TSeventh, TReturn>(this System.Data.IDbConnection cnn, string sql, System.Func<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TSeventh, TReturn> map, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), string splitOn = default(string), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Collections.Generic.IEnumerable<TReturn> Query<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TReturn>(this System.Data.IDbConnection cnn, string sql, System.Func<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TReturn> map, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), string splitOn = default(string), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Collections.Generic.IEnumerable<TReturn> Query<TFirst, TSecond, TThird, TFourth, TFifth, TReturn>(this System.Data.IDbConnection cnn, string sql, System.Func<TFirst, TSecond, TThird, TFourth, TFifth, TReturn> map, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), string splitOn = default(string), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Collections.Generic.IEnumerable<TReturn> Query<TFirst, TSecond, TReturn>(this System.Data.IDbConnection cnn, string sql, System.Func<TFirst, TSecond, TReturn> map, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), string splitOn = default(string), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Collections.Generic.IEnumerable<T> Query<T>(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Collections.Generic.IEnumerable<T> Query<T>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<object>> QueryAsync(this System.Data.IDbConnection cnn, System.Type type, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<object>> QueryAsync(this System.Data.IDbConnection cnn, System.Type type, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<dynamic>> QueryAsync(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<dynamic>> QueryAsync(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<TReturn>> QueryAsync<TReturn>(this System.Data.IDbConnection cnn, string sql, System.Type[] types, System.Func<object[], TReturn> map, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), string splitOn = default(string), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<TReturn>> QueryAsync<TFirst, TSecond, TThird, TReturn>(this System.Data.IDbConnection cnn, string sql, System.Func<TFirst, TSecond, TThird, TReturn> map, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), string splitOn = default(string), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<TReturn>> QueryAsync<TFirst, TSecond, TThird, TReturn>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command, System.Func<TFirst, TSecond, TThird, TReturn> map, string splitOn = default(string)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<TReturn>> QueryAsync<TFirst, TSecond, TThird, TFourth, TReturn>(this System.Data.IDbConnection cnn, string sql, System.Func<TFirst, TSecond, TThird, TFourth, TReturn> map, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), string splitOn = default(string), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<TReturn>> QueryAsync<TFirst, TSecond, TThird, TFourth, TReturn>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command, System.Func<TFirst, TSecond, TThird, TFourth, TReturn> map, string splitOn = default(string)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<TReturn>> QueryAsync<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TSeventh, TReturn>(this System.Data.IDbConnection cnn, string sql, System.Func<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TSeventh, TReturn> map, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), string splitOn = default(string), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<TReturn>> QueryAsync<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TSeventh, TReturn>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command, System.Func<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TSeventh, TReturn> map, string splitOn = default(string)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<TReturn>> QueryAsync<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TReturn>(this System.Data.IDbConnection cnn, string sql, System.Func<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TReturn> map, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), string splitOn = default(string), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<TReturn>> QueryAsync<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TReturn>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command, System.Func<TFirst, TSecond, TThird, TFourth, TFifth, TSixth, TReturn> map, string splitOn = default(string)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<TReturn>> QueryAsync<TFirst, TSecond, TThird, TFourth, TFifth, TReturn>(this System.Data.IDbConnection cnn, string sql, System.Func<TFirst, TSecond, TThird, TFourth, TFifth, TReturn> map, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), string splitOn = default(string), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<TReturn>> QueryAsync<TFirst, TSecond, TThird, TFourth, TFifth, TReturn>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command, System.Func<TFirst, TSecond, TThird, TFourth, TFifth, TReturn> map, string splitOn = default(string)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<TReturn>> QueryAsync<TFirst, TSecond, TReturn>(this System.Data.IDbConnection cnn, string sql, System.Func<TFirst, TSecond, TReturn> map, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), bool buffered = default(bool), string splitOn = default(string), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<TReturn>> QueryAsync<TFirst, TSecond, TReturn>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command, System.Func<TFirst, TSecond, TReturn> map, string splitOn = default(string)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<T>> QueryAsync<T>(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<System.Collections.Generic.IEnumerable<T>> QueryAsync<T>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static event System.EventHandler QueryCachePurged;
-        public static object QueryFirst(this System.Data.IDbConnection cnn, System.Type type, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static dynamic QueryFirst(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static T QueryFirst<T>(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static T QueryFirst<T>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<object> QueryFirstAsync(this System.Data.IDbConnection cnn, System.Type type, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<object> QueryFirstAsync(this System.Data.IDbConnection cnn, System.Type type, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<dynamic> QueryFirstAsync(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<dynamic> QueryFirstAsync(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<T> QueryFirstAsync<T>(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<T> QueryFirstAsync<T>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static object QueryFirstOrDefault(this System.Data.IDbConnection cnn, System.Type type, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static dynamic QueryFirstOrDefault(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static T QueryFirstOrDefault<T>(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static T QueryFirstOrDefault<T>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<object> QueryFirstOrDefaultAsync(this System.Data.IDbConnection cnn, System.Type type, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<object> QueryFirstOrDefaultAsync(this System.Data.IDbConnection cnn, System.Type type, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<dynamic> QueryFirstOrDefaultAsync(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<dynamic> QueryFirstOrDefaultAsync(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<T> QueryFirstOrDefaultAsync<T>(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<T> QueryFirstOrDefaultAsync<T>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static Dapper.SqlMapper.GridReader QueryMultiple(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static Dapper.SqlMapper.GridReader QueryMultiple(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<Dapper.SqlMapper.GridReader> QueryMultipleAsync(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<Dapper.SqlMapper.GridReader> QueryMultipleAsync(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static object QuerySingle(this System.Data.IDbConnection cnn, System.Type type, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static dynamic QuerySingle(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static T QuerySingle<T>(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static T QuerySingle<T>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<object> QuerySingleAsync(this System.Data.IDbConnection cnn, System.Type type, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<object> QuerySingleAsync(this System.Data.IDbConnection cnn, System.Type type, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<dynamic> QuerySingleAsync(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<dynamic> QuerySingleAsync(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<T> QuerySingleAsync<T>(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<T> QuerySingleAsync<T>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static object QuerySingleOrDefault(this System.Data.IDbConnection cnn, System.Type type, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static dynamic QuerySingleOrDefault(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static T QuerySingleOrDefault<T>(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static T QuerySingleOrDefault<T>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<object> QuerySingleOrDefaultAsync(this System.Data.IDbConnection cnn, System.Type type, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<object> QuerySingleOrDefaultAsync(this System.Data.IDbConnection cnn, System.Type type, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<dynamic> QuerySingleOrDefaultAsync(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<dynamic> QuerySingleOrDefaultAsync(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Threading.Tasks.Task<T> QuerySingleOrDefaultAsync<T>(this System.Data.IDbConnection cnn, string sql, object param = default(object), System.Data.IDbTransaction transaction = default(System.Data.IDbTransaction), int? commandTimeout = default(int?), System.Data.CommandType? commandType = default(System.Data.CommandType?)) => throw null;
-        public static System.Threading.Tasks.Task<T> QuerySingleOrDefaultAsync<T>(this System.Data.IDbConnection cnn, Dapper.CommandDefinition command) => throw null;
-        public static System.Char ReadChar(object value) => throw null;
-        public static System.Char? ReadNullableChar(object value) => throw null;
-        public static void RemoveTypeMap(System.Type type) => throw null;
-        public static void ReplaceLiterals(this Dapper.SqlMapper.IParameterLookup parameters, System.Data.IDbCommand command) => throw null;
-        public static void ResetTypeHandlers() => throw null;
-        public static object SanitizeParameterValue(object value) => throw null;
-        public static void SetTypeMap(System.Type type, Dapper.SqlMapper.ITypeMap map) => throw null;
-        public static void SetTypeName(this System.Data.DataTable table, string typeName) => throw null;
-        // Generated from `Dapper.SqlMapper+Settings` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-        public static class Settings
-        {
-            public static bool ApplyNullValues { get => throw null; set => throw null; }
-            public static int? CommandTimeout { get => throw null; set => throw null; }
-            public static int InListStringSplitCount { get => throw null; set => throw null; }
-            public static bool PadListExpansions { get => throw null; set => throw null; }
-            public static void SetDefaults() => throw null;
-            public static bool UseSingleResultOptimization { get => throw null; set => throw null; }
-            public static bool UseSingleRowOptimization { get => throw null; set => throw null; }
-        }
-
-
-        // Generated from `Dapper.SqlMapper+StringTypeHandler<>` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-        public abstract class StringTypeHandler<T> : Dapper.SqlMapper.TypeHandler<T>
-        {
-            protected abstract string Format(T xml);
-            public override T Parse(object value) => throw null;
-            protected abstract T Parse(string xml);
-            public override void SetValue(System.Data.IDbDataParameter parameter, T value) => throw null;
-            protected StringTypeHandler() => throw null;
-        }
-
-
-        public static void ThrowDataException(System.Exception ex, int index, System.Data.IDataReader reader, object value) => throw null;
-        // Generated from `Dapper.SqlMapper+TypeHandler<>` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-        public abstract class TypeHandler<T> : Dapper.SqlMapper.ITypeHandler
-        {
-            public abstract T Parse(object value);
-            object Dapper.SqlMapper.ITypeHandler.Parse(System.Type destinationType, object value) => throw null;
-            void Dapper.SqlMapper.ITypeHandler.SetValue(System.Data.IDbDataParameter parameter, object value) => throw null;
-            public abstract void SetValue(System.Data.IDbDataParameter parameter, T value);
-            protected TypeHandler() => throw null;
-        }
-
-
-        // Generated from `Dapper.SqlMapper+TypeHandlerCache<>` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-        public static class TypeHandlerCache<T>
-        {
-            public static T Parse(object value) => throw null;
-            public static void SetValue(System.Data.IDbDataParameter parameter, object value) => throw null;
-        }
-
-
-        public static System.Func<System.Type, Dapper.SqlMapper.ITypeMap> TypeMapProvider;
-        // Generated from `Dapper.SqlMapper+UdtTypeHandler` in `Dapper, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null`
-        public class UdtTypeHandler : Dapper.SqlMapper.ITypeHandler
-        {
-            object Dapper.SqlMapper.ITypeHandler.Parse(System.Type destinationType, object value) => throw null;
-            void Dapper.SqlMapper.ITypeHandler.SetValue(System.Data.IDbDataParameter parameter, object value) => throw null;
-            public UdtTypeHandler(string udtTypeName) => throw null;
-        }
-
-
-    }
-
-}
--- a/csharp/ql/test/resources/stubs/Dapper/2.0.90/Dapper.csproj
+++ b/csharp/ql/test/resources/stubs/Dapper/2.0.90/Dapper.csproj
@@ -1,12 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk">
-  <PropertyGroup>
-    <TargetFramework>net5.0</TargetFramework>
-    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
-    <OutputPath>bin\</OutputPath>
-    <AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
-  </PropertyGroup>
-
-  <ItemGroup>
-    <ProjectReference Include="../../_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj" />
-  </ItemGroup>
-</Project>
--- a/csharp/ql/test/resources/stubs/EntityFramework.cs
+++ b/csharp/ql/test/resources/stubs/EntityFramework.cs
@@ -102,6 +102,13 @@ namespace Microsoft.EntityFrameworkCore
    }
 }

+namespace System.ComponentModel.DataAnnotations.Schema
+{
+    class NotMappedAttribute : Attribute
+    {
+    }
+}
+
 namespace Microsoft.EntityFrameworkCore.Storage
 {
    interface IRawSqlCommandBuilder
--- a/csharp/ql/test/resources/stubs/System.Data.SqlClient/4.8.2/System.Data.SqlClient.cs
+++ b/csharp/ql/test/resources/stubs/System.Data.SqlClient/4.8.2/System.Data.SqlClient.cs
@@ -1,972 +0,0 @@
-// This file contains auto-generated code.
-
-namespace Microsoft
-{
-    namespace SqlServer
-    {
-        namespace Server
-        {
-            // Generated from `Microsoft.SqlServer.Server.DataAccessKind` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public enum DataAccessKind
-            {
-                None,
-                Read,
-            }
-
-            // Generated from `Microsoft.SqlServer.Server.Format` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public enum Format
-            {
-                Native,
-                Unknown,
-                UserDefined,
-            }
-
-            // Generated from `Microsoft.SqlServer.Server.IBinarySerialize` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public interface IBinarySerialize
-            {
-                void Read(System.IO.BinaryReader r);
-                void Write(System.IO.BinaryWriter w);
-            }
-
-            // Generated from `Microsoft.SqlServer.Server.InvalidUdtException` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class InvalidUdtException : System.SystemException
-            {
-            }
-
-            // Generated from `Microsoft.SqlServer.Server.SqlDataRecord` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlDataRecord : System.Data.IDataRecord
-            {
-                public virtual int FieldCount { get => throw null; }
-                public virtual bool GetBoolean(int ordinal) => throw null;
-                public virtual System.Byte GetByte(int ordinal) => throw null;
-                public virtual System.Int64 GetBytes(int ordinal, System.Int64 fieldOffset, System.Byte[] buffer, int bufferOffset, int length) => throw null;
-                public virtual System.Char GetChar(int ordinal) => throw null;
-                public virtual System.Int64 GetChars(int ordinal, System.Int64 fieldOffset, System.Char[] buffer, int bufferOffset, int length) => throw null;
-                System.Data.IDataReader System.Data.IDataRecord.GetData(int ordinal) => throw null;
-                public virtual string GetDataTypeName(int ordinal) => throw null;
-                public virtual System.DateTime GetDateTime(int ordinal) => throw null;
-                public virtual System.DateTimeOffset GetDateTimeOffset(int ordinal) => throw null;
-                public virtual System.Decimal GetDecimal(int ordinal) => throw null;
-                public virtual double GetDouble(int ordinal) => throw null;
-                public virtual System.Type GetFieldType(int ordinal) => throw null;
-                public virtual float GetFloat(int ordinal) => throw null;
-                public virtual System.Guid GetGuid(int ordinal) => throw null;
-                public virtual System.Int16 GetInt16(int ordinal) => throw null;
-                public virtual int GetInt32(int ordinal) => throw null;
-                public virtual System.Int64 GetInt64(int ordinal) => throw null;
-                public virtual string GetName(int ordinal) => throw null;
-                public virtual int GetOrdinal(string name) => throw null;
-                public virtual System.Data.SqlTypes.SqlBinary GetSqlBinary(int ordinal) => throw null;
-                public virtual System.Data.SqlTypes.SqlBoolean GetSqlBoolean(int ordinal) => throw null;
-                public virtual System.Data.SqlTypes.SqlByte GetSqlByte(int ordinal) => throw null;
-                public virtual System.Data.SqlTypes.SqlBytes GetSqlBytes(int ordinal) => throw null;
-                public virtual System.Data.SqlTypes.SqlChars GetSqlChars(int ordinal) => throw null;
-                public virtual System.Data.SqlTypes.SqlDateTime GetSqlDateTime(int ordinal) => throw null;
-                public virtual System.Data.SqlTypes.SqlDecimal GetSqlDecimal(int ordinal) => throw null;
-                public virtual System.Data.SqlTypes.SqlDouble GetSqlDouble(int ordinal) => throw null;
-                public virtual System.Type GetSqlFieldType(int ordinal) => throw null;
-                public virtual System.Data.SqlTypes.SqlGuid GetSqlGuid(int ordinal) => throw null;
-                public virtual System.Data.SqlTypes.SqlInt16 GetSqlInt16(int ordinal) => throw null;
-                public virtual System.Data.SqlTypes.SqlInt32 GetSqlInt32(int ordinal) => throw null;
-                public virtual System.Data.SqlTypes.SqlInt64 GetSqlInt64(int ordinal) => throw null;
-                public virtual Microsoft.SqlServer.Server.SqlMetaData GetSqlMetaData(int ordinal) => throw null;
-                public virtual System.Data.SqlTypes.SqlMoney GetSqlMoney(int ordinal) => throw null;
-                public virtual System.Data.SqlTypes.SqlSingle GetSqlSingle(int ordinal) => throw null;
-                public virtual System.Data.SqlTypes.SqlString GetSqlString(int ordinal) => throw null;
-                public virtual object GetSqlValue(int ordinal) => throw null;
-                public virtual int GetSqlValues(object[] values) => throw null;
-                public virtual System.Data.SqlTypes.SqlXml GetSqlXml(int ordinal) => throw null;
-                public virtual string GetString(int ordinal) => throw null;
-                public virtual System.TimeSpan GetTimeSpan(int ordinal) => throw null;
-                public virtual object GetValue(int ordinal) => throw null;
-                public virtual int GetValues(object[] values) => throw null;
-                public virtual bool IsDBNull(int ordinal) => throw null;
-                public virtual object this[string name] { get => throw null; }
-                public virtual object this[int ordinal] { get => throw null; }
-                public virtual void SetBoolean(int ordinal, bool value) => throw null;
-                public virtual void SetByte(int ordinal, System.Byte value) => throw null;
-                public virtual void SetBytes(int ordinal, System.Int64 fieldOffset, System.Byte[] buffer, int bufferOffset, int length) => throw null;
-                public virtual void SetChar(int ordinal, System.Char value) => throw null;
-                public virtual void SetChars(int ordinal, System.Int64 fieldOffset, System.Char[] buffer, int bufferOffset, int length) => throw null;
-                public virtual void SetDBNull(int ordinal) => throw null;
-                public virtual void SetDateTime(int ordinal, System.DateTime value) => throw null;
-                public virtual void SetDateTimeOffset(int ordinal, System.DateTimeOffset value) => throw null;
-                public virtual void SetDecimal(int ordinal, System.Decimal value) => throw null;
-                public virtual void SetDouble(int ordinal, double value) => throw null;
-                public virtual void SetFloat(int ordinal, float value) => throw null;
-                public virtual void SetGuid(int ordinal, System.Guid value) => throw null;
-                public virtual void SetInt16(int ordinal, System.Int16 value) => throw null;
-                public virtual void SetInt32(int ordinal, int value) => throw null;
-                public virtual void SetInt64(int ordinal, System.Int64 value) => throw null;
-                public virtual void SetSqlBinary(int ordinal, System.Data.SqlTypes.SqlBinary value) => throw null;
-                public virtual void SetSqlBoolean(int ordinal, System.Data.SqlTypes.SqlBoolean value) => throw null;
-                public virtual void SetSqlByte(int ordinal, System.Data.SqlTypes.SqlByte value) => throw null;
-                public virtual void SetSqlBytes(int ordinal, System.Data.SqlTypes.SqlBytes value) => throw null;
-                public virtual void SetSqlChars(int ordinal, System.Data.SqlTypes.SqlChars value) => throw null;
-                public virtual void SetSqlDateTime(int ordinal, System.Data.SqlTypes.SqlDateTime value) => throw null;
-                public virtual void SetSqlDecimal(int ordinal, System.Data.SqlTypes.SqlDecimal value) => throw null;
-                public virtual void SetSqlDouble(int ordinal, System.Data.SqlTypes.SqlDouble value) => throw null;
-                public virtual void SetSqlGuid(int ordinal, System.Data.SqlTypes.SqlGuid value) => throw null;
-                public virtual void SetSqlInt16(int ordinal, System.Data.SqlTypes.SqlInt16 value) => throw null;
-                public virtual void SetSqlInt32(int ordinal, System.Data.SqlTypes.SqlInt32 value) => throw null;
-                public virtual void SetSqlInt64(int ordinal, System.Data.SqlTypes.SqlInt64 value) => throw null;
-                public virtual void SetSqlMoney(int ordinal, System.Data.SqlTypes.SqlMoney value) => throw null;
-                public virtual void SetSqlSingle(int ordinal, System.Data.SqlTypes.SqlSingle value) => throw null;
-                public virtual void SetSqlString(int ordinal, System.Data.SqlTypes.SqlString value) => throw null;
-                public virtual void SetSqlXml(int ordinal, System.Data.SqlTypes.SqlXml value) => throw null;
-                public virtual void SetString(int ordinal, string value) => throw null;
-                public virtual void SetTimeSpan(int ordinal, System.TimeSpan value) => throw null;
-                public virtual void SetValue(int ordinal, object value) => throw null;
-                public virtual int SetValues(params object[] values) => throw null;
-                public SqlDataRecord(params Microsoft.SqlServer.Server.SqlMetaData[] metaData) => throw null;
-            }
-
-            // Generated from `Microsoft.SqlServer.Server.SqlFacetAttribute` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlFacetAttribute : System.Attribute
-            {
-                public bool IsFixedLength { get => throw null; set => throw null; }
-                public bool IsNullable { get => throw null; set => throw null; }
-                public int MaxSize { get => throw null; set => throw null; }
-                public int Precision { get => throw null; set => throw null; }
-                public int Scale { get => throw null; set => throw null; }
-                public SqlFacetAttribute() => throw null;
-            }
-
-            // Generated from `Microsoft.SqlServer.Server.SqlFunctionAttribute` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlFunctionAttribute : System.Attribute
-            {
-                public Microsoft.SqlServer.Server.DataAccessKind DataAccess { get => throw null; set => throw null; }
-                public string FillRowMethodName { get => throw null; set => throw null; }
-                public bool IsDeterministic { get => throw null; set => throw null; }
-                public bool IsPrecise { get => throw null; set => throw null; }
-                public string Name { get => throw null; set => throw null; }
-                public SqlFunctionAttribute() => throw null;
-                public Microsoft.SqlServer.Server.SystemDataAccessKind SystemDataAccess { get => throw null; set => throw null; }
-                public string TableDefinition { get => throw null; set => throw null; }
-            }
-
-            // Generated from `Microsoft.SqlServer.Server.SqlMetaData` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlMetaData
-            {
-                public string Adjust(string value) => throw null;
-                public object Adjust(object value) => throw null;
-                public int Adjust(int value) => throw null;
-                public float Adjust(float value) => throw null;
-                public double Adjust(double value) => throw null;
-                public bool Adjust(bool value) => throw null;
-                public System.TimeSpan Adjust(System.TimeSpan value) => throw null;
-                public System.Int64 Adjust(System.Int64 value) => throw null;
-                public System.Int16 Adjust(System.Int16 value) => throw null;
-                public System.Guid Adjust(System.Guid value) => throw null;
-                public System.Decimal Adjust(System.Decimal value) => throw null;
-                public System.DateTimeOffset Adjust(System.DateTimeOffset value) => throw null;
-                public System.DateTime Adjust(System.DateTime value) => throw null;
-                public System.Data.SqlTypes.SqlXml Adjust(System.Data.SqlTypes.SqlXml value) => throw null;
-                public System.Data.SqlTypes.SqlString Adjust(System.Data.SqlTypes.SqlString value) => throw null;
-                public System.Data.SqlTypes.SqlSingle Adjust(System.Data.SqlTypes.SqlSingle value) => throw null;
-                public System.Data.SqlTypes.SqlMoney Adjust(System.Data.SqlTypes.SqlMoney value) => throw null;
-                public System.Data.SqlTypes.SqlInt64 Adjust(System.Data.SqlTypes.SqlInt64 value) => throw null;
-                public System.Data.SqlTypes.SqlInt32 Adjust(System.Data.SqlTypes.SqlInt32 value) => throw null;
-                public System.Data.SqlTypes.SqlInt16 Adjust(System.Data.SqlTypes.SqlInt16 value) => throw null;
-                public System.Data.SqlTypes.SqlGuid Adjust(System.Data.SqlTypes.SqlGuid value) => throw null;
-                public System.Data.SqlTypes.SqlDouble Adjust(System.Data.SqlTypes.SqlDouble value) => throw null;
-                public System.Data.SqlTypes.SqlDecimal Adjust(System.Data.SqlTypes.SqlDecimal value) => throw null;
-                public System.Data.SqlTypes.SqlDateTime Adjust(System.Data.SqlTypes.SqlDateTime value) => throw null;
-                public System.Data.SqlTypes.SqlChars Adjust(System.Data.SqlTypes.SqlChars value) => throw null;
-                public System.Data.SqlTypes.SqlBytes Adjust(System.Data.SqlTypes.SqlBytes value) => throw null;
-                public System.Data.SqlTypes.SqlByte Adjust(System.Data.SqlTypes.SqlByte value) => throw null;
-                public System.Data.SqlTypes.SqlBoolean Adjust(System.Data.SqlTypes.SqlBoolean value) => throw null;
-                public System.Data.SqlTypes.SqlBinary Adjust(System.Data.SqlTypes.SqlBinary value) => throw null;
-                public System.Char[] Adjust(System.Char[] value) => throw null;
-                public System.Char Adjust(System.Char value) => throw null;
-                public System.Byte[] Adjust(System.Byte[] value) => throw null;
-                public System.Byte Adjust(System.Byte value) => throw null;
-                public System.Data.SqlTypes.SqlCompareOptions CompareOptions { get => throw null; }
-                public System.Data.DbType DbType { get => throw null; }
-                public static Microsoft.SqlServer.Server.SqlMetaData InferFromValue(object value, string name) => throw null;
-                public bool IsUniqueKey { get => throw null; }
-                public System.Int64 LocaleId { get => throw null; }
-                public static System.Int64 Max { get => throw null; }
-                public System.Int64 MaxLength { get => throw null; }
-                public string Name { get => throw null; }
-                public System.Byte Precision { get => throw null; }
-                public System.Byte Scale { get => throw null; }
-                public System.Data.SqlClient.SortOrder SortOrder { get => throw null; }
-                public int SortOrdinal { get => throw null; }
-                public System.Data.SqlDbType SqlDbType { get => throw null; }
-                public SqlMetaData(string name, System.Data.SqlDbType dbType, string database, string owningSchema, string objectName, bool useServerDefault, bool isUniqueKey, System.Data.SqlClient.SortOrder columnSortOrder, int sortOrdinal) => throw null;
-                public SqlMetaData(string name, System.Data.SqlDbType dbType, string database, string owningSchema, string objectName) => throw null;
-                public SqlMetaData(string name, System.Data.SqlDbType dbType, bool useServerDefault, bool isUniqueKey, System.Data.SqlClient.SortOrder columnSortOrder, int sortOrdinal) => throw null;
-                public SqlMetaData(string name, System.Data.SqlDbType dbType, System.Type userDefinedType, string serverTypeName, bool useServerDefault, bool isUniqueKey, System.Data.SqlClient.SortOrder columnSortOrder, int sortOrdinal) => throw null;
-                public SqlMetaData(string name, System.Data.SqlDbType dbType, System.Type userDefinedType, string serverTypeName) => throw null;
-                public SqlMetaData(string name, System.Data.SqlDbType dbType, System.Type userDefinedType) => throw null;
-                public SqlMetaData(string name, System.Data.SqlDbType dbType, System.Int64 maxLength, bool useServerDefault, bool isUniqueKey, System.Data.SqlClient.SortOrder columnSortOrder, int sortOrdinal) => throw null;
-                public SqlMetaData(string name, System.Data.SqlDbType dbType, System.Int64 maxLength, System.Int64 locale, System.Data.SqlTypes.SqlCompareOptions compareOptions, bool useServerDefault, bool isUniqueKey, System.Data.SqlClient.SortOrder columnSortOrder, int sortOrdinal) => throw null;
-                public SqlMetaData(string name, System.Data.SqlDbType dbType, System.Int64 maxLength, System.Int64 locale, System.Data.SqlTypes.SqlCompareOptions compareOptions) => throw null;
-                public SqlMetaData(string name, System.Data.SqlDbType dbType, System.Int64 maxLength, System.Byte precision, System.Byte scale, System.Int64 localeId, System.Data.SqlTypes.SqlCompareOptions compareOptions, System.Type userDefinedType, bool useServerDefault, bool isUniqueKey, System.Data.SqlClient.SortOrder columnSortOrder, int sortOrdinal) => throw null;
-                public SqlMetaData(string name, System.Data.SqlDbType dbType, System.Int64 maxLength, System.Byte precision, System.Byte scale, System.Int64 locale, System.Data.SqlTypes.SqlCompareOptions compareOptions, System.Type userDefinedType) => throw null;
-                public SqlMetaData(string name, System.Data.SqlDbType dbType, System.Int64 maxLength) => throw null;
-                public SqlMetaData(string name, System.Data.SqlDbType dbType, System.Byte precision, System.Byte scale, bool useServerDefault, bool isUniqueKey, System.Data.SqlClient.SortOrder columnSortOrder, int sortOrdinal) => throw null;
-                public SqlMetaData(string name, System.Data.SqlDbType dbType, System.Byte precision, System.Byte scale) => throw null;
-                public SqlMetaData(string name, System.Data.SqlDbType dbType) => throw null;
-                public System.Type Type { get => throw null; }
-                public string TypeName { get => throw null; }
-                public bool UseServerDefault { get => throw null; }
-                public string XmlSchemaCollectionDatabase { get => throw null; }
-                public string XmlSchemaCollectionName { get => throw null; }
-                public string XmlSchemaCollectionOwningSchema { get => throw null; }
-            }
-
-            // Generated from `Microsoft.SqlServer.Server.SqlMethodAttribute` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlMethodAttribute : Microsoft.SqlServer.Server.SqlFunctionAttribute
-            {
-                public bool InvokeIfReceiverIsNull { get => throw null; set => throw null; }
-                public bool IsMutator { get => throw null; set => throw null; }
-                public bool OnNullCall { get => throw null; set => throw null; }
-                public SqlMethodAttribute() => throw null;
-            }
-
-            // Generated from `Microsoft.SqlServer.Server.SqlUserDefinedAggregateAttribute` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlUserDefinedAggregateAttribute : System.Attribute
-            {
-                public Microsoft.SqlServer.Server.Format Format { get => throw null; }
-                public bool IsInvariantToDuplicates { get => throw null; set => throw null; }
-                public bool IsInvariantToNulls { get => throw null; set => throw null; }
-                public bool IsInvariantToOrder { get => throw null; set => throw null; }
-                public bool IsNullIfEmpty { get => throw null; set => throw null; }
-                public int MaxByteSize { get => throw null; set => throw null; }
-                public const int MaxByteSizeValue = default;
-                public string Name { get => throw null; set => throw null; }
-                public SqlUserDefinedAggregateAttribute(Microsoft.SqlServer.Server.Format format) => throw null;
-            }
-
-            // Generated from `Microsoft.SqlServer.Server.SqlUserDefinedTypeAttribute` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlUserDefinedTypeAttribute : System.Attribute
-            {
-                public Microsoft.SqlServer.Server.Format Format { get => throw null; }
-                public bool IsByteOrdered { get => throw null; set => throw null; }
-                public bool IsFixedLength { get => throw null; set => throw null; }
-                public int MaxByteSize { get => throw null; set => throw null; }
-                public string Name { get => throw null; set => throw null; }
-                public SqlUserDefinedTypeAttribute(Microsoft.SqlServer.Server.Format format) => throw null;
-                public string ValidationMethodName { get => throw null; set => throw null; }
-            }
-
-            // Generated from `Microsoft.SqlServer.Server.SystemDataAccessKind` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public enum SystemDataAccessKind
-            {
-                None,
-                Read,
-            }
-
-        }
-    }
-}
-namespace System
-{
-    namespace Data
-    {
-        // Generated from `System.Data.OperationAbortedException` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-        public class OperationAbortedException : System.SystemException
-        {
-        }
-
-        namespace Sql
-        {
-            // Generated from `System.Data.Sql.SqlNotificationRequest` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlNotificationRequest
-            {
-                public string Options { get => throw null; set => throw null; }
-                public SqlNotificationRequest(string userData, string options, int timeout) => throw null;
-                public SqlNotificationRequest() => throw null;
-                public int Timeout { get => throw null; set => throw null; }
-                public string UserData { get => throw null; set => throw null; }
-            }
-
-        }
-        namespace SqlClient
-        {
-            // Generated from `System.Data.SqlClient.ApplicationIntent` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public enum ApplicationIntent
-            {
-                ReadOnly,
-                ReadWrite,
-            }
-
-            // Generated from `System.Data.SqlClient.OnChangeEventHandler` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public delegate void OnChangeEventHandler(object sender, System.Data.SqlClient.SqlNotificationEventArgs e);
-
-            // Generated from `System.Data.SqlClient.PoolBlockingPeriod` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public enum PoolBlockingPeriod
-            {
-                AlwaysBlock,
-                Auto,
-                NeverBlock,
-            }
-
-            // Generated from `System.Data.SqlClient.SortOrder` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public enum SortOrder
-            {
-                Ascending,
-                Descending,
-                Unspecified,
-            }
-
-            // Generated from `System.Data.SqlClient.SqlBulkCopy` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlBulkCopy : System.IDisposable
-            {
-                public int BatchSize { get => throw null; set => throw null; }
-                public int BulkCopyTimeout { get => throw null; set => throw null; }
-                public void Close() => throw null;
-                public System.Data.SqlClient.SqlBulkCopyColumnMappingCollection ColumnMappings { get => throw null; }
-                public string DestinationTableName { get => throw null; set => throw null; }
-                void System.IDisposable.Dispose() => throw null;
-                public bool EnableStreaming { get => throw null; set => throw null; }
-                public int NotifyAfter { get => throw null; set => throw null; }
-                public SqlBulkCopy(string connectionString, System.Data.SqlClient.SqlBulkCopyOptions copyOptions) => throw null;
-                public SqlBulkCopy(string connectionString) => throw null;
-                public SqlBulkCopy(System.Data.SqlClient.SqlConnection connection, System.Data.SqlClient.SqlBulkCopyOptions copyOptions, System.Data.SqlClient.SqlTransaction externalTransaction) => throw null;
-                public SqlBulkCopy(System.Data.SqlClient.SqlConnection connection) => throw null;
-                public event System.Data.SqlClient.SqlRowsCopiedEventHandler SqlRowsCopied;
-                public void WriteToServer(System.Data.IDataReader reader) => throw null;
-                public void WriteToServer(System.Data.DataTable table, System.Data.DataRowState rowState) => throw null;
-                public void WriteToServer(System.Data.DataTable table) => throw null;
-                public void WriteToServer(System.Data.DataRow[] rows) => throw null;
-                public void WriteToServer(System.Data.Common.DbDataReader reader) => throw null;
-                public System.Threading.Tasks.Task WriteToServerAsync(System.Data.IDataReader reader, System.Threading.CancellationToken cancellationToken) => throw null;
-                public System.Threading.Tasks.Task WriteToServerAsync(System.Data.IDataReader reader) => throw null;
-                public System.Threading.Tasks.Task WriteToServerAsync(System.Data.DataTable table, System.Threading.CancellationToken cancellationToken) => throw null;
-                public System.Threading.Tasks.Task WriteToServerAsync(System.Data.DataTable table, System.Data.DataRowState rowState, System.Threading.CancellationToken cancellationToken) => throw null;
-                public System.Threading.Tasks.Task WriteToServerAsync(System.Data.DataTable table, System.Data.DataRowState rowState) => throw null;
-                public System.Threading.Tasks.Task WriteToServerAsync(System.Data.DataTable table) => throw null;
-                public System.Threading.Tasks.Task WriteToServerAsync(System.Data.DataRow[] rows, System.Threading.CancellationToken cancellationToken) => throw null;
-                public System.Threading.Tasks.Task WriteToServerAsync(System.Data.DataRow[] rows) => throw null;
-                public System.Threading.Tasks.Task WriteToServerAsync(System.Data.Common.DbDataReader reader, System.Threading.CancellationToken cancellationToken) => throw null;
-                public System.Threading.Tasks.Task WriteToServerAsync(System.Data.Common.DbDataReader reader) => throw null;
-            }
-
-            // Generated from `System.Data.SqlClient.SqlBulkCopyColumnMapping` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlBulkCopyColumnMapping
-            {
-                public string DestinationColumn { get => throw null; set => throw null; }
-                public int DestinationOrdinal { get => throw null; set => throw null; }
-                public string SourceColumn { get => throw null; set => throw null; }
-                public int SourceOrdinal { get => throw null; set => throw null; }
-                public SqlBulkCopyColumnMapping(string sourceColumn, string destinationColumn) => throw null;
-                public SqlBulkCopyColumnMapping(string sourceColumn, int destinationOrdinal) => throw null;
-                public SqlBulkCopyColumnMapping(int sourceColumnOrdinal, string destinationColumn) => throw null;
-                public SqlBulkCopyColumnMapping(int sourceColumnOrdinal, int destinationOrdinal) => throw null;
-                public SqlBulkCopyColumnMapping() => throw null;
-            }
-
-            // Generated from `System.Data.SqlClient.SqlBulkCopyColumnMappingCollection` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlBulkCopyColumnMappingCollection : System.Collections.CollectionBase
-            {
-                public System.Data.SqlClient.SqlBulkCopyColumnMapping Add(string sourceColumn, string destinationColumn) => throw null;
-                public System.Data.SqlClient.SqlBulkCopyColumnMapping Add(string sourceColumn, int destinationColumnIndex) => throw null;
-                public System.Data.SqlClient.SqlBulkCopyColumnMapping Add(int sourceColumnIndex, string destinationColumn) => throw null;
-                public System.Data.SqlClient.SqlBulkCopyColumnMapping Add(int sourceColumnIndex, int destinationColumnIndex) => throw null;
-                public System.Data.SqlClient.SqlBulkCopyColumnMapping Add(System.Data.SqlClient.SqlBulkCopyColumnMapping bulkCopyColumnMapping) => throw null;
-                public void Clear() => throw null;
-                public bool Contains(System.Data.SqlClient.SqlBulkCopyColumnMapping value) => throw null;
-                public void CopyTo(System.Data.SqlClient.SqlBulkCopyColumnMapping[] array, int index) => throw null;
-                public int IndexOf(System.Data.SqlClient.SqlBulkCopyColumnMapping value) => throw null;
-                public void Insert(int index, System.Data.SqlClient.SqlBulkCopyColumnMapping value) => throw null;
-                public System.Data.SqlClient.SqlBulkCopyColumnMapping this[int index] { get => throw null; }
-                public void Remove(System.Data.SqlClient.SqlBulkCopyColumnMapping value) => throw null;
-                public void RemoveAt(int index) => throw null;
-            }
-
-            // Generated from `System.Data.SqlClient.SqlBulkCopyOptions` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            [System.Flags]
-            public enum SqlBulkCopyOptions
-            {
-                CheckConstraints,
-                Default,
-                FireTriggers,
-                KeepIdentity,
-                KeepNulls,
-                TableLock,
-                UseInternalTransaction,
-            }
-
-            // Generated from `System.Data.SqlClient.SqlClientFactory` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlClientFactory : System.Data.Common.DbProviderFactory
-            {
-                public override System.Data.Common.DbCommand CreateCommand() => throw null;
-                public override System.Data.Common.DbCommandBuilder CreateCommandBuilder() => throw null;
-                public override System.Data.Common.DbConnection CreateConnection() => throw null;
-                public override System.Data.Common.DbConnectionStringBuilder CreateConnectionStringBuilder() => throw null;
-                public override System.Data.Common.DbDataAdapter CreateDataAdapter() => throw null;
-                public override System.Data.Common.DbParameter CreateParameter() => throw null;
-                public static System.Data.SqlClient.SqlClientFactory Instance;
-            }
-
-            // Generated from `System.Data.SqlClient.SqlClientMetaDataCollectionNames` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public static class SqlClientMetaDataCollectionNames
-            {
-                public static string Columns;
-                public static string Databases;
-                public static string ForeignKeys;
-                public static string IndexColumns;
-                public static string Indexes;
-                public static string Parameters;
-                public static string ProcedureColumns;
-                public static string Procedures;
-                public static string Tables;
-                public static string UserDefinedTypes;
-                public static string Users;
-                public static string ViewColumns;
-                public static string Views;
-            }
-
-            // Generated from `System.Data.SqlClient.SqlCommand` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlCommand : System.Data.Common.DbCommand, System.ICloneable
-            {
-                public System.IAsyncResult BeginExecuteNonQuery(System.AsyncCallback callback, object stateObject) => throw null;
-                public System.IAsyncResult BeginExecuteNonQuery() => throw null;
-                public System.IAsyncResult BeginExecuteReader(System.Data.CommandBehavior behavior) => throw null;
-                public System.IAsyncResult BeginExecuteReader(System.AsyncCallback callback, object stateObject, System.Data.CommandBehavior behavior) => throw null;
-                public System.IAsyncResult BeginExecuteReader(System.AsyncCallback callback, object stateObject) => throw null;
-                public System.IAsyncResult BeginExecuteReader() => throw null;
-                public System.IAsyncResult BeginExecuteXmlReader(System.AsyncCallback callback, object stateObject) => throw null;
-                public System.IAsyncResult BeginExecuteXmlReader() => throw null;
-                public override void Cancel() => throw null;
-                public System.Data.SqlClient.SqlCommand Clone() => throw null;
-                object System.ICloneable.Clone() => throw null;
-                public override string CommandText { get => throw null; set => throw null; }
-                public override int CommandTimeout { get => throw null; set => throw null; }
-                public override System.Data.CommandType CommandType { get => throw null; set => throw null; }
-                public System.Data.SqlClient.SqlConnection Connection { get => throw null; set => throw null; }
-                protected override System.Data.Common.DbParameter CreateDbParameter() => throw null;
-                public System.Data.SqlClient.SqlParameter CreateParameter() => throw null;
-                protected override System.Data.Common.DbConnection DbConnection { get => throw null; set => throw null; }
-                protected override System.Data.Common.DbParameterCollection DbParameterCollection { get => throw null; }
-                protected override System.Data.Common.DbTransaction DbTransaction { get => throw null; set => throw null; }
-                public override bool DesignTimeVisible { get => throw null; set => throw null; }
-                protected override void Dispose(bool disposing) => throw null;
-                public int EndExecuteNonQuery(System.IAsyncResult asyncResult) => throw null;
-                public System.Data.SqlClient.SqlDataReader EndExecuteReader(System.IAsyncResult asyncResult) => throw null;
-                public System.Xml.XmlReader EndExecuteXmlReader(System.IAsyncResult asyncResult) => throw null;
-                protected override System.Data.Common.DbDataReader ExecuteDbDataReader(System.Data.CommandBehavior behavior) => throw null;
-                protected override System.Threading.Tasks.Task<System.Data.Common.DbDataReader> ExecuteDbDataReaderAsync(System.Data.CommandBehavior behavior, System.Threading.CancellationToken cancellationToken) => throw null;
-                public override int ExecuteNonQuery() => throw null;
-                public override System.Threading.Tasks.Task<int> ExecuteNonQueryAsync(System.Threading.CancellationToken cancellationToken) => throw null;
-                public System.Data.SqlClient.SqlDataReader ExecuteReader(System.Data.CommandBehavior behavior) => throw null;
-                public System.Data.SqlClient.SqlDataReader ExecuteReader() => throw null;
-                public System.Threading.Tasks.Task<System.Data.SqlClient.SqlDataReader> ExecuteReaderAsync(System.Threading.CancellationToken cancellationToken) => throw null;
-                public System.Threading.Tasks.Task<System.Data.SqlClient.SqlDataReader> ExecuteReaderAsync(System.Data.CommandBehavior behavior, System.Threading.CancellationToken cancellationToken) => throw null;
-                public System.Threading.Tasks.Task<System.Data.SqlClient.SqlDataReader> ExecuteReaderAsync(System.Data.CommandBehavior behavior) => throw null;
-                public System.Threading.Tasks.Task<System.Data.SqlClient.SqlDataReader> ExecuteReaderAsync() => throw null;
-                public override object ExecuteScalar() => throw null;
-                public override System.Threading.Tasks.Task<object> ExecuteScalarAsync(System.Threading.CancellationToken cancellationToken) => throw null;
-                public System.Xml.XmlReader ExecuteXmlReader() => throw null;
-                public System.Threading.Tasks.Task<System.Xml.XmlReader> ExecuteXmlReaderAsync(System.Threading.CancellationToken cancellationToken) => throw null;
-                public System.Threading.Tasks.Task<System.Xml.XmlReader> ExecuteXmlReaderAsync() => throw null;
-                public System.Data.Sql.SqlNotificationRequest Notification { get => throw null; set => throw null; }
-                public System.Data.SqlClient.SqlParameterCollection Parameters { get => throw null; }
-                public override void Prepare() => throw null;
-                public void ResetCommandTimeout() => throw null;
-                public SqlCommand(string cmdText, System.Data.SqlClient.SqlConnection connection, System.Data.SqlClient.SqlTransaction transaction) => throw null;
-                public SqlCommand(string cmdText, System.Data.SqlClient.SqlConnection connection) => throw null;
-                public SqlCommand(string cmdText) => throw null;
-                public SqlCommand() => throw null;
-                public event System.Data.StatementCompletedEventHandler StatementCompleted;
-                public System.Data.SqlClient.SqlTransaction Transaction { get => throw null; set => throw null; }
-                public override System.Data.UpdateRowSource UpdatedRowSource { get => throw null; set => throw null; }
-            }
-
-            // Generated from `System.Data.SqlClient.SqlCommandBuilder` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlCommandBuilder : System.Data.Common.DbCommandBuilder
-            {
-                protected override void ApplyParameterInfo(System.Data.Common.DbParameter parameter, System.Data.DataRow datarow, System.Data.StatementType statementType, bool whereClause) => throw null;
-                public override System.Data.Common.CatalogLocation CatalogLocation { get => throw null; set => throw null; }
-                public override string CatalogSeparator { get => throw null; set => throw null; }
-                public System.Data.SqlClient.SqlDataAdapter DataAdapter { get => throw null; set => throw null; }
-                public static void DeriveParameters(System.Data.SqlClient.SqlCommand command) => throw null;
-                public System.Data.SqlClient.SqlCommand GetDeleteCommand(bool useColumnsForParameterNames) => throw null;
-                public System.Data.SqlClient.SqlCommand GetDeleteCommand() => throw null;
-                public System.Data.SqlClient.SqlCommand GetInsertCommand(bool useColumnsForParameterNames) => throw null;
-                public System.Data.SqlClient.SqlCommand GetInsertCommand() => throw null;
-                protected override string GetParameterName(string parameterName) => throw null;
-                protected override string GetParameterName(int parameterOrdinal) => throw null;
-                protected override string GetParameterPlaceholder(int parameterOrdinal) => throw null;
-                protected override System.Data.DataTable GetSchemaTable(System.Data.Common.DbCommand srcCommand) => throw null;
-                public System.Data.SqlClient.SqlCommand GetUpdateCommand(bool useColumnsForParameterNames) => throw null;
-                public System.Data.SqlClient.SqlCommand GetUpdateCommand() => throw null;
-                protected override System.Data.Common.DbCommand InitializeCommand(System.Data.Common.DbCommand command) => throw null;
-                public override string QuoteIdentifier(string unquotedIdentifier) => throw null;
-                public override string QuotePrefix { get => throw null; set => throw null; }
-                public override string QuoteSuffix { get => throw null; set => throw null; }
-                public override string SchemaSeparator { get => throw null; set => throw null; }
-                protected override void SetRowUpdatingHandler(System.Data.Common.DbDataAdapter adapter) => throw null;
-                public SqlCommandBuilder(System.Data.SqlClient.SqlDataAdapter adapter) => throw null;
-                public SqlCommandBuilder() => throw null;
-                public override string UnquoteIdentifier(string quotedIdentifier) => throw null;
-            }
-
-            // Generated from `System.Data.SqlClient.SqlConnection` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlConnection : System.Data.Common.DbConnection, System.ICloneable
-            {
-                public string AccessToken { get => throw null; set => throw null; }
-                protected override System.Data.Common.DbTransaction BeginDbTransaction(System.Data.IsolationLevel isolationLevel) => throw null;
-                public System.Data.SqlClient.SqlTransaction BeginTransaction(string transactionName) => throw null;
-                public System.Data.SqlClient.SqlTransaction BeginTransaction(System.Data.IsolationLevel iso, string transactionName) => throw null;
-                public System.Data.SqlClient.SqlTransaction BeginTransaction(System.Data.IsolationLevel iso) => throw null;
-                public System.Data.SqlClient.SqlTransaction BeginTransaction() => throw null;
-                public override void ChangeDatabase(string database) => throw null;
-                public static void ChangePassword(string connectionString, string newPassword) => throw null;
-                public static void ChangePassword(string connectionString, System.Data.SqlClient.SqlCredential credential, System.Security.SecureString newPassword) => throw null;
-                public static void ClearAllPools() => throw null;
-                public static void ClearPool(System.Data.SqlClient.SqlConnection connection) => throw null;
-                public System.Guid ClientConnectionId { get => throw null; }
-                object System.ICloneable.Clone() => throw null;
-                public override void Close() => throw null;
-                public override string ConnectionString { get => throw null; set => throw null; }
-                public override int ConnectionTimeout { get => throw null; }
-                public System.Data.SqlClient.SqlCommand CreateCommand() => throw null;
-                protected override System.Data.Common.DbCommand CreateDbCommand() => throw null;
-                public System.Data.SqlClient.SqlCredential Credential { get => throw null; set => throw null; }
-                public override string DataSource { get => throw null; }
-                public override string Database { get => throw null; }
-                protected override void Dispose(bool disposing) => throw null;
-                public bool FireInfoMessageEventOnUserErrors { get => throw null; set => throw null; }
-                public override System.Data.DataTable GetSchema(string collectionName, string[] restrictionValues) => throw null;
-                public override System.Data.DataTable GetSchema(string collectionName) => throw null;
-                public override System.Data.DataTable GetSchema() => throw null;
-                public event System.Data.SqlClient.SqlInfoMessageEventHandler InfoMessage;
-                public override void Open() => throw null;
-                public override System.Threading.Tasks.Task OpenAsync(System.Threading.CancellationToken cancellationToken) => throw null;
-                public int PacketSize { get => throw null; }
-                public void ResetStatistics() => throw null;
-                public System.Collections.IDictionary RetrieveStatistics() => throw null;
-                public override string ServerVersion { get => throw null; }
-                public SqlConnection(string connectionString, System.Data.SqlClient.SqlCredential credential) => throw null;
-                public SqlConnection(string connectionString) => throw null;
-                public SqlConnection() => throw null;
-                public override System.Data.ConnectionState State { get => throw null; }
-                public bool StatisticsEnabled { get => throw null; set => throw null; }
-                public string WorkstationId { get => throw null; }
-            }
-
-            // Generated from `System.Data.SqlClient.SqlConnectionStringBuilder` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlConnectionStringBuilder : System.Data.Common.DbConnectionStringBuilder
-            {
-                public System.Data.SqlClient.ApplicationIntent ApplicationIntent { get => throw null; set => throw null; }
-                public string ApplicationName { get => throw null; set => throw null; }
-                public string AttachDBFilename { get => throw null; set => throw null; }
-                public override void Clear() => throw null;
-                public int ConnectRetryCount { get => throw null; set => throw null; }
-                public int ConnectRetryInterval { get => throw null; set => throw null; }
-                public int ConnectTimeout { get => throw null; set => throw null; }
-                public override bool ContainsKey(string keyword) => throw null;
-                public string CurrentLanguage { get => throw null; set => throw null; }
-                public string DataSource { get => throw null; set => throw null; }
-                public bool Encrypt { get => throw null; set => throw null; }
-                public bool Enlist { get => throw null; set => throw null; }
-                public string FailoverPartner { get => throw null; set => throw null; }
-                public string InitialCatalog { get => throw null; set => throw null; }
-                public bool IntegratedSecurity { get => throw null; set => throw null; }
-                public override object this[string keyword] { get => throw null; set => throw null; }
-                public override System.Collections.ICollection Keys { get => throw null; }
-                public int LoadBalanceTimeout { get => throw null; set => throw null; }
-                public int MaxPoolSize { get => throw null; set => throw null; }
-                public int MinPoolSize { get => throw null; set => throw null; }
-                public bool MultiSubnetFailover { get => throw null; set => throw null; }
-                public bool MultipleActiveResultSets { get => throw null; set => throw null; }
-                public int PacketSize { get => throw null; set => throw null; }
-                public string Password { get => throw null; set => throw null; }
-                public bool PersistSecurityInfo { get => throw null; set => throw null; }
-                public System.Data.SqlClient.PoolBlockingPeriod PoolBlockingPeriod { get => throw null; set => throw null; }
-                public bool Pooling { get => throw null; set => throw null; }
-                public override bool Remove(string keyword) => throw null;
-                public bool Replication { get => throw null; set => throw null; }
-                public override bool ShouldSerialize(string keyword) => throw null;
-                public SqlConnectionStringBuilder(string connectionString) => throw null;
-                public SqlConnectionStringBuilder() => throw null;
-                public string TransactionBinding { get => throw null; set => throw null; }
-                public bool TrustServerCertificate { get => throw null; set => throw null; }
-                public override bool TryGetValue(string keyword, out object value) => throw null;
-                public string TypeSystemVersion { get => throw null; set => throw null; }
-                public string UserID { get => throw null; set => throw null; }
-                public bool UserInstance { get => throw null; set => throw null; }
-                public override System.Collections.ICollection Values { get => throw null; }
-                public string WorkstationID { get => throw null; set => throw null; }
-            }
-
-            // Generated from `System.Data.SqlClient.SqlCredential` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlCredential
-            {
-                public System.Security.SecureString Password { get => throw null; }
-                public SqlCredential(string userId, System.Security.SecureString password) => throw null;
-                public string UserId { get => throw null; }
-            }
-
-            // Generated from `System.Data.SqlClient.SqlDataAdapter` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlDataAdapter : System.Data.Common.DbDataAdapter, System.ICloneable, System.Data.IDbDataAdapter, System.Data.IDataAdapter
-            {
-                object System.ICloneable.Clone() => throw null;
-                public System.Data.SqlClient.SqlCommand DeleteCommand { get => throw null; set => throw null; }
-                System.Data.IDbCommand System.Data.IDbDataAdapter.DeleteCommand { get => throw null; set => throw null; }
-                public System.Data.SqlClient.SqlCommand InsertCommand { get => throw null; set => throw null; }
-                System.Data.IDbCommand System.Data.IDbDataAdapter.InsertCommand { get => throw null; set => throw null; }
-                protected override void OnRowUpdated(System.Data.Common.RowUpdatedEventArgs value) => throw null;
-                protected override void OnRowUpdating(System.Data.Common.RowUpdatingEventArgs value) => throw null;
-                public event System.Data.SqlClient.SqlRowUpdatedEventHandler RowUpdated;
-                public event System.Data.SqlClient.SqlRowUpdatingEventHandler RowUpdating;
-                public System.Data.SqlClient.SqlCommand SelectCommand { get => throw null; set => throw null; }
-                System.Data.IDbCommand System.Data.IDbDataAdapter.SelectCommand { get => throw null; set => throw null; }
-                public SqlDataAdapter(string selectCommandText, string selectConnectionString) => throw null;
-                public SqlDataAdapter(string selectCommandText, System.Data.SqlClient.SqlConnection selectConnection) => throw null;
-                public SqlDataAdapter(System.Data.SqlClient.SqlCommand selectCommand) => throw null;
-                public SqlDataAdapter() => throw null;
-                public override int UpdateBatchSize { get => throw null; set => throw null; }
-                public System.Data.SqlClient.SqlCommand UpdateCommand { get => throw null; set => throw null; }
-                System.Data.IDbCommand System.Data.IDbDataAdapter.UpdateCommand { get => throw null; set => throw null; }
-            }
-
-            // Generated from `System.Data.SqlClient.SqlDataReader` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlDataReader : System.Data.Common.DbDataReader, System.IDisposable, System.Data.Common.IDbColumnSchemaGenerator
-            {
-                protected System.Data.SqlClient.SqlConnection Connection { get => throw null; }
-                public override int Depth { get => throw null; }
-                public override int FieldCount { get => throw null; }
-                public override bool GetBoolean(int i) => throw null;
-                public override System.Byte GetByte(int i) => throw null;
-                public override System.Int64 GetBytes(int i, System.Int64 dataIndex, System.Byte[] buffer, int bufferIndex, int length) => throw null;
-                public override System.Char GetChar(int i) => throw null;
-                public override System.Int64 GetChars(int i, System.Int64 dataIndex, System.Char[] buffer, int bufferIndex, int length) => throw null;
-                public System.Collections.ObjectModel.ReadOnlyCollection<System.Data.Common.DbColumn> GetColumnSchema() => throw null;
-                public override string GetDataTypeName(int i) => throw null;
-                public override System.DateTime GetDateTime(int i) => throw null;
-                public virtual System.DateTimeOffset GetDateTimeOffset(int i) => throw null;
-                public override System.Decimal GetDecimal(int i) => throw null;
-                public override double GetDouble(int i) => throw null;
-                public override System.Collections.IEnumerator GetEnumerator() => throw null;
-                public override System.Type GetFieldType(int i) => throw null;
-                public override T GetFieldValue<T>(int i) => throw null;
-                public override System.Threading.Tasks.Task<T> GetFieldValueAsync<T>(int i, System.Threading.CancellationToken cancellationToken) => throw null;
-                public override float GetFloat(int i) => throw null;
-                public override System.Guid GetGuid(int i) => throw null;
-                public override System.Int16 GetInt16(int i) => throw null;
-                public override int GetInt32(int i) => throw null;
-                public override System.Int64 GetInt64(int i) => throw null;
-                public override string GetName(int i) => throw null;
-                public override int GetOrdinal(string name) => throw null;
-                public override System.Type GetProviderSpecificFieldType(int i) => throw null;
-                public override object GetProviderSpecificValue(int i) => throw null;
-                public override int GetProviderSpecificValues(object[] values) => throw null;
-                public override System.Data.DataTable GetSchemaTable() => throw null;
-                public virtual System.Data.SqlTypes.SqlBinary GetSqlBinary(int i) => throw null;
-                public virtual System.Data.SqlTypes.SqlBoolean GetSqlBoolean(int i) => throw null;
-                public virtual System.Data.SqlTypes.SqlByte GetSqlByte(int i) => throw null;
-                public virtual System.Data.SqlTypes.SqlBytes GetSqlBytes(int i) => throw null;
-                public virtual System.Data.SqlTypes.SqlChars GetSqlChars(int i) => throw null;
-                public virtual System.Data.SqlTypes.SqlDateTime GetSqlDateTime(int i) => throw null;
-                public virtual System.Data.SqlTypes.SqlDecimal GetSqlDecimal(int i) => throw null;
-                public virtual System.Data.SqlTypes.SqlDouble GetSqlDouble(int i) => throw null;
-                public virtual System.Data.SqlTypes.SqlGuid GetSqlGuid(int i) => throw null;
-                public virtual System.Data.SqlTypes.SqlInt16 GetSqlInt16(int i) => throw null;
-                public virtual System.Data.SqlTypes.SqlInt32 GetSqlInt32(int i) => throw null;
-                public virtual System.Data.SqlTypes.SqlInt64 GetSqlInt64(int i) => throw null;
-                public virtual System.Data.SqlTypes.SqlMoney GetSqlMoney(int i) => throw null;
-                public virtual System.Data.SqlTypes.SqlSingle GetSqlSingle(int i) => throw null;
-                public virtual System.Data.SqlTypes.SqlString GetSqlString(int i) => throw null;
-                public virtual object GetSqlValue(int i) => throw null;
-                public virtual int GetSqlValues(object[] values) => throw null;
-                public virtual System.Data.SqlTypes.SqlXml GetSqlXml(int i) => throw null;
-                public override System.IO.Stream GetStream(int i) => throw null;
-                public override string GetString(int i) => throw null;
-                public override System.IO.TextReader GetTextReader(int i) => throw null;
-                public virtual System.TimeSpan GetTimeSpan(int i) => throw null;
-                public override object GetValue(int i) => throw null;
-                public override int GetValues(object[] values) => throw null;
-                public virtual System.Xml.XmlReader GetXmlReader(int i) => throw null;
-                public override bool HasRows { get => throw null; }
-                public override bool IsClosed { get => throw null; }
-                protected internal bool IsCommandBehavior(System.Data.CommandBehavior condition) => throw null;
-                public override bool IsDBNull(int i) => throw null;
-                public override System.Threading.Tasks.Task<bool> IsDBNullAsync(int i, System.Threading.CancellationToken cancellationToken) => throw null;
-                public override object this[string name] { get => throw null; }
-                public override object this[int i] { get => throw null; }
-                public override bool NextResult() => throw null;
-                public override System.Threading.Tasks.Task<bool> NextResultAsync(System.Threading.CancellationToken cancellationToken) => throw null;
-                public override bool Read() => throw null;
-                public override System.Threading.Tasks.Task<bool> ReadAsync(System.Threading.CancellationToken cancellationToken) => throw null;
-                public override int RecordsAffected { get => throw null; }
-                public override int VisibleFieldCount { get => throw null; }
-            }
-
-            // Generated from `System.Data.SqlClient.SqlDependency` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlDependency
-            {
-                public void AddCommandDependency(System.Data.SqlClient.SqlCommand command) => throw null;
-                public bool HasChanges { get => throw null; }
-                public string Id { get => throw null; }
-                public event System.Data.SqlClient.OnChangeEventHandler OnChange;
-                public SqlDependency(System.Data.SqlClient.SqlCommand command, string options, int timeout) => throw null;
-                public SqlDependency(System.Data.SqlClient.SqlCommand command) => throw null;
-                public SqlDependency() => throw null;
-                public static bool Start(string connectionString, string queue) => throw null;
-                public static bool Start(string connectionString) => throw null;
-                public static bool Stop(string connectionString, string queue) => throw null;
-                public static bool Stop(string connectionString) => throw null;
-            }
-
-            // Generated from `System.Data.SqlClient.SqlError` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlError
-            {
-                public System.Byte Class { get => throw null; }
-                public int LineNumber { get => throw null; }
-                public string Message { get => throw null; }
-                public int Number { get => throw null; }
-                public string Procedure { get => throw null; }
-                public string Server { get => throw null; }
-                public string Source { get => throw null; }
-                public System.Byte State { get => throw null; }
-                public override string ToString() => throw null;
-            }
-
-            // Generated from `System.Data.SqlClient.SqlErrorCollection` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlErrorCollection : System.Collections.IEnumerable, System.Collections.ICollection
-            {
-                public void CopyTo(System.Data.SqlClient.SqlError[] array, int index) => throw null;
-                public void CopyTo(System.Array array, int index) => throw null;
-                public int Count { get => throw null; }
-                public System.Collections.IEnumerator GetEnumerator() => throw null;
-                bool System.Collections.ICollection.IsSynchronized { get => throw null; }
-                public System.Data.SqlClient.SqlError this[int index] { get => throw null; }
-                object System.Collections.ICollection.SyncRoot { get => throw null; }
-            }
-
-            // Generated from `System.Data.SqlClient.SqlException` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlException : System.Data.Common.DbException
-            {
-                public System.Byte Class { get => throw null; }
-                public System.Guid ClientConnectionId { get => throw null; }
-                public System.Data.SqlClient.SqlErrorCollection Errors { get => throw null; }
-                public override void GetObjectData(System.Runtime.Serialization.SerializationInfo si, System.Runtime.Serialization.StreamingContext context) => throw null;
-                public int LineNumber { get => throw null; }
-                public int Number { get => throw null; }
-                public string Procedure { get => throw null; }
-                public string Server { get => throw null; }
-                public override string Source { get => throw null; }
-                public System.Byte State { get => throw null; }
-                public override string ToString() => throw null;
-            }
-
-            // Generated from `System.Data.SqlClient.SqlInfoMessageEventArgs` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlInfoMessageEventArgs : System.EventArgs
-            {
-                public System.Data.SqlClient.SqlErrorCollection Errors { get => throw null; }
-                public string Message { get => throw null; }
-                public string Source { get => throw null; }
-                public override string ToString() => throw null;
-            }
-
-            // Generated from `System.Data.SqlClient.SqlInfoMessageEventHandler` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public delegate void SqlInfoMessageEventHandler(object sender, System.Data.SqlClient.SqlInfoMessageEventArgs e);
-
-            // Generated from `System.Data.SqlClient.SqlNotificationEventArgs` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlNotificationEventArgs : System.EventArgs
-            {
-                public System.Data.SqlClient.SqlNotificationInfo Info { get => throw null; }
-                public System.Data.SqlClient.SqlNotificationSource Source { get => throw null; }
-                public SqlNotificationEventArgs(System.Data.SqlClient.SqlNotificationType type, System.Data.SqlClient.SqlNotificationInfo info, System.Data.SqlClient.SqlNotificationSource source) => throw null;
-                public System.Data.SqlClient.SqlNotificationType Type { get => throw null; }
-            }
-
-            // Generated from `System.Data.SqlClient.SqlNotificationInfo` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public enum SqlNotificationInfo
-            {
-                AlreadyChanged,
-                Alter,
-                Delete,
-                Drop,
-                Error,
-                Expired,
-                Insert,
-                Invalid,
-                Isolation,
-                Merge,
-                Options,
-                PreviousFire,
-                Query,
-                Resource,
-                Restart,
-                TemplateLimit,
-                Truncate,
-                Unknown,
-                Update,
-            }
-
-            // Generated from `System.Data.SqlClient.SqlNotificationSource` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public enum SqlNotificationSource
-            {
-                Client,
-                Data,
-                Database,
-                Environment,
-                Execution,
-                Object,
-                Owner,
-                Statement,
-                System,
-                Timeout,
-                Unknown,
-            }
-
-            // Generated from `System.Data.SqlClient.SqlNotificationType` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public enum SqlNotificationType
-            {
-                Change,
-                Subscribe,
-                Unknown,
-            }
-
-            // Generated from `System.Data.SqlClient.SqlParameter` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlParameter : System.Data.Common.DbParameter, System.ICloneable
-            {
-                object System.ICloneable.Clone() => throw null;
-                public System.Data.SqlTypes.SqlCompareOptions CompareInfo { get => throw null; set => throw null; }
-                public override System.Data.DbType DbType { get => throw null; set => throw null; }
-                public override System.Data.ParameterDirection Direction { get => throw null; set => throw null; }
-                public override bool IsNullable { get => throw null; set => throw null; }
-                public int LocaleId { get => throw null; set => throw null; }
-                public int Offset { get => throw null; set => throw null; }
-                public override string ParameterName { get => throw null; set => throw null; }
-                public System.Byte Precision { get => throw null; set => throw null; }
-                public override void ResetDbType() => throw null;
-                public void ResetSqlDbType() => throw null;
-                public System.Byte Scale { get => throw null; set => throw null; }
-                public override int Size { get => throw null; set => throw null; }
-                public override string SourceColumn { get => throw null; set => throw null; }
-                public override bool SourceColumnNullMapping { get => throw null; set => throw null; }
-                public override System.Data.DataRowVersion SourceVersion { get => throw null; set => throw null; }
-                public System.Data.SqlDbType SqlDbType { get => throw null; set => throw null; }
-                public SqlParameter(string parameterName, object value) => throw null;
-                public SqlParameter(string parameterName, System.Data.SqlDbType dbType, int size, string sourceColumn) => throw null;
-                public SqlParameter(string parameterName, System.Data.SqlDbType dbType, int size, System.Data.ParameterDirection direction, bool isNullable, System.Byte precision, System.Byte scale, string sourceColumn, System.Data.DataRowVersion sourceVersion, object value) => throw null;
-                public SqlParameter(string parameterName, System.Data.SqlDbType dbType, int size, System.Data.ParameterDirection direction, System.Byte precision, System.Byte scale, string sourceColumn, System.Data.DataRowVersion sourceVersion, bool sourceColumnNullMapping, object value, string xmlSchemaCollectionDatabase, string xmlSchemaCollectionOwningSchema, string xmlSchemaCollectionName) => throw null;
-                public SqlParameter(string parameterName, System.Data.SqlDbType dbType, int size) => throw null;
-                public SqlParameter(string parameterName, System.Data.SqlDbType dbType) => throw null;
-                public SqlParameter() => throw null;
-                public object SqlValue { get => throw null; set => throw null; }
-                public override string ToString() => throw null;
-                public string TypeName { get => throw null; set => throw null; }
-                public string UdtTypeName { get => throw null; set => throw null; }
-                public override object Value { get => throw null; set => throw null; }
-                public string XmlSchemaCollectionDatabase { get => throw null; set => throw null; }
-                public string XmlSchemaCollectionName { get => throw null; set => throw null; }
-                public string XmlSchemaCollectionOwningSchema { get => throw null; set => throw null; }
-            }
-
-            // Generated from `System.Data.SqlClient.SqlParameterCollection` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlParameterCollection : System.Data.Common.DbParameterCollection
-            {
-                public override int Add(object value) => throw null;
-                public System.Data.SqlClient.SqlParameter Add(string parameterName, System.Data.SqlDbType sqlDbType, int size, string sourceColumn) => throw null;
-                public System.Data.SqlClient.SqlParameter Add(string parameterName, System.Data.SqlDbType sqlDbType, int size) => throw null;
-                public System.Data.SqlClient.SqlParameter Add(string parameterName, System.Data.SqlDbType sqlDbType) => throw null;
-                public System.Data.SqlClient.SqlParameter Add(System.Data.SqlClient.SqlParameter value) => throw null;
-                public void AddRange(System.Data.SqlClient.SqlParameter[] values) => throw null;
-                public override void AddRange(System.Array values) => throw null;
-                public System.Data.SqlClient.SqlParameter AddWithValue(string parameterName, object value) => throw null;
-                public override void Clear() => throw null;
-                public override bool Contains(string value) => throw null;
-                public override bool Contains(object value) => throw null;
-                public bool Contains(System.Data.SqlClient.SqlParameter value) => throw null;
-                public void CopyTo(System.Data.SqlClient.SqlParameter[] array, int index) => throw null;
-                public override void CopyTo(System.Array array, int index) => throw null;
-                public override int Count { get => throw null; }
-                public override System.Collections.IEnumerator GetEnumerator() => throw null;
-                protected override System.Data.Common.DbParameter GetParameter(string parameterName) => throw null;
-                protected override System.Data.Common.DbParameter GetParameter(int index) => throw null;
-                public override int IndexOf(string parameterName) => throw null;
-                public override int IndexOf(object value) => throw null;
-                public int IndexOf(System.Data.SqlClient.SqlParameter value) => throw null;
-                public void Insert(int index, System.Data.SqlClient.SqlParameter value) => throw null;
-                public override void Insert(int index, object value) => throw null;
-                public override bool IsFixedSize { get => throw null; }
-                public override bool IsReadOnly { get => throw null; }
-                public System.Data.SqlClient.SqlParameter this[string parameterName] { get => throw null; set => throw null; }
-                public System.Data.SqlClient.SqlParameter this[int index] { get => throw null; set => throw null; }
-                public void Remove(System.Data.SqlClient.SqlParameter value) => throw null;
-                public override void Remove(object value) => throw null;
-                public override void RemoveAt(string parameterName) => throw null;
-                public override void RemoveAt(int index) => throw null;
-                protected override void SetParameter(string parameterName, System.Data.Common.DbParameter value) => throw null;
-                protected override void SetParameter(int index, System.Data.Common.DbParameter value) => throw null;
-                public override object SyncRoot { get => throw null; }
-            }
-
-            // Generated from `System.Data.SqlClient.SqlRowUpdatedEventArgs` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlRowUpdatedEventArgs : System.Data.Common.RowUpdatedEventArgs
-            {
-                public System.Data.SqlClient.SqlCommand Command { get => throw null; }
-                public SqlRowUpdatedEventArgs(System.Data.DataRow row, System.Data.IDbCommand command, System.Data.StatementType statementType, System.Data.Common.DataTableMapping tableMapping) : base(default(System.Data.DataRow), default(System.Data.IDbCommand), default(System.Data.StatementType), default(System.Data.Common.DataTableMapping)) => throw null;
-            }
-
-            // Generated from `System.Data.SqlClient.SqlRowUpdatedEventHandler` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public delegate void SqlRowUpdatedEventHandler(object sender, System.Data.SqlClient.SqlRowUpdatedEventArgs e);
-
-            // Generated from `System.Data.SqlClient.SqlRowUpdatingEventArgs` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlRowUpdatingEventArgs : System.Data.Common.RowUpdatingEventArgs
-            {
-                protected override System.Data.IDbCommand BaseCommand { get => throw null; set => throw null; }
-                public System.Data.SqlClient.SqlCommand Command { get => throw null; set => throw null; }
-                public SqlRowUpdatingEventArgs(System.Data.DataRow row, System.Data.IDbCommand command, System.Data.StatementType statementType, System.Data.Common.DataTableMapping tableMapping) : base(default(System.Data.DataRow), default(System.Data.IDbCommand), default(System.Data.StatementType), default(System.Data.Common.DataTableMapping)) => throw null;
-            }
-
-            // Generated from `System.Data.SqlClient.SqlRowUpdatingEventHandler` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public delegate void SqlRowUpdatingEventHandler(object sender, System.Data.SqlClient.SqlRowUpdatingEventArgs e);
-
-            // Generated from `System.Data.SqlClient.SqlRowsCopiedEventArgs` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlRowsCopiedEventArgs : System.EventArgs
-            {
-                public bool Abort { get => throw null; set => throw null; }
-                public System.Int64 RowsCopied { get => throw null; }
-                public SqlRowsCopiedEventArgs(System.Int64 rowsCopied) => throw null;
-            }
-
-            // Generated from `System.Data.SqlClient.SqlRowsCopiedEventHandler` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public delegate void SqlRowsCopiedEventHandler(object sender, System.Data.SqlClient.SqlRowsCopiedEventArgs e);
-
-            // Generated from `System.Data.SqlClient.SqlTransaction` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlTransaction : System.Data.Common.DbTransaction
-            {
-                public override void Commit() => throw null;
-                public System.Data.SqlClient.SqlConnection Connection { get => throw null; }
-                protected override System.Data.Common.DbConnection DbConnection { get => throw null; }
-                protected override void Dispose(bool disposing) => throw null;
-                public override System.Data.IsolationLevel IsolationLevel { get => throw null; }
-                public void Rollback(string transactionName) => throw null;
-                public override void Rollback() => throw null;
-                public void Save(string savePointName) => throw null;
-            }
-
-        }
-        namespace SqlTypes
-        {
-            // Generated from `System.Data.SqlTypes.SqlFileStream` in `System.Data.SqlClient, Version=4.6.1.2, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`
-            public class SqlFileStream : System.IO.Stream
-            {
-                public override bool CanRead { get => throw null; }
-                public override bool CanSeek { get => throw null; }
-                public override bool CanWrite { get => throw null; }
-                public override void Flush() => throw null;
-                public override System.Int64 Length { get => throw null; }
-                public string Name { get => throw null; }
-                public override System.Int64 Position { get => throw null; set => throw null; }
-                public override int Read(System.Byte[] buffer, int offset, int count) => throw null;
-                public override System.Int64 Seek(System.Int64 offset, System.IO.SeekOrigin origin) => throw null;
-                public override void SetLength(System.Int64 value) => throw null;
-                public SqlFileStream(string path, System.Byte[] transactionContext, System.IO.FileAccess access, System.IO.FileOptions options, System.Int64 allocationSize) => throw null;
-                public SqlFileStream(string path, System.Byte[] transactionContext, System.IO.FileAccess access) => throw null;
-                public System.Byte[] TransactionContext { get => throw null; }
-                public override void Write(System.Byte[] buffer, int offset, int count) => throw null;
-            }
-
-        }
-    }
-}
--- a/csharp/ql/test/resources/stubs/System.Data.SqlClient/4.8.2/System.Data.SqlClient.csproj
+++ b/csharp/ql/test/resources/stubs/System.Data.SqlClient/4.8.2/System.Data.SqlClient.csproj
@@ -1,12 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk">
-  <PropertyGroup>
-    <TargetFramework>net5.0</TargetFramework>
-    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
-    <OutputPath>bin\</OutputPath>
-    <AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
-  </PropertyGroup>
-
-  <ItemGroup>
-    <ProjectReference Include="../../_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj" />
-  </ItemGroup>
-</Project>
--- a/docs/codeql/support/reusables/frameworks.rst
+++ b/docs/codeql/support/reusables/frameworks.rst
@@ -164,7 +164,6 @@ Python built-in support
   fabric, Utility library
   idna, Utility library
   invoke, Utility library
-   jmespath, Utility library
   multidict, Utility library
   yarl, Utility library
   aioch, Database
--- a/java/change-notes/2021-06-22-util-optional.md
+++ b/java/change-notes/2021-06-22-util-optional.md
@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Models for java.util.Optional added. This may lead to more results whenever a data-flow path involves this type.
--- a/java/change-notes/2021-06-24-dataflow-implicit-reads.md
+++ b/java/change-notes/2021-06-24-dataflow-implicit-reads.md
@@ -1,2 +0,0 @@
-lgtm,codescanning
-* The DataFlow libraries have been augmented with support for `Configuration`-specific in-place read steps at, for example, sinks and custom taint steps. This means that it is now possible to specify sinks that accept flow with non-empty access paths.
--- a/java/change-notes/2021-06-25-apache-collections-maputils-keyvalue.md
+++ b/java/change-notes/2021-06-25-apache-collections-maputils-keyvalue.md
@@ -1,2 +0,0 @@
-lgtm,codescanning
-* Added models for  the package `keyvalue` and the classes `KeyValue` and `MapUtils` from Apache Commons Collections. This may lead to more results from any query using data-flow analysis where a relevant path uses one of these container types.
--- a/java/documentation/library-coverage/frameworks.csv
+++ b/java/documentation/library-coverage/frameworks.csv
@@ -2,10 +2,9 @@ Framework name,URL,Package prefixes
 Java Standard Library,,java.*
 Java extensions,,javax.*
 Google Guava,https://guava.dev/,com.google.common.*
-Apache Commons Collections,https://commons.apache.org/proper/commons-collections/,org.apache.commons.collections org.apache.commons.collections4
 Apache Commons IO,https://commons.apache.org/proper/commons-io/,org.apache.commons.io
 Apache Commons Lang,https://commons.apache.org/proper/commons-lang/,org.apache.commons.lang3
 Apache Commons Text,https://commons.apache.org/proper/commons-text/,org.apache.commons.text
 Apache HttpComponents,https://hc.apache.org/,org.apache.hc.core5.* org.apache.http
 Android,,android.*
-Spring,https://spring.io/,org.springframework.*
+Spring,https://spring.io/,org.springframework.*
--- a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
+++ b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
@@ -15,7 +15,6 @@ import semmle.code.java.controlflow.Guards
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.security.Encryption
-import semmle.code.java.security.SecurityFlag
 import DataFlow::PathGraph
 private import semmle.code.java.dataflow.ExternalFlow

@@ -87,30 +86,71 @@ private class HostnameVerifierSink extends DataFlow::Node {
  HostnameVerifierSink() { sinkNode(this, "set-hostname-verifier") }
 }

-/**
- * Flags suggesting a deliberately unsafe `HostnameVerifier` usage.
- */
-private class UnsafeHostnameVerificationFlag extends FlagKind {
-  UnsafeHostnameVerificationFlag() { this = "UnsafeHostnameVerificationFlag" }
+bindingset[result]
+private string getAFlagName() {
+  result
+      .regexpMatch("(?i).*(secure|disable|selfCert|selfSign|validat|verif|trust|ignore|nocertificatecheck).*")
+}

-  bindingset[result]
-  override string getAFlagName() {
-    result
-        .regexpMatch("(?i).*(secure|disable|selfCert|selfSign|validat|verif|trust|ignore|nocertificatecheck).*") and
-    result != "equalsIgnoreCase"
+/**
+ * A flag has to either be of type `String`, `boolean` or `Boolean`.
+ */
+private class FlagType extends Type {
+  FlagType() {
+    this instanceof TypeString
+    or
+    this instanceof BooleanType
  }
 }

-/** Gets a guard that represents a (likely) flag controlling an unsafe `HostnameVerifier` use. */
-private Guard getAnUnsafeHostnameVerifierFlagGuard() {
-  result = any(UnsafeHostnameVerificationFlag flag).getAFlag().asExpr()
+private predicate isEqualsIgnoreCaseMethodAccess(MethodAccess ma) {
+  ma.getMethod().hasName("equalsIgnoreCase") and
+  ma.getMethod().getDeclaringType() instanceof TypeString
 }

-/** Holds if `node` is guarded by a flag that suggests an intentionally insecure use. */
-private predicate isNodeGuardedByFlag(DataFlow::Node node) {
-  exists(Guard g | g.controls(node.asExpr().getBasicBlock(), _) |
-    g = getASecurityFeatureFlagGuard() or g = getAnUnsafeHostnameVerifierFlagGuard()
+/** Holds if `source` should is considered a flag. */
+private predicate isFlag(DataFlow::Node source) {
+  exists(VarAccess v | v.getVariable().getName() = getAFlagName() |
+    source.asExpr() = v and v.getType() instanceof FlagType
  )
+  or
+  exists(StringLiteral s | s.getRepresentedString() = getAFlagName() | source.asExpr() = s)
+  or
+  exists(MethodAccess ma | ma.getMethod().getName() = getAFlagName() |
+    source.asExpr() = ma and
+    ma.getType() instanceof FlagType and
+    not isEqualsIgnoreCaseMethodAccess(ma)
+  )
+}
+
+/** Holds if there is flow from `node1` to `node2` either due to local flow or due to custom flow steps. */
+private predicate flagFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+  DataFlow::localFlowStep(node1, node2)
+  or
+  exists(MethodAccess ma | ma.getMethod() = any(EnvReadMethod m) |
+    ma = node2.asExpr() and ma.getAnArgument() = node1.asExpr()
+  )
+  or
+  exists(MethodAccess ma |
+    ma.getMethod().hasName("parseBoolean") and
+    ma.getMethod().getDeclaringType().hasQualifiedName("java.lang", "Boolean")
+  |
+    ma = node2.asExpr() and ma.getAnArgument() = node1.asExpr()
+  )
+}
+
+/** Gets a guard that depends on a flag. */
+private Guard getAGuard() {
+  exists(DataFlow::Node source, DataFlow::Node sink |
+    isFlag(source) and
+    flagFlowStep*(source, sink) and
+    sink.asExpr() = result
+  )
+}
+
+/** Holds if `node` is guarded by a flag that suggests an intentionally insecure feature. */
+private predicate isNodeGuardedByFlag(DataFlow::Node node) {
+  exists(Guard g | g.controls(node.asExpr().getBasicBlock(), _) | g = getAGuard())
 }

 from
--- a/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql
@@ -5,7 +5,8 @@
 * @kind path-problem
 * @problem.severity error
 * @precision high
- * @id java/command-line-injection
+ * @deprecated use java/command-line-injection instead. This query exists to test some experimental sinks.
+ * @id java/experimental/command-line-injection
 * @tags security
 *       external/cwe/cwe-078
 *       external/cwe/cwe-088
--- a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.java
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.java
@@ -1,40 +0,0 @@
-import javax.servlet.http.HttpServletRequest;
-import jdk.jshell.JShell;
-import jdk.jshell.SourceCodeAnalysis;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.GetMapping;
-
-@Controller
-public class JShellInjection {
-
-	@GetMapping(value = "bad1")
-	public void bad1(HttpServletRequest request) {
-		String input = request.getParameter("code");
-		JShell jShell = JShell.builder().build();
-        // BAD: allow execution of arbitrary Java code
-		jShell.eval(input);
-	}
-
-	@GetMapping(value = "bad2")
-	public void bad2(HttpServletRequest request) {
-		String input = request.getParameter("code");
-		JShell jShell = JShell.builder().build();
-		SourceCodeAnalysis sourceCodeAnalysis = jShell.sourceCodeAnalysis();
-        // BAD: allow execution of arbitrary Java code
-		sourceCodeAnalysis.wrappers(input);
-	}
-
-	@GetMapping(value = "bad3")
-	public void bad3(HttpServletRequest request) {
-		String input = request.getParameter("code");
-		JShell jShell = JShell.builder().build();
-		SourceCodeAnalysis.CompletionInfo info;
-		SourceCodeAnalysis sca = jShell.sourceCodeAnalysis();
-		for (info = sca.analyzeCompletion(input);
-				info.completeness().isComplete();
-				info = sca.analyzeCompletion(info.remaining())) {
-			// BAD: allow execution of arbitrary Java code
-			jShell.eval(info.source());
-		}
-	}
-}
--- a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.qhelp
@@ -1,31 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-
-<overview>
-<p>The Java Shell tool (JShell) is an interactive tool for learning the Java programming 
-language and prototyping Java code. JShell is a Read-Evaluate-Print Loop (REPL), which 
-evaluates declarations, statements, and expressions as they are entered and immediately 
-shows the results. If an expression is built using attacker-controlled data and then evaluated, 
-it may allow the attacker to run arbitrary code.</p>
-</overview>
-
-<recommendation>
-<p>It is generally recommended to avoid using untrusted input in a JShell expression.
-If it is not possible, JShell expressions should be run in a sandbox that allows accessing only 
-explicitly allowed classes.</p>
-</recommendation>
-
-<example>
-<p>The following example calls <code>JShell.eval(...)</code> or <code>SourceCodeAnalysis.wrappers(...)</code> 
-to execute untrusted data.</p>
-<sample src="JShellInjection.java" />
-</example>
-
-<references>
-<li>
-Java Shell User’s Guide: <a href="https://docs.oracle.com/en/java/javase/11/jshell/introduction-jshell.html">Introduction to JShell</a>
-</li>
-</references>
-</qhelp>
--- a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql
@@ -1,39 +0,0 @@
-/**
- * @name JShell injection
- * @description Evaluation of a user-controlled JShell expression
- *              may lead to arbitrary code execution.
- * @kind path-problem
- * @problem.severity error
- * @precision high
- * @id java/jshell-injection
- * @tags security
- *       external/cwe-094
- */
-
-import java
-import JShellInjection
-import semmle.code.java.dataflow.FlowSources
-import DataFlow::PathGraph
-
-class JShellInjectionConfiguration extends TaintTracking::Configuration {
-  JShellInjectionConfiguration() { this = "JShellInjectionConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof JShellInjectionSink }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(SourceCodeAnalysisAnalyzeCompletionCall scaacc |
-      scaacc.getArgument(0) = pred.asExpr() and scaacc = succ.asExpr()
-    )
-    or
-    exists(CompletionInfoSourceOrRemainingCall cisorc |
-      cisorc.getQualifier() = pred.asExpr() and cisorc = succ.asExpr()
-    )
-  }
-}
-
-from DataFlow::PathNode source, DataFlow::PathNode sink, JShellInjectionConfiguration conf
-where conf.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "JShell injection from $@.", source.getNode(),
-  "this user input"
--- a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.qll
@@ -1,53 +0,0 @@
-import java
-import semmle.code.java.dataflow.FlowSources
-
-/** A sink for JShell expression injection vulnerabilities. */
-class JShellInjectionSink extends DataFlow::Node {
-  JShellInjectionSink() {
-    this.asExpr() = any(JShellEvalCall jsec).getArgument(0)
-    or
-    this.asExpr() = any(SourceCodeAnalysisWrappersCall scawc).getArgument(0)
-  }
-}
-
-/** A call to `JShell.eval`. */
-private class JShellEvalCall extends MethodAccess {
-  JShellEvalCall() {
-    this.getMethod().hasName("eval") and
-    this.getMethod().getDeclaringType().hasQualifiedName("jdk.jshell", "JShell") and
-    this.getMethod().getNumberOfParameters() = 1
-  }
-}
-
-/** A call to `SourceCodeAnalysis.wrappers`. */
-private class SourceCodeAnalysisWrappersCall extends MethodAccess {
-  SourceCodeAnalysisWrappersCall() {
-    this.getMethod().hasName("wrappers") and
-    this.getMethod().getDeclaringType().hasQualifiedName("jdk.jshell", "SourceCodeAnalysis") and
-    this.getMethod().getNumberOfParameters() = 1
-  }
-}
-
-/** A call to `SourceCodeAnalysis.analyzeCompletion`. */
-class SourceCodeAnalysisAnalyzeCompletionCall extends MethodAccess {
-  SourceCodeAnalysisAnalyzeCompletionCall() {
-    this.getMethod().hasName("analyzeCompletion") and
-    this.getMethod()
-        .getDeclaringType()
-        .getASupertype*()
-        .hasQualifiedName("jdk.jshell", "SourceCodeAnalysis") and
-    this.getMethod().getNumberOfParameters() = 1
-  }
-}
-
-/** A call to `CompletionInfo.source` or `CompletionInfo.remaining`. */
-class CompletionInfoSourceOrRemainingCall extends MethodAccess {
-  CompletionInfoSourceOrRemainingCall() {
-    this.getMethod().getName() in ["source", "remaining"] and
-    this.getMethod()
-        .getDeclaringType()
-        .getASupertype*()
-        .hasQualifiedName("jdk.jshell", "SourceCodeAnalysis$CompletionInfo") and
-    this.getMethod().getNumberOfParameters() = 0
-  }
-}
--- a/java/ql/src/experimental/Security/CWE/CWE-273/UnsafeCertTrust.java
+++ b/java/ql/src/experimental/Security/CWE/CWE-273/UnsafeCertTrust.java
@@ -1,5 +1,45 @@
 public static void main(String[] args) {

+	{
+		X509TrustManager trustAllCertManager = new X509TrustManager() {
+			@Override
+			public void checkClientTrusted(final X509Certificate[] chain, final String authType)
+				throws CertificateException {
+			}
+
+			@Override
+			public void checkServerTrusted(final X509Certificate[] chain, final String authType)
+				throws CertificateException {
+				// BAD: trust any server cert
+			}
+
+			@Override
+			public X509Certificate[] getAcceptedIssuers() {
+				return null; //BAD: doesn't check cert issuer
+			}
+		};
+	}
+
+	{
+		X509TrustManager trustCertManager = new X509TrustManager() {
+			@Override
+			public void checkClientTrusted(final X509Certificate[] chain, final String authType)
+				throws CertificateException {
+			}
+
+			@Override
+			public void checkServerTrusted(final X509Certificate[] chain, final String authType)
+				throws CertificateException {
+				pkixTrustManager.checkServerTrusted(chain, authType); //GOOD: validate the server cert
+			}
+
+			@Override
+			public X509Certificate[] getAcceptedIssuers() {
+				return new X509Certificate[0]; //GOOD: Validate the cert issuer
+			}
+		};
+	}
+
 	{
 		SSLContext sslContext = SSLContext.getInstance("TLS");
 		SSLEngine sslEngine = sslContext.createSSLEngine();
--- a/java/ql/src/experimental/Security/CWE/CWE-273/UnsafeCertTrust.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-273/UnsafeCertTrust.qhelp
@@ -4,9 +4,10 @@
 <qhelp>

 <overview>
-<p>When SSLSocket or SSLEngine is created without a valid parameter of setEndpointIdentificationAlgorithm, hostname verification is disabled by default.</p>
+<p>Java offers two mechanisms for SSL authentication - trust manager and hostname verifier (checked by the <code>java/insecure-hostname-verifier</code> query). Trust manager validates the peer's certificate chain while hostname verification establishes that the hostname in the URL matches the hostname in the server's identification.</p>
+<p>And when SSLSocket or SSLEngine is created without a valid parameter of setEndpointIdentificationAlgorithm, hostname verification is disabled by default.</p>
 <p>Unsafe implementation of the interface X509TrustManager and SSLSocket/SSLEngine ignores all SSL certificate validation errors when establishing an HTTPS connection, thereby making the app vulnerable to man-in-the-middle attacks.</p>
-<p>This query checks whether setEndpointIdentificationAlgorithm is missing. The query also covers a special implementation com.rabbitmq.client.ConnectionFactory.</p>
+<p>This query checks whether trust manager is set to trust all certificates or setEndpointIdentificationAlgorithm is missing. The query also covers a special implementation com.rabbitmq.client.ConnectionFactory.</p>
 </overview>

 <recommendation>
@@ -14,8 +15,8 @@
 </recommendation>

 <example>
-<p>The following two examples show two ways of configuring SSLSocket/SSLEngine. In the 'BAD' case,
-setEndpointIdentificationAlgorithm is not called, thus no hostname verification takes place. In the 'GOOD' case, setEndpointIdentificationAlgorithm is called.</p>
+<p>The following two examples show two ways of configuring X509 trust cert manager. In the 'BAD' case,
+no validation is performed thus any certificate is trusted. In the 'GOOD' case, the proper validation is performed.</p>
 <sample src="UnsafeCertTrust.java" />
 </example>

@@ -24,6 +25,9 @@ setEndpointIdentificationAlgorithm is not called, thus no hostname verification
 <a href="https://cwe.mitre.org/data/definitions/273.html">CWE-273</a>
 </li>
 <li>
+<a href="https://support.google.com/faqs/answer/6346016?hl=en">How to fix apps containing an unsafe implementation of TrustManager</a>
+</li>
+<li>
 <a href="https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05g-Testing-Network-Communication.md">Testing Endpoint Identify Verification (MSTG-NETWORK-3)</a>
 </li>
 <li>
--- a/java/ql/src/experimental/Security/CWE/CWE-273/UnsafeCertTrust.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-273/UnsafeCertTrust.ql
@@ -1,6 +1,7 @@
 /**
 * @name Unsafe certificate trust
- * @description SSLSocket/SSLEngine ignores all SSL certificate validation
+ * @description Unsafe implementation of the interface X509TrustManager and
+ *              SSLSocket/SSLEngine ignores all SSL certificate validation
 *              errors when establishing an HTTPS connection, thereby making
 *              the app vulnerable to man-in-the-middle attacks.
 * @kind problem
@@ -14,6 +15,49 @@
 import java
 import semmle.code.java.security.Encryption

+/**
+ * X509TrustManager class that blindly trusts all certificates in server SSL authentication
+ */
+class X509TrustAllManager extends RefType {
+  X509TrustAllManager() {
+    this.getASupertype*() instanceof X509TrustManager and
+    exists(Method m1 |
+      m1.getDeclaringType() = this and
+      m1.hasName("checkServerTrusted") and
+      m1.getBody().getNumStmt() = 0
+    ) and
+    exists(Method m2, ReturnStmt rt2 |
+      m2.getDeclaringType() = this and
+      m2.hasName("getAcceptedIssuers") and
+      rt2.getEnclosingCallable() = m2 and
+      rt2.getResult() instanceof NullLiteral
+    )
+  }
+}
+
+/**
+ * The init method of SSLContext with the trust all manager, which is sslContext.init(..., serverTMs, ...)
+ */
+class X509TrustAllManagerInit extends MethodAccess {
+  X509TrustAllManagerInit() {
+    this.getMethod().hasName("init") and
+    this.getMethod().getDeclaringType() instanceof SSLContext and //init method of SSLContext
+    (
+      exists(ArrayInit ai |
+        this.getArgument(1).(ArrayCreationExpr).getInit() = ai and
+        ai.getInit(0).(VarAccess).getVariable().getInitializer().getType().(Class).getASupertype*()
+          instanceof X509TrustAllManager //Scenario of context.init(null, new TrustManager[] { TRUST_ALL_CERTIFICATES }, null);
+      )
+      or
+      exists(Variable v, ArrayInit ai |
+        this.getArgument(1).(VarAccess).getVariable() = v and
+        ai.getParent() = v.getAnAssignedValue() and
+        ai.getInit(0).getType().(Class).getASupertype*() instanceof X509TrustAllManager //Scenario of context.init(null, serverTMs, null);
+      )
+    )
+  }
+}
+
 class SSLEngine extends RefType {
  SSLEngine() { this.hasQualifiedName("javax.net.ssl", "SSLEngine") }
 }
@@ -164,6 +208,7 @@ class RabbitMQEnableHostnameVerificationNotSet extends MethodAccess {

 from MethodAccess aa
 where
+  aa instanceof X509TrustAllManagerInit or
  aa instanceof SSLEndpointIdentificationNotSet or
  aa instanceof RabbitMQEnableHostnameVerificationNotSet
 select aa, "Unsafe configuration of trusted certificates"
--- a/java/ql/src/experimental/Security/CWE/CWE-295/InsecureTrustManager.java
+++ b/java/ql/src/experimental/Security/CWE/CWE-295/InsecureTrustManager.java
@@ -1,52 +0,0 @@
-public static void main(String[] args) throws Exception {
-    {
-        class InsecureTrustManager implements X509TrustManager {
-            @Override
-            public X509Certificate[] getAcceptedIssuers() {
-                return null;
-            }
-
-            @Override
-            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
-                // BAD: Does not verify the certificate chain, allowing any certificate.
-            }
-
-            @Override
-            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
-
-            }
-        }
-        SSLContext context = SSLContext.getInstance("TLS");
-        TrustManager[] trustManager = new TrustManager[] { new InsecureTrustManager() };
-        context.init(null, trustManager, null);
-    }
-    {
-        SSLContext context = SSLContext.getInstance("TLS");
-        File certificateFile = new File("path/to/self-signed-certificate");
-        // Create a `KeyStore` with default type
-        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-        // `keyStore` is initially empty
-        keyStore.load(null, null);
-        X509Certificate generatedCertificate;
-        try (InputStream cert = new FileInputStream(certificateFile)) {
-            generatedCertificate = (X509Certificate) CertificateFactory.getInstance("X509")
-                    .generateCertificate(cert);
-        }
-        // Add the self-signed certificate to the key store
-        keyStore.setCertificateEntry(certificateFile.getName(), generatedCertificate);
-        // Get default `TrustManagerFactory`
-        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-        // Use it with our key store that trusts our self-signed certificate
-        tmf.init(keyStore);
-        TrustManager[] trustManagers = tmf.getTrustManagers();
-        context.init(null, trustManagers, null);
-        // GOOD, we are not using a custom `TrustManager` but instead have
-        // added the self-signed certificate we want to trust to the key
-        // store. Note, the `trustManagers` will **only** trust this one
-        // certificate.
-        
-        URL url = new URL("https://self-signed.badssl.com/");
-        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
-        conn.setSSLSocketFactory(context.getSocketFactory());
-    }
-}
--- a/java/ql/src/experimental/Security/CWE/CWE-295/InsecureTrustManager.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-295/InsecureTrustManager.qhelp
@@ -1,47 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-<overview>
-<p>
-If the <code>checkServerTrusted</code> method of a <code>TrustManager</code> never throws a <code>CertificateException</code> it trusts every certificate.
-This allows an attacker to perform a machine-in-the-middle attack against the application therefore breaking any security Transport Layer Security (TLS) gives.
-</p>
-
-<p>
-An attack might look like this:
-</p>
-
-<ol>
-  <li>The vulnerable program connects to <code>https://example.com</code>.</li>
-  <li>The attacker intercepts this connection and presents a valid, self-signed certificate for <code>https://example.com</code>.</li>
-  <li>The vulnerable program calls the <code>checkServerTrusted</code> method to check whether it should trust the certificate.</li>
-  <li>The <code>checkServerTrusted</code> method of your <code>TrustManager</code> does not throw a <code>CertificateException</code>.</li>
-  <li>The vulnerable program accepts the certificate and proceeds with the connection since your <code>TrustManager</code> implicitly trusted it by not throwing an exception.</li>
-  <li>The attacker can now read the data your program sends to <code>https://example.com</code> and/or alter its replies while the program thinks the connection is secure.</li>
-</ol>
-</overview>
-
-<recommendation>
-<p>
-Do not use a custom <code>TrustManager</code> that trusts any certificate.
-If you have to use a self-signed certificate, don't trust every certificate, but instead only trust this specific certificate.
-See below for an example of how to do this.
-</p>
-
-</recommendation>
-
-<example>
-<p>
-In the first (bad) example, the <code>TrustManager</code> never throws a <code>CertificateException</code> and therefore implicitly trusts any certificate.
-This allows an attacker to perform a machine-in-the-middle attack.
-In the second (good) example, the self-signed certificate that should be trusted
-is loaded into a <code>KeyStore</code>. This explicitly defines the certificate as trusted and there is no need to create a custom <code>TrustManager</code>.
-</p>
-<sample src="InsecureTrustManager.java" />
-</example>
-
-<references>
-<li>Android Develoers:<a href="https://developer.android.com/training/articles/security-ssl">Security with HTTPS and SSL</a>.</li>
-</references>
-</qhelp>
--- a/java/ql/src/experimental/Security/CWE/CWE-295/InsecureTrustManager.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-295/InsecureTrustManager.ql
@@ -1,117 +0,0 @@
-/**
- * @name `TrustManager` that accepts all certificates
- * @description Trusting all certificates allows an attacker to perform a machine-in-the-middle attack.
- * @kind path-problem
- * @problem.severity error
- * @precision high
- * @id java/insecure-trustmanager
- * @tags security
- *       external/cwe/cwe-295
- */
-
-import java
-import semmle.code.java.controlflow.Guards
-import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.security.Encryption
-import semmle.code.java.security.SecurityFlag
-import DataFlow::PathGraph
-
-/**
- * An insecure `X509TrustManager`.
- * An `X509TrustManager` is considered insecure if it never throws a `CertificateException`
- * and therefore implicitly trusts any certificate as valid.
- */
-class InsecureX509TrustManager extends RefType {
-  InsecureX509TrustManager() {
-    this.getASupertype*() instanceof X509TrustManager and
-    exists(Method m |
-      m.getDeclaringType() = this and
-      m.hasName("checkServerTrusted") and
-      not mayThrowCertificateException(m)
-    )
-  }
-}
-
-/** The `java.security.cert.CertificateException` class. */
-private class CertificateException extends RefType {
-  CertificateException() { this.hasQualifiedName("java.security.cert", "CertificateException") }
-}
-
-/**
- * Holds if:
- * - `m` may `throw` a `CertificateException`, or
- * - `m` calls another method that may throw, or
- * - `m` calls a method declared to throw a `CertificateException`, but for which no source is available
- */
-private predicate mayThrowCertificateException(Method m) {
-  exists(ThrowStmt throwStmt |
-    throwStmt.getThrownExceptionType().getASupertype*() instanceof CertificateException
-  |
-    throwStmt.getEnclosingCallable() = m
-  )
-  or
-  exists(Method otherMethod | m.polyCalls(otherMethod) |
-    mayThrowCertificateException(otherMethod)
-    or
-    not otherMethod.fromSource() and
-    otherMethod.getAnException().getType().getASupertype*() instanceof CertificateException
-  )
-}
-
-/**
- * A configuration to model the flow of an `InsecureX509TrustManager` to an `SSLContext.init` call.
- */
-class InsecureTrustManagerConfiguration extends TaintTracking::Configuration {
-  InsecureTrustManagerConfiguration() { this = "InsecureTrustManagerConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) {
-    source.asExpr().(ClassInstanceExpr).getConstructedType() instanceof InsecureX509TrustManager
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodAccess ma, Method m |
-      m.hasName("init") and
-      m.getDeclaringType() instanceof SSLContext and
-      ma.getMethod() = m
-    |
-      ma.getArgument(1) = sink.asExpr()
-    )
-  }
-}
-
-/**
- * Flags suggesting a deliberately insecure `TrustManager` usage.
- */
-private class InsecureTrustManagerFlag extends FlagKind {
-  InsecureTrustManagerFlag() { this = "InsecureTrustManagerFlag" }
-
-  bindingset[result]
-  override string getAFlagName() {
-    result
-        .regexpMatch("(?i).*(secure|disable|selfCert|selfSign|validat|verif|trust|ignore|nocertificatecheck).*") and
-    result != "equalsIgnoreCase"
-  }
-}
-
-/** Gets a guard that represents a (likely) flag controlling an insecure `TrustManager` use. */
-private Guard getAnInsecureTrustManagerFlagGuard() {
-  result = any(InsecureTrustManagerFlag flag).getAFlag().asExpr()
-}
-
-/** Holds if `node` is guarded by a flag that suggests an intentionally insecure use. */
-private predicate isNodeGuardedByFlag(DataFlow::Node node) {
-  exists(Guard g | g.controls(node.asExpr().getBasicBlock(), _) |
-    g = getASecurityFeatureFlagGuard() or g = getAnInsecureTrustManagerFlagGuard()
-  )
-}
-
-from
-  DataFlow::PathNode source, DataFlow::PathNode sink, InsecureTrustManagerConfiguration cfg,
-  RefType trustManager
-where
-  cfg.hasFlowPath(source, sink) and
-  not isNodeGuardedByFlag(sink.getNode()) and
-  trustManager = source.getNode().asExpr().(ClassInstanceExpr).getConstructedType()
-select sink, source, sink, "$@ that is defined $@ and trusts any certificate, is used here.",
-  source, "This trustmanager", trustManager, "here"
--- a/java/ql/src/experimental/Security/CWE/CWE-665/CorrectJMXConnectorServerFactoryEnvironmentInitialisation.java
+++ b/java/ql/src/experimental/Security/CWE/CWE-665/CorrectJMXConnectorServerFactoryEnvironmentInitialisation.java
@@ -1,38 +0,0 @@
-import java.io.IOException;
-import java.lang.management.ManagementFactory;
-import java.rmi.registry.LocateRegistry;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.management.MBeanServer;
-import javax.management.remote.JMXConnectorServerFactory;
-import javax.management.remote.JMXServiceURL;
-
-public class CorrectJmxInitialisation {
-
-    public void initAndStartJmxServer() throws IOException{
-        int jmxPort = 1919;
-        LocateRegistry.createRegistry(jmxPort);
-
-        /* Restrict the login function to String Objects only (see CVE-2016-3427) */
-        Map<String, Object> env = new HashMap<String, Object>();
-        // For Java 10+
-        String stringsOnlyFilter = "java.lang.String;!*"; // Deny everything but java.lang.String
-        env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN, stringsOnlyFilter);
-                
-        /* Java 9 or below:
-        env.put("jmx.remote.rmi.server.credential.types",
-                new String[] { String[].class.getName(), String.class.getName() });
-        */
-        
-        MBeanServer beanServer = ManagementFactory.getPlatformMBeanServer();
-
-        JMXServiceURL jmxUrl = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:" + jmxPort + "/jmxrmi");
-
-        // Create JMXConnectorServer in a secure manner
-        javax.management.remote.JMXConnectorServer connectorServer = JMXConnectorServerFactory
-                .newJMXConnectorServer(jmxUrl, env, beanServer);
-
-        connectorServer.start();
-    }
-}
--- a/java/ql/src/experimental/Security/CWE/CWE-665/CorrectRMIConnectorServerEnvironmentInitalisation.java
+++ b/java/ql/src/experimental/Security/CWE/CWE-665/CorrectRMIConnectorServerEnvironmentInitalisation.java
@@ -1,32 +0,0 @@
-public class CorrectRmiInitialisation {
-    public void initAndStartRmiServer(int port, String hostname, boolean local) {
-        MBeanServerForwarder authzProxy = null;
-
-        env.put("jmx.remote.x.daemon", "true");
-        
-        /* Restrict the login function to String Objects only (see CVE-2016-3427) */
-        Map<String, Object> env = new HashMap<String, Object>();
-        // For Java 10+
-        String stringsOnlyFilter = "java.lang.String;!*"; // Deny everything but java.lang.String
-        env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN, stringsOnlyFilter);
-                
-        /* Java 9 or below
-        env.put("jmx.remote.rmi.server.credential.types",
-                new String[] { String[].class.getName(), String.class.getName() });
-        */
-        
-        int rmiPort = Integer.getInteger("com.sun.management.jmxremote.rmi.port", 0);
-        RMIJRMPServerImpl server = new RMIJRMPServerImpl(rmiPort,
-                (RMIClientSocketFactory) env.get(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE),
-                (RMIServerSocketFactory) env.get(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE), env);
-
-        JMXServiceURL serviceURL = new JMXServiceURL("rmi", hostname, rmiPort);
-
-        // Create RMI Server
-        RMIConnectorServer jmxServer = new RMIConnectorServer(serviceURL, env, server,
-                ManagementFactory.getPlatformMBeanServer());
-
-        jmxServer.start();
-
-    }
-}
--- a/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp
@@ -1,60 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-
-<overview>
-<p>For special use cases some applications may implement a custom service which handles JMX-RMI connections.</p>
-
-<p>When creating such a custom service, a developer should pass a certain environment configuration to the JMX-RMI server initalisation, 
-as otherwise the JMX-RMI service is susceptible to an unsafe deserialization vulnerability.</p>
-
-<p>This is because the JMX-RMI service allows attackers to supply arbitrary objects to the service authentication 
-method, resulting in the attempted deserialization of an attacker-controlled object. 
-In the worst case scenario this could allow an attacker to achieve remote code execution within the context of the application server.</p>
-
-<p>By setting the appropriate environment, the deserialization can be controlled via a deserialization filter.</p>
-
-</overview>
-
-<recommendation>
-<p>During the creation of a custom JMX-RMI service an environment should be supplied that sets a deserialization filter.
-Ideally this filter should be as restrictive as possible, for example to only allow the deserialization of <code>java.lang.String</code>.</p>
-
-<p>The filter can be configured by setting the key <code>jmx.remote.rmi.server.credentials.filter.pattern</code> (given by the constant <code>RMIConnectorServer.CREDENTIALS_FILTER_PATTERN</code>).
-The filter should (ideally) only allow java.lang.String and disallow all other classes for deserialization: (<code>"java.lang.String;!*"</code>).</p>
-
-<p>The key-value pair can be set as following:</p>
-
-<sample src="example_filter_java_10.java" />
-
-<p>For applications using Java 6u113 to 9:</p>
-
-<sample src="example_filter_java_9.java" />
-
-<p>Please note that the JMX-RMI service is vulnerable in the default configuration.
-For this reason an initialization with a <code>null</code> environment is also vulnerable.</p>
-</recommendation>
-
-<example>
-<p>The following examples show how an JMX-RMI service can be initialized securely.</p>
-
-<p>The first example shows how an JMX server is initialized securely with the <code>JMXConnectorServerFactory.newJMXConnectorServer()</code> call.</p>
-
-<sample src="CorrectJMXConnectorServerFactoryEnvironmentInitialisation.java" />
-
-<p>The second example shows how a JMX Server is initialized securely if the <code>RMIConnectorServer</code> class is used.</p>
-
-<sample src="CorrectRMIConnectorServerEnvironmentInitalisation.java" />
-
-</example>
-
-<references>
-<li>Deserialization of arbitrary objects could lead to remote code execution as described following: <a href="https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data">OWASP Deserialization of untrusted data</a>.</li>
-<li>Issue discovered in Tomcat (CVE-2016-8735): <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735">OWASP ESAPI</a>.</li>
-<li><a href="https://www.oracle.com/java/technologies/javase/8u91-relnotes.html#bugfixes-8u91">Oracle release notes</a>: New attribute for JMX RMI JRMP servers.</li>
-<li>Java 10 API specification for <a href="https://docs.oracle.com/javase/10/docs/api/javax/management/remote/rmi/RMIConnectorServer.html#CREDENTIALS_FILTER_PATTERN">RMIConnectorServer.CREDENTIALS_FILTER_PATTERN</a></li>
-<li>The Java API specification for <a href="https://docs.oracle.com/javase/10/docs/api/javax/management/remote/rmi/RMIConnectorServer.html#CREDENTIAL_TYPES">RMIConnectorServer.CREDENTIAL_TYPES</a>. Please note that this field is deprecated since Java 10.</li>
-</references>
-
-</qhelp>
--- a/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql
@@ -1,90 +0,0 @@
-/**
- * @name InsecureRmiJmxAuthenticationEnvironment
- * @description This query detects if a JMX/RMI server is created with a potentially dangerous environment, which could lead to code execution through insecure deserialization.
- * @kind problem
- * @problem.severity error
- * @tags security
- *       external/cwe/cwe-665
- * @precision high
- * @id java/insecure-rmi-jmx-server-initialization
- */
-
-import java
-import semmle.code.java.dataflow.DataFlow
-import semmle.code.java.Maps
-
-/** Holds if `constructor` instantiates an RMI or JMX server. */
-predicate isRmiOrJmxServerCreateConstructor(Constructor constructor) {
-  constructor
-      .getDeclaringType()
-      .hasQualifiedName("javax.management.remote.rmi", "RMIConnectorServer")
-}
-
-/** Holds if `method` creates an RMI or JMX server. */
-predicate isRmiOrJmxServerCreateMethod(Method method) {
-  method.getName() = "newJMXConnectorServer" and
-  method.getDeclaringType().hasQualifiedName("javax.management.remote", "JMXConnectorServerFactory")
-}
-
-/**
- * Models flow from the qualifier of a
- * `map.put("jmx.remote.rmi.server.credential.types", value)` call
- * to an RMI or JMX initialisation call.
- */
-class SafeFlow extends DataFlow::Configuration {
-  SafeFlow() { this = "MapToPutCredentialstypeConfiguration" }
-
-  override predicate isSource(DataFlow::Node source) { putsCredentialtypesKey(source.asExpr()) }
-
-  override predicate isSink(DataFlow::Node sink) {
-    exists(Call c |
-      isRmiOrJmxServerCreateConstructor(c.getCallee()) or
-      isRmiOrJmxServerCreateMethod(c.getCallee())
-    |
-      sink.asExpr() = c.getArgument(1)
-    )
-  }
-
-  /**
-   * Holds if a `put` call on `qualifier` puts a key match
-   * into the map.
-   */
-  private predicate putsCredentialtypesKey(Expr qualifier) {
-    exists(MapPutCall put |
-      put.getKey().(CompileTimeConstantExpr).getStringValue() =
-        [
-          "jmx.remote.rmi.server.credential.types",
-          "jmx.remote.rmi.server.credentials.filter.pattern"
-        ]
-      or
-      put.getKey()
-          .(FieldAccess)
-          .getField()
-          .hasQualifiedName("javax.management.remote.rmi", "RMIConnectorServer",
-            ["CREDENTIAL_TYPES", "CREDENTIALS_FILTER_PATTERN"])
-    |
-      put.getQualifier() = qualifier and
-      put.getMethod().(MapMethod).getReceiverKeyType() instanceof TypeString and
-      put.getMethod().(MapMethod).getReceiverValueType() instanceof TypeObject
-    )
-  }
-}
-
-/** Gets a string describing why the application is vulnerable, depending on if the vulnerability is present due to a) a null environment b) an insecurely set environment map */
-string getRmiResult(Expr e) {
-  // We got a Map so we have a source and a sink node
-  if e instanceof NullLiteral
-  then
-    result =
-      "RMI/JMX server initialized with a null environment. Missing type restriction in RMI authentication method exposes the application to deserialization attacks."
-  else
-    result =
-      "RMI/JMX server initialized with insecure environment $@, which never restricts accepted client objects to 'java.lang.String'. This exposes to deserialization attacks against the RMI authentication method."
-}
-
-from Call c, Expr envArg
-where
-  (isRmiOrJmxServerCreateConstructor(c.getCallee()) or isRmiOrJmxServerCreateMethod(c.getCallee())) and
-  envArg = c.getArgument(1) and
-  not any(SafeFlow conf).hasFlowToExpr(envArg)
-select c, getRmiResult(envArg), envArg, envArg.toString()
--- a/java/ql/src/experimental/Security/CWE/CWE-665/example_filter_java_10.java
+++ b/java/ql/src/experimental/Security/CWE/CWE-665/example_filter_java_10.java
@@ -1,4 +0,0 @@
-String stringsOnlyFilter = "java.lang.String;!*"; // Deny everything but java.lang.String
-
-Map<String, Object> env = new HashMap<String, Object>;
-env.put(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN, stringsOnlyFilter);
--- a/java/ql/src/experimental/Security/CWE/CWE-665/example_filter_java_9.java
+++ b/java/ql/src/experimental/Security/CWE/CWE-665/example_filter_java_9.java
@@ -1,9 +0,0 @@
-// This is deprecated in Java 10+ !
-Map<String, Object>; env = new HashMap<String, Object>;
-env.put ( 
-  "jmx.remote.rmi.server.credential.types",
-    new String[]{
-     String[].class.getName(),
-     String.class.getName()
-   }
- );
--- a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
+++ b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
@@ -78,12 +78,10 @@ private import FlowSummary
 private module Frameworks {
  private import internal.ContainerFlow
  private import semmle.code.java.frameworks.ApacheHttp
-  private import semmle.code.java.frameworks.apache.Collections
  private import semmle.code.java.frameworks.apache.Lang
  private import semmle.code.java.frameworks.guava.Guava
  private import semmle.code.java.frameworks.jackson.JacksonSerializability
  private import semmle.code.java.frameworks.JaxWS
-  private import semmle.code.java.frameworks.Optional
  private import semmle.code.java.frameworks.spring.SpringHttp
  private import semmle.code.java.frameworks.spring.SpringWebClient
  private import semmle.code.java.security.ResponseSplitting
@@ -562,7 +560,6 @@ module CsvValidation {
  }
 }

-pragma[nomagic]
 private predicate elementSpec(
  string namespace, string type, boolean subtypes, string name, string signature, string ext
 ) {
--- a/java/ql/src/semmle/code/java/dataflow/FlowSummary.qll
+++ b/java/ql/src/semmle/code/java/dataflow/FlowSummary.qll
@@ -5,7 +5,7 @@
 import java
 private import internal.FlowSummaryImpl as Impl
 private import internal.DataFlowDispatch
-private import internal.DataFlowUtil
+private import internal.DataFlowPrivate

 // import all instances of SummarizedCallable below
 private module Summaries {
--- a/java/ql/src/semmle/code/java/dataflow/NullGuards.qll
+++ b/java/ql/src/semmle/code/java/dataflow/NullGuards.qll
@@ -5,7 +5,6 @@
 import java
 import SSA
 private import semmle.code.java.controlflow.internal.GuardsLogic
-private import semmle.code.java.frameworks.apache.Collections
 private import RangeUtils
 private import IntegerGuards

@@ -145,11 +144,11 @@ predicate nullCheckMethod(Method m, boolean branch, boolean isnull) {
  branch = false and
  isnull = false
  or
-  m instanceof MethodApacheCollectionsIsEmpty and
-  branch = false and
-  isnull = false
-  or
-  m instanceof MethodApacheCollectionsIsNotEmpty and
+  (
+    m.getDeclaringType().hasQualifiedName("org.apache.commons.collections4", "CollectionUtils") or
+    m.getDeclaringType().hasQualifiedName("org.apache.commons.collections", "CollectionUtils")
+  ) and
+  m.hasName("isNotEmpty") and
  branch = true and
  isnull = false
  or
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl.qll
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl6.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl6.qll
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll
@@ -724,6 +724,7 @@ private module Cached {
    Node node1, Content c, Node node2, DataFlowType contentType, DataFlowType containerType
  ) {
    storeStep(node1, c, node2) and
+    read(_, c, _) and
    contentType = getNodeDataFlowType(node1) and
    containerType = getNodeDataFlowType(node2)
    or
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
@@ -83,6 +83,56 @@ private predicate instanceFieldAssign(Expr src, FieldAccess fa) {
  )
 }

+private newtype TContent =
+  TFieldContent(InstanceField f) or
+  TArrayContent() or
+  TCollectionContent() or
+  TMapKeyContent() or
+  TMapValueContent()
+
+/**
+ * A reference contained in an object. Examples include instance fields, the
+ * contents of a collection object, or the contents of an array.
+ */
+class Content extends TContent {
+  /** Gets a textual representation of this element. */
+  abstract string toString();
+
+  predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
+    path = "" and sl = 0 and sc = 0 and el = 0 and ec = 0
+  }
+}
+
+class FieldContent extends Content, TFieldContent {
+  InstanceField f;
+
+  FieldContent() { this = TFieldContent(f) }
+
+  InstanceField getField() { result = f }
+
+  override string toString() { result = f.toString() }
+
+  override predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
+    f.getLocation().hasLocationInfo(path, sl, sc, el, ec)
+  }
+}
+
+class ArrayContent extends Content, TArrayContent {
+  override string toString() { result = "[]" }
+}
+
+class CollectionContent extends Content, TCollectionContent {
+  override string toString() { result = "<element>" }
+}
+
+class MapKeyContent extends Content, TMapKeyContent {
+  override string toString() { result = "<map.key>" }
+}
+
+class MapValueContent extends Content, TMapValueContent {
+  override string toString() { result = "<map.value>" }
+}
+
 /**
 * Holds if data can flow from `node1` to `node2` via an assignment to `f`.
 * Thus, `node2` references an object with a field `f` that contains the
--- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowUtil.qll
@@ -157,62 +157,6 @@ predicate simpleLocalFlowStep(Node node1, Node node2) {
  FlowSummaryImpl::Private::Steps::summaryLocalStep(node1, node2, true)
 }

-private newtype TContent =
-  TFieldContent(InstanceField f) or
-  TArrayContent() or
-  TCollectionContent() or
-  TMapKeyContent() or
-  TMapValueContent()
-
-/**
- * A description of the way data may be stored inside an object. Examples
- * include instance fields, the contents of a collection object, or the contents
- * of an array.
- */
-class Content extends TContent {
-  /** Gets a textual representation of this element. */
-  abstract string toString();
-
-  predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
-    path = "" and sl = 0 and sc = 0 and el = 0 and ec = 0
-  }
-}
-
-/** A reference through an instance field. */
-class FieldContent extends Content, TFieldContent {
-  InstanceField f;
-
-  FieldContent() { this = TFieldContent(f) }
-
-  InstanceField getField() { result = f }
-
-  override string toString() { result = f.toString() }
-
-  override predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
-    f.getLocation().hasLocationInfo(path, sl, sc, el, ec)
-  }
-}
-
-/** A reference through an array. */
-class ArrayContent extends Content, TArrayContent {
-  override string toString() { result = "[]" }
-}
-
-/** A reference through the contents of some collection-like container. */
-class CollectionContent extends Content, TCollectionContent {
-  override string toString() { result = "<element>" }
-}
-
-/** A reference through a map key. */
-class MapKeyContent extends Content, TMapKeyContent {
-  override string toString() { result = "<map.key>" }
-}
-
-/** A reference through a map value. */
-class MapValueContent extends Content, TMapValueContent {
-  override string toString() { result = "<map.value>" }
-}
-
 /**
 * A guard that validates some expression.
 *
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -61,16 +61,16 @@ private module Cached {
    localAdditionalTaintUpdateStep(src.asExpr(),
      sink.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr())
    or
-    exists(DataFlow::Content f |
+    exists(Content f |
      readStep(src, f, sink) and
      not sink.getTypeBound() instanceof PrimitiveType and
      not sink.getTypeBound() instanceof BoxedType and
      not sink.getTypeBound() instanceof NumberType
    |
-      f instanceof DataFlow::ArrayContent or
-      f instanceof DataFlow::CollectionContent or
-      f instanceof DataFlow::MapKeyContent or
-      f instanceof DataFlow::MapValueContent
+      f instanceof ArrayContent or
+      f instanceof CollectionContent or
+      f instanceof MapKeyContent or
+      f instanceof MapValueContent
    )
    or
    FlowSummaryImpl::Private::Steps::summaryLocalStep(src, sink, false)
@@ -100,31 +100,90 @@ private module Cached {

 import Cached

-private RefType getElementType(RefType container) {
-  result = container.(Array).getComponentType() or
-  result = container.(CollectionType).getElementType() or
-  result = container.(MapType).getValueType()
-}
-
 /**
- * Holds if default `TaintTracking::Configuration`s should allow implicit reads
- * of `c` at sinks and inputs to additional taint steps.
+ * These configurations add a number of configuration-dependent additional taint
+ * steps to all taint configurations. For each sink or additional step provided
+ * by a given configuration the types are inspected to find those implicit
+ * collection or array read steps that might be required at the sink or step
+ * input. The corresponding store steps are then added as additional taint steps
+ * to provide backwards-compatible taint flow to such sinks and steps.
+ *
+ * This is a temporary measure until support is added for such sinks that
+ * require implicit read steps.
 */
-bindingset[node]
-predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) {
-  exists(RefType container |
-    (node.asExpr() instanceof Argument or node instanceof ArgumentNode) and
-    getElementType*(node.getType()) = container
-  |
-    container instanceof Array and
-    c instanceof DataFlow::ArrayContent
-    or
-    container instanceof CollectionType and
-    c instanceof DataFlow::CollectionContent
-    or
-    container instanceof MapType and
-    c instanceof DataFlow::MapValueContent
-  )
+private module StoreTaintSteps {
+  private import semmle.code.java.dataflow.TaintTracking
+  private import semmle.code.java.dataflow.TaintTracking2
+
+  private class StoreTaintConfig extends TaintTracking::Configuration {
+    StoreTaintConfig() { this instanceof TaintTracking::Configuration or none() }
+
+    override predicate isSource(DataFlow::Node n) { none() }
+
+    override predicate isSink(DataFlow::Node n) { none() }
+
+    private predicate needsTaintStore(RefType container, Type elem, Content f) {
+      exists(DataFlow::Node arg |
+        (isSink(arg) or isAdditionalTaintStep(arg, _)) and
+        (arg.asExpr() instanceof Argument or arg instanceof ArgumentNode) and
+        arg.getType() = container
+        or
+        needsTaintStore(_, container, _)
+      |
+        container.(Array).getComponentType() = elem and
+        f instanceof ArrayContent
+        or
+        container.(CollectionType).getElementType() = elem and
+        f instanceof CollectionContent
+        or
+        container.(MapType).getValueType() = elem and
+        f instanceof MapValueContent
+      )
+    }
+
+    override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+      exists(Content f, Type elem |
+        storeStep(node1, f, node2) and
+        needsTaintStore(_, elem, f) and
+        not exists(Type srctyp | srctyp = node1.getTypeBound() | not compatibleTypes(srctyp, elem))
+      )
+    }
+  }
+
+  private class StoreTaintConfig2 extends TaintTracking2::Configuration {
+    StoreTaintConfig2() { this instanceof TaintTracking2::Configuration or none() }
+
+    override predicate isSource(DataFlow::Node n) { none() }
+
+    override predicate isSink(DataFlow::Node n) { none() }
+
+    private predicate needsTaintStore(RefType container, Type elem, Content f) {
+      exists(DataFlow::Node arg |
+        (isSink(arg) or isAdditionalTaintStep(arg, _)) and
+        (arg.asExpr() instanceof Argument or arg instanceof ArgumentNode) and
+        arg.getType() = container
+        or
+        needsTaintStore(_, container, _)
+      |
+        container.(Array).getComponentType() = elem and
+        f instanceof ArrayContent
+        or
+        container.(CollectionType).getElementType() = elem and
+        f instanceof CollectionContent
+        or
+        container.(MapType).getValueType() = elem and
+        f instanceof MapValueContent
+      )
+    }
+
+    override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
+      exists(Content f, Type elem |
+        storeStep(node1, f, node2) and
+        needsTaintStore(_, elem, f) and
+        not exists(Type srctyp | srctyp = node1.getTypeBound() | not compatibleTypes(srctyp, elem))
+      )
+    }
+  }
 }

 /**
--- a/java/ql/src/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
@@ -105,11 +105,6 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
-    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
-    defaultImplicitTaintRead(node, c)
-  }
-
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/java/ql/src/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
@@ -105,11 +105,6 @@ abstract class Configuration extends DataFlow::Configuration {
    defaultAdditionalTaintStep(node1, node2)
  }

-  override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
-    (this.isSink(node) or this.isAdditionalTaintStep(node, _)) and
-    defaultImplicitTaintRead(node, c)
-  }
-
  /**
   * Holds if taint may flow from `source` to `sink` for this configuration.
   */
--- a/java/ql/src/semmle/code/java/frameworks/JaxWS.qll
+++ b/java/ql/src/semmle/code/java/frameworks/JaxWS.qll
@@ -604,13 +604,13 @@ private class FormModel extends SummaryModelCsv {
    row =
      [
        "javax.ws.rs.core;Form;false;Form;;;MapKey of Argument[0];Argument[-1];taint",
-        "javax.ws.rs.core;Form;false;Form;;;Element of MapValue of Argument[0];Argument[-1];taint",
+        "javax.ws.rs.core;Form;false;Form;;;MapValue of Argument[0];Argument[-1];taint",
        "javax.ws.rs.core;Form;false;Form;;;Argument[0..1];Argument[-1];taint",
        "javax.ws.rs.core;Form;true;asMap;;;Argument[-1];ReturnValue;taint",
        "javax.ws.rs.core;Form;true;param;;;Argument[0..1];Argument[-1];taint",
        "javax.ws.rs.core;Form;true;param;;;Argument[-1];ReturnValue;value",
        "jakarta.ws.rs.core;Form;false;Form;;;MapKey of Argument[0];Argument[-1];taint",
-        "jakarta.ws.rs.core;Form;false;Form;;;Element of MapValue of Argument[0];Argument[-1];taint",
+        "jakarta.ws.rs.core;Form;false;Form;;;MapValue of Argument[0];Argument[-1];taint",
        "jakarta.ws.rs.core;Form;false;Form;;;Argument[0..1];Argument[-1];taint",
        "jakarta.ws.rs.core;Form;true;asMap;;;Argument[-1];ReturnValue;taint",
        "jakarta.ws.rs.core;Form;true;param;;;Argument[0..1];Argument[-1];taint",
--- a/java/ql/src/semmle/code/java/frameworks/Optional.qll
+++ b/java/ql/src/semmle/code/java/frameworks/Optional.qll
@@ -1,21 +0,0 @@
-/** Definitions related to `java.util.Optional`. */
-
-import semmle.code.java.dataflow.ExternalFlow
-
-private class OptionalModel extends SummaryModelCsv {
-  override predicate row(string s) {
-    s =
-      [
-        "java.util;Optional;false;filter;;;Element of Argument[-1];Element of ReturnValue;value",
-        "java.util;Optional;false;get;;;Element of Argument[-1];ReturnValue;value",
-        "java.util;Optional;false;of;;;Argument[0];Element of ReturnValue;value",
-        "java.util;Optional;false;ofNullable;;;Argument[0];Element of ReturnValue;value",
-        "java.util;Optional;false;or;;;Element of Argument[-1];Element of ReturnValue;value",
-        "java.util;Optional;false;orElse;;;Element of Argument[-1];ReturnValue;value",
-        "java.util;Optional;false;orElse;;;Argument[0];ReturnValue;value",
-        "java.util;Optional;false;orElseGet;;;Element of Argument[-1];ReturnValue;value",
-        "java.util;Optional;false;orElseThrow;;;Element of Argument[-1];ReturnValue;value",
-        "java.util;Optional;false;stream;;;Element of Argument[-1];Element of ReturnValue;value"
-      ]
-  }
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Arthur Baars	f4f81886d7	Java: update @id of experimental ExecTainted.ql query	2021-06-28 13:18:25 +02:00
Arthur Baars	e7a3ca2ed4	Revert "Java: remove duplicate query" This reverts commit `0b59e408ba`.	2021-06-28 13:15:10 +02:00
Arthur Baars	0b59e408ba	Java: remove duplicate query	2021-06-28 12:29:54 +02:00