Revert "JS: Recognize DomSanitizer from @angular/core"

This reverts commit ff1d0cc4c7.

.bazelrc

@@ -1,3 +0,0 @@
-build --repo_env=CC=clang --repo_env=CXX=clang++ --copt="-std=c++17"
-
-try-import %workspace%/local.bazelrc

.bazelversion

@@ -1 +0,0 @@
-5.0.0

.codeqlmanifest.json

@@ -0,0 +1,27 @@
+{
+    "provide": [
+        "*/ql/src/qlpack.yml",
+        "*/ql/lib/qlpack.yml",
+        "*/ql/test/qlpack.yml",
+        "*/ql/examples/qlpack.yml",
+        "*/ql/consistency-queries/qlpack.yml",
+        "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml",
+        "javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml",
+        "javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml",
+        "javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml",
+        "csharp/ql/campaigns/Solorigate/lib/qlpack.yml",
+        "csharp/ql/campaigns/Solorigate/src/qlpack.yml",
+        "csharp/ql/campaigns/Solorigate/test/qlpack.yml",
+        "misc/legacy-support/*/qlpack.yml",
+        "misc/suite-helpers/qlpack.yml",
+        "ruby/extractor-pack/codeql-extractor.yml",
+        "ql/extractor-pack/codeql-extractor.yml"
+    ],
+    "versionPolicies": {
+      "default": {
+        "requireChangeNotes": true,
+        "committedPrereleaseSuffix": "dev",
+        "committedVersion": "nextPatchRelease"
+      }
+    }
+}

.devcontainer/devcontainer.json

@@ -3,8 +3,6 @@
     "rust-lang.rust",
     "bungcip.better-toml",
     "github.vscode-codeql",
-    "hbenl.vscode-test-explorer",
-    "ms-vscode.test-adapter-converter",
     "slevesque.vscode-zipexplorer"
   ],
   "settings": {

.devcontainer/swift/Dockerfile

@@ -1,9 +0,0 @@
-# See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.236.0/containers/cpp/.devcontainer/base.Dockerfile
-
-# [Choice] Debian / Ubuntu version (use Debian 11, Ubuntu 18.04/22.04 on local arm64/Apple Silicon): debian-11, debian-10, ubuntu-22.04, ubuntu-20.04, ubuntu-18.04
-FROM mcr.microsoft.com/vscode/devcontainers/cpp:0-ubuntu-22.04
-
-USER root
-ADD root.sh /tmp/root.sh
-ADD update-codeql.sh /usr/local/bin/update-codeql
-RUN bash /tmp/root.sh && rm /tmp/root.sh

.devcontainer/swift/devcontainer.json

@@ -1,25 +0,0 @@
-{
-	"extensions": [
-		"github.vscode-codeql",
-		"hbenl.vscode-test-explorer",
-		"ms-vscode.test-adapter-converter",
-		"slevesque.vscode-zipexplorer",
-		"ms-vscode.cpptools"
-	],
-	"settings": {
-		"files.watcherExclude": {
-			"**/target/**": true
-		},
-		"codeQL.runningQueries.memory": 2048
-	},
-	"build": {
-		"dockerfile": "Dockerfile",
-	},
-	"runArgs": [
-		"--cap-add=SYS_PTRACE",
-		"--security-opt",
-		"seccomp=unconfined"
-	],
-	"remoteUser": "vscode",
-	"onCreateCommand": ".devcontainer/swift/user.sh"
-}

.devcontainer/swift/root.sh

@@ -1,22 +0,0 @@
-set -xe
-
-BAZELISK_VERSION=v1.12.0
-BAZELISK_DOWNLOAD_SHA=6b0bcb2ea15bca16fffabe6fda75803440375354c085480fe361d2cbf32501db
-
-apt-get update
-export DEBIAN_FRONTEND=noninteractive
-apt-get -y install --no-install-recommends \
-    zlib1g-dev \
-    uuid-dev \
-    python3-distutils \
-    python3-pip \
-    bash-completion
-
-# Install Bazel
-curl -fSsL -o /usr/local/bin/bazelisk https://github.com/bazelbuild/bazelisk/releases/download/${BAZELISK_VERSION}/bazelisk-linux-amd64
-echo "${BAZELISK_DOWNLOAD_SHA} */usr/local/bin/bazelisk" | sha256sum --check -
-chmod 0755 /usr/local/bin/bazelisk
-ln -s bazelisk /usr/local/bin/bazel
-
-# install latest codeql
-update-codeql

.devcontainer/swift/update-codeql.sh

@@ -1,20 +0,0 @@
-#!/bin/bash -e
-
-URL=https://github.com/github/codeql-cli-binaries/releases
-LATEST_VERSION=$(curl -L -s -H 'Accept: application/json' $URL/latest | sed -e 's/.*"tag_name":"\([^"]*\)".*/\1/')
-CURRENT_VERSION=v$(codeql version 2>/dev/null | sed -ne 's/.*release \([0-9.]*\)\./\1/p')
-if [[ $CURRENT_VERSION != $LATEST_VERSION ]]; then
-  if [[ $UID != 0 ]]; then
-    echo "update required, please run this script with sudo:"
-    echo "  sudo $0"
-    exit 1
-  fi
-  ZIP=$(mktemp codeql.XXXX.zip)
-  curl -fSqL -o $ZIP $URL/download/$LATEST_VERSION/codeql-linux64.zip
-  unzip -q $ZIP -d /opt
-  rm $ZIP
-  ln -sf /opt/codeql/codeql /usr/local/bin/codeql
-  echo installed version $LATEST_VERSION
-else
-  echo current version $CURRENT_VERSION is up-to-date
-fi

.devcontainer/swift/user.sh

@@ -1,13 +0,0 @@
-set -xe
-
-# add the workspace to the codeql search path
-mkdir -p /home/vscode/.config/codeql
-echo "--search-path /workspaces/codeql" > /home/vscode/.config/codeql/config
-
-# create a swift extractor pack with the current state
-cd /workspaces/codeql
-bazel run swift/create-extractor-pack
-
-#install and set up pre-commit
-python3 -m pip install pre-commit --no-warn-script-location
-$HOME/.local/bin/pre-commit install

.gitattributes

@@ -39,7 +39,6 @@
 *.py text
 *.lua text
 *.expected text
-*.go text
 
 # Explicitly set a bunch of known extensions to binary, because Git < 2.10 will treat
 # `* text=auto eol=lf` as `* text eol=lf`
@@ -53,14 +52,6 @@
 java/ql/test/stubs/**/*.java linguist-generated=true
 java/ql/test/experimental/stubs/**/*.java linguist-generated=true
 
-# Force git not to modify line endings for go or html files under the go/ql directory
-go/ql/**/*.go -text
-go/ql/**/*.html -text
-# Force git not to modify line endings for go dbschemes
-go/*.dbscheme -text
-# Preserve unusual line ending from codeql-go merge
-go/extractor/opencsv/CSVReader.java -text
-
 # For some languages, upgrade script testing references really old dbscheme
 # files from legacy upgrades that have CRLF line endings. Since upgrade
 # resolution relies on object hashes, we must suppress line ending conversion

.github/actions/fetch-codeql/action.yml

@@ -3,22 +3,12 @@ description: Fetches the latest version of CodeQL
 runs:
   using: composite
   steps:
-    - name: Select platform - Linux
-      if: runner.os == 'Linux'
-      shell: bash
-      run: echo "GA_CODEQL_CLI_PLATFORM=linux64" >> $GITHUB_ENV
-
-    - name: Select platform - MacOS
-      if: runner.os == 'MacOS'
-      shell: bash
-      run: echo "GA_CODEQL_CLI_PLATFORM=osx64" >> $GITHUB_ENV
-
     - name: Fetch CodeQL
       shell: bash
       run: |
         LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
-        gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-$GA_CODEQL_CLI_PLATFORM.zip "$LATEST"
-        unzip -q -d "${RUNNER_TEMP}" codeql-$GA_CODEQL_CLI_PLATFORM.zip
+        gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
+        unzip -q -d "${RUNNER_TEMP}" codeql-linux64.zip
         echo "${RUNNER_TEMP}/codeql" >> "${GITHUB_PATH}"
       env:
         GITHUB_TOKEN: ${{ github.token }}

.github/dependabot.yml

@@ -16,11 +16,3 @@ updates:
     directory: "ruby/autobuilder"
     schedule:
       interval: "daily"
-
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"
-    ignore:
-      - dependency-name: '*'
-        update-types: ['version-update:semver-patch', 'version-update:semver-minor']

.github/labeler.yml

@@ -6,23 +6,14 @@
   - csharp/**/*
   - change-notes/**/*csharp*
 
-Go:
-  - go/**/*
-  - change-notes/**/*go.*
-
 Java:
-  - any: [ 'java/**/*', '!java/kotlin-extractor/**/*', '!java/kotlin-explorer/**/*', '!java/ql/test/kotlin/**/*' ]
+  - java/**/*
   - change-notes/**/*java.*
 
 JS:
-  - any: [ 'javascript/**/*', '!javascript/ql/experimental/adaptivethreatmodeling/**/*' ]
+  - javascript/**/*
   - change-notes/**/*javascript*
 
-Kotlin:
-  - java/kotlin-extractor/**/*
-  - java/kotlin-explorer/**/*
-  - java/ql/test/kotlin/**/*
-
 Python:
   - python/**/*
   - change-notes/**/*python*
@@ -31,14 +22,10 @@ Ruby:
   - ruby/**/*
   - change-notes/**/*ruby*
 
-Swift:
-  - swift/**/*
-  - change-notes/**/*swift*
-
 documentation:
   - "**/*.qhelp"
   - "**/*.md"
   - docs/**/*
 
-"QL-for-QL":
-  - ql/**/*
+"QL-for-QL": 
+  - ql/**/*

.github/problem-matchers/codeql-query-format.json

@@ -1,14 +0,0 @@
-{
-    "problemMatcher": [
-        {
-            "owner": "codeql-query-format",
-            "pattern": [
-                {
-                    "regexp": "^((.*) would change by autoformatting\\.)$",
-                    "file": 2,
-                    "message": 1
-                }
-            ]
-        }
-    ]
-}

.github/problem-matchers/codeql-syntax-check.json

@@ -1,17 +0,0 @@
-{
-    "problemMatcher": [
-        {
-            "owner": "codeql-syntax-check",
-            "pattern": [
-                {
-                    "regexp": "^((ERROR|WARNING): .* \\((.*):(\\d+),(\\d+)-\\d+\\))$",
-                    "message": 1,
-                    "file": 3,
-                    "line": 4,
-                    "col": 5,
-                    "severity": 2
-                }
-            ]
-        }
-    ]
-}

.github/problem-matchers/codeql-test-run.json

@@ -1,14 +0,0 @@
-{
-    "problemMatcher": [
-        {
-            "owner": "codeql-test-run",
-            "pattern": [
-                {
-                    "regexp": "(\\[.*\\] FAILED\\((RESULT|COMPILATION)\\) (.*))$",
-                    "file": 3,
-                    "message": 1
-                }
-            ]
-        }
-    ]
-}

.github/problem-matchers/make.json

@@ -1,13 +0,0 @@
-{
-    "problemMatcher": [
-        {
-            "owner": "make",
-            "pattern": [
-                {
-                    "regexp": "^(make: \\*\\*\\* .*)$",
-                    "message": 1
-                }
-            ]
-        }
-    ]
-}

.github/workflows/check-change-note.yml

@@ -10,7 +10,6 @@ on:
       - "*/ql/lib/**/*.qll"
       - "!**/experimental/**"
       - "!ql/**"
-      - "!swift/**"
       - ".github/workflows/check-change-note.yml"
 
 jobs:

.github/workflows/check-qldoc.yml

@@ -22,7 +22,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
         with:
           fetch-depth: 2
 
@@ -30,17 +30,13 @@ jobs:
         shell: bash
         run: |
           EXIT_CODE=0
-          # TODO: remove the swift exception from the regex when we fix generated QLdoc
-          changed_lib_packs="$(git diff --name-only --diff-filter=ACMRT HEAD^ HEAD | { grep -Po '^(?!swift)[a-z]*/ql/lib' || true; } | sort -u)"
+          changed_lib_packs="$(git diff --name-only --diff-filter=ACMRT HEAD^ HEAD | { grep -o '^[a-z]*/ql/lib' || true; } | sort -u)"
           for pack_dir in ${changed_lib_packs}; do
             lang="${pack_dir%/ql/lib}"
             gh codeql generate library-doc-coverage --output="${RUNNER_TEMP}/${lang}-current.txt" --dir="${pack_dir}"
           done
           git checkout HEAD^
           for pack_dir in ${changed_lib_packs}; do
-            # When we add a new language, pack_dir would not exist in HEAD^.
-            # In this case the right thing to do is to skip the check.
-            [[ ! -d "${pack_dir}" ]] && continue
             lang="${pack_dir%/ql/lib}"
             gh codeql generate library-doc-coverage --output="${RUNNER_TEMP}/${lang}-baseline.txt" --dir="${pack_dir}"
             awk -F, '{gsub(/"/,""); if ($4==0 && $6=="public") print "\""$3"\"" }' "${RUNNER_TEMP}/${lang}-current.txt" | sort -u > "${RUNNER_TEMP}/current-undocumented.txt"

.github/workflows/close-stale.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/stale@v5
+    - uses: actions/stale@v3
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: 'This issue is stale because it has been open 14 days with no activity. Comment or remove the `Stale` label in order to avoid having this issue closed in 7 days.'

.github/workflows/codeql-analysis.yml

@@ -28,12 +28,12 @@ jobs:
 
     steps:
     - name: Setup dotnet
-      uses: actions/setup-dotnet@v2
+      uses: actions/setup-dotnet@v1
       with:
-        dotnet-version: 6.0.202
+        dotnet-version: 6.0.101
 
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
@@ -49,7 +49,7 @@ jobs:
     #  uses: github/codeql-action/autobuild@main
 
     # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+    # 📚 https://git.io/JvXDl
 
     # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
     #    and modify them (or add more) to build your code if your project

.github/workflows/csv-coverage-metrics.yml

@@ -14,11 +14,11 @@ on:
       - ".github/workflows/csv-coverage-metrics.yml"
 
 jobs:
-  publish-java:
+  publish:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
       - name: Setup CodeQL
         uses: ./.github/actions/fetch-codeql
       - name: Create empty database
@@ -31,40 +31,13 @@ jobs:
       - name: Capture coverage information
         run: |
           DATABASE="${{ runner.temp }}/java-database"
-          codeql database analyze --format=sarif-latest --output=metrics-java.sarif -- "$DATABASE" ./java/ql/src/Metrics/Summaries/FrameworkCoverage.ql
-      - uses: actions/upload-artifact@v3
+          codeql database analyze --format=sarif-latest --output=metrics.sarif -- "$DATABASE" ./java/ql/src/Metrics/Summaries/FrameworkCoverage.ql
+      - uses: actions/upload-artifact@v2
         with:
-          name: metrics-java.sarif
-          path: metrics-java.sarif
+          name: metrics.sarif
+          path: metrics.sarif
           retention-days: 20
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@main
+        uses: github/codeql-action/upload-sarif@v1
         with:
-          sarif_file: metrics-java.sarif
-  
-  publish-csharp:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-      - name: Setup CodeQL
-        uses: ./.github/actions/fetch-codeql
-      - name: Create empty database
-        run: |
-          DATABASE="${{ runner.temp }}/csharp-database"
-          PROJECT="${{ runner.temp }}/csharp-project"
-          dotnet new classlib --language=C# --output="$PROJECT"
-          codeql database create "$DATABASE" --language=csharp --source-root="$PROJECT" --command 'dotnet build /t:rebuild csharp-project.csproj /p:UseSharedCompilation=false'
-      - name: Capture coverage information
-        run: |
-          DATABASE="${{ runner.temp }}/csharp-database"
-          codeql database analyze --format=sarif-latest --output=metrics-csharp.sarif -- "$DATABASE" ./csharp/ql/src/Metrics/Summaries/FrameworkCoverage.ql
-      - uses: actions/upload-artifact@v3
-        with:
-          name: metrics-csharp.sarif
-          path: metrics-csharp.sarif
-          retention-days: 20
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@main
-        with:
-          sarif_file: metrics-csharp.sarif
+          sarif_file: metrics.sarif

.github/workflows/csv-coverage-pr-artifacts.yml

@@ -28,11 +28,11 @@ jobs:
         GITHUB_CONTEXT: ${{ toJSON(github.event) }}
       run: echo "$GITHUB_CONTEXT"
     - name: Clone self (github/codeql) - MERGE
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         path: merge
     - name: Clone self (github/codeql) - BASE
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         fetch-depth: 2
         path: base
@@ -41,7 +41,7 @@ jobs:
         git log -1 --format='%H'
       working-directory: base
     - name: Set up Python 3.8
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v2
       with:
         python-version: 3.8
     - name: Download CodeQL CLI
@@ -69,21 +69,21 @@ jobs:
       run: |
         python base/misc/scripts/library-coverage/compare-folders.py out_base out_merge comparison.md
     - name: Upload CSV package list
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v2
       with:
         name: csv-framework-coverage-merge
         path: |
           out_merge/framework-coverage-*.csv
           out_merge/framework-coverage-*.rst
     - name: Upload CSV package list
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v2
       with:
         name: csv-framework-coverage-base
         path: |
           out_base/framework-coverage-*.csv
           out_base/framework-coverage-*.rst
     - name: Upload comparison results
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v2
       with:
         name: comparison
         path: |
@@ -93,7 +93,7 @@ jobs:
         mkdir -p pr
         echo ${{ github.event.pull_request.number }} > pr/NR
     - name: Upload PR number
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v2
       with:
         name: pr
         path: pr/

.github/workflows/csv-coverage-pr-comment.yml

@@ -20,9 +20,9 @@ jobs:
         GITHUB_CONTEXT: ${{ toJSON(github.event) }}
       run: echo "$GITHUB_CONTEXT"
     - name: Clone self (github/codeql)
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
     - name: Set up Python 3.8
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v2
       with:
         python-version: 3.8
 

.github/workflows/csv-coverage-timeseries.yml

@@ -10,16 +10,16 @@ jobs:
 
     steps:
     - name: Clone self (github/codeql)
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         path: script
     - name: Clone self (github/codeql) for analysis
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         path: codeqlModels
         fetch-depth: 0
     - name: Set up Python 3.8
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v2
       with:
         python-version: 3.8
     - name: Download CodeQL CLI
@@ -35,7 +35,7 @@ jobs:
         echo $CLI
         PATH="$PATH:$CLI" python script/misc/scripts/library-coverage/generate-timeseries.py codeqlModels
     - name: Upload timeseries CSV
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v2
       with:
         name: framework-coverage-timeseries
         path: framework-coverage-timeseries-*.csv

.github/workflows/csv-coverage-update.yml

@@ -17,12 +17,12 @@ jobs:
         GITHUB_CONTEXT: ${{ toJSON(github.event) }}
       run: echo "$GITHUB_CONTEXT"
     - name: Clone self (github/codeql)
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         path: ql
         fetch-depth: 0
     - name: Set up Python 3.8
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v2
       with:
         python-version: 3.8
     - name: Download CodeQL CLI

.github/workflows/csv-coverage.yml

@@ -14,16 +14,16 @@ jobs:
 
     steps:
     - name: Clone self (github/codeql)
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         path: script
     - name: Clone self (github/codeql) for analysis
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         path: codeqlModels
         ref: ${{ github.event.inputs.qlModelShaOverride || github.ref }}
     - name: Set up Python 3.8
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v2
       with:
         python-version: 3.8
     - name: Download CodeQL CLI
@@ -37,12 +37,12 @@ jobs:
       run: |
         PATH="$PATH:codeql-cli/codeql" python script/misc/scripts/library-coverage/generate-report.py ci codeqlModels script
     - name: Upload CSV package list
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v2
       with:
         name: framework-coverage-csv
         path: framework-coverage-*.csv
     - name: Upload RST package list
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v2
       with:
         name: framework-coverage-rst
         path: framework-coverage-*.rst

.github/workflows/go-tests.yml

@@ -1,162 +0,0 @@
-name: "Go: Run Tests"
-on:
-  pull_request:
-    paths:
-      - "go/**"
-      - .github/workflows/go-tests.yml
-      - codeql-workspace.yml
-jobs:
-
-  test-linux:
-    name: Test Linux (Ubuntu)
-    runs-on: ubuntu-latest
-    steps:
-
-    - name: Set up Go 1.18.1
-      uses: actions/setup-go@v3
-      with:
-        go-version: 1.18.1
-      id: go
-
-    - name: Set up CodeQL CLI
-      run: |
-        echo "Removing old CodeQL Directory..."
-        rm -rf $HOME/codeql
-        echo "Done"
-        cd $HOME
-        echo "Downloading CodeQL CLI..."
-        LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | sort --version-sort | grep -v beta | tail -1)
-        gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-linux64.zip "$LATEST"
-        echo "Done"
-        echo "Unpacking CodeQL CLI..."
-        unzip -q codeql-linux64.zip
-        rm -f codeql-linux64.zip
-        echo "Done"
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
-
-    - name: Check out code
-      uses: actions/checkout@v2
-
-    - name: Enable problem matchers in repository
-      shell: bash
-      run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
-
-    - name: Build
-      run: |
-        cd go
-        env PATH=$PATH:$HOME/codeql make
-
-    - name: Check that all QL and Go code is autoformatted
-      run: |
-        cd go
-        env PATH=$PATH:$HOME/codeql make check-formatting
-
-    - name: Compile qhelp files to markdown
-      run: |
-        cd go
-        env PATH=$PATH:$HOME/codeql QHELP_OUT_DIR=qhelp-out make qhelp-to-markdown
-
-    - name: Upload qhelp markdown
-      uses: actions/upload-artifact@v2
-      with:
-        name: qhelp-markdown
-        path: go/qhelp-out/**/*.md
-
-    - name: Test
-      run: |
-        cd go
-        env PATH=$PATH:$HOME/codeql make test
-
-  test-mac:
-    name: Test MacOS
-    runs-on: macOS-latest
-    steps:
-    - name: Set up Go 1.18.1
-      uses: actions/setup-go@v3
-      with:
-        go-version: 1.18.1
-      id: go
-
-    - name: Set up CodeQL CLI
-      run: |
-        echo "Removing old CodeQL Directory..."
-        rm -rf $HOME/codeql
-        echo "Done"
-        cd $HOME
-        echo "Downloading CodeQL CLI..."
-        LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | sort --version-sort | grep -v beta | tail -1)
-        gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-osx64.zip "$LATEST"
-        echo "Done"
-        echo "Unpacking CodeQL CLI..."
-        unzip -q codeql-osx64.zip
-        rm -f codeql-osx64.zip
-        echo "Done"
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
-
-    - name: Check out code
-      uses: actions/checkout@v2
-
-    - name: Enable problem matchers in repository
-      shell: bash
-      run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
-
-    - name: Build
-      run: |
-        cd go
-        env PATH=$PATH:$HOME/codeql make
-
-    - name: Test
-      run: |
-        cd go
-        env PATH=$PATH:$HOME/codeql make test
-
-  test-win:
-    name: Test Windows
-    runs-on: windows-2019
-    steps:
-    - name: Set up Go 1.18.1
-      uses: actions/setup-go@v3
-      with:
-        go-version: 1.18.1
-      id: go
-
-    - name: Set up CodeQL CLI
-      run: |
-        echo "Removing old CodeQL Directory..."
-        rm -rf $HOME/codeql
-        echo "Done"
-        cd "$HOME"
-        echo "Downloading CodeQL CLI..."
-        LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | sort --version-sort | grep -v beta | tail -1)
-        gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-win64.zip "$LATEST"
-        echo "Done"
-        echo "Unpacking CodeQL CLI..."
-        unzip -q -o codeql-win64.zip
-        unzip -q -o codeql-win64.zip codeql/codeql.exe
-        rm -f codeql-win64.zip
-        echo "Done"
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
-      shell:
-        bash
-
-    - name: Check out code
-      uses: actions/checkout@v2
-
-    - name: Enable problem matchers in repository
-      shell: bash
-      run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
-
-    - name: Build
-      run: |
-        $Env:Path += ";$HOME\codeql"
-        cd go
-        make
-
-    - name: Test
-      run: |
-        $Env:Path += ";$HOME\codeql"
-        cd go
-        make test

.github/workflows/js-ml-tests.yml

@@ -5,7 +5,6 @@ on:
     paths:
       - "javascript/ql/experimental/adaptivethreatmodeling/**"
       - .github/workflows/js-ml-tests.yml
-      - codeql-workspace.yml
     branches:
       - main
       - "rc/*"
@@ -13,8 +12,6 @@ on:
     paths:
       - "javascript/ql/experimental/adaptivethreatmodeling/**"
       - .github/workflows/js-ml-tests.yml
-      - codeql-workspace.yml
-  workflow_dispatch:
 
 defaults:
   run:
@@ -25,7 +22,7 @@ jobs:
     name: Check QL formatting
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
 
       - uses: ./.github/actions/fetch-codeql
 
@@ -38,7 +35,7 @@ jobs:
     name: Check QL compilation
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
 
       - uses: ./.github/actions/fetch-codeql
 
@@ -62,7 +59,7 @@ jobs:
     name: Run QL tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
 
       - uses: ./.github/actions/fetch-codeql
 

.github/workflows/labeler.yml

@@ -4,11 +4,8 @@ on:
 
 jobs:
   triage:
-    permissions:
-      contents: read
-      pull-requests: write
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@v4
+    - uses: actions/labeler@v2
       with:
         repo-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/mad_modelDiff.yml

@@ -27,12 +27,12 @@ jobs:
         slug: ${{fromJson(github.event.inputs.projects || '["apache/commons-codec", "apache/commons-io", "apache/commons-beanutils", "apache/commons-logging", "apache/commons-fileupload", "apache/commons-lang", "apache/commons-validator", "apache/commons-csv", "apache/dubbo"]' )}}
     steps:
       - name: Clone github/codeql from PR
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
         if: github.event.pull_request
         with:
           path: codeql-pr
       - name: Clone github/codeql from main
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
         with:
           path: codeql-main
           ref: main
@@ -61,7 +61,7 @@ jobs:
             DATABASE=$2
             cd codeql-$QL_VARIANT
             SHORTNAME=`basename $DATABASE`
-            python java/ql/src/utils/model-generator/GenerateFlowModel.py --with-summaries --with-sinks $DATABASE $MODELS/${SHORTNAME}.qll
+            python java/ql/src/utils/model-generator/GenerateFlowModel.py $DATABASE $MODELS/${SHORTNAME}.qll
             mv $MODELS/${SHORTNAME}.qll $MODELS/${SHORTNAME}Generated_${QL_VARIANT}.qll
             cd ..
           }
@@ -91,12 +91,12 @@ jobs:
             name="diff_${basename/_main.qll/""}"
             (diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true
           done
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v2
         with:
           name: models
           path: tmp-models/*.qll
           retention-days: 20
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v2
         with:
           name: diffs
           path: tmp-models/*.html

.github/workflows/mad_regenerate-models.yml

@@ -20,17 +20,17 @@ jobs:
         ref: ["placeholder"]
         include:
           - slug: "apache/commons-io"
-            ref: "13258ce2d07aa0e764bbaa8020af4dcd3a02a620"
+            ref: "8985de8fe74f6622a419b37a6eed0dbc484dc128"
         exclude:
           - slug: "placeholder"
             ref: "placeholder"
     steps:
       - name: Clone self (github/codeql)
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
       - name: Setup CodeQL binaries
         uses: ./.github/actions/fetch-codeql
       - name: Clone repositories
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
         with:
           path: repos/${{ matrix.ref }}
           ref: ${{ matrix.ref }}
@@ -55,7 +55,7 @@ jobs:
           find java -name "*.qll" -print0 | xargs -0 git add
           git status
           git diff --cached > models.patch
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v2
         with:
           name: patch
           path: models.patch

.github/workflows/post-pr-comment.yml

@@ -1,17 +1,12 @@
-# This workflow is the second part of the process described in
-# .github/workflows/qhelp-pr-preview.yml
-# See that file for more info.
-
-name: Post PR comment
+name: Post pull-request comment
 on:
   workflow_run:
-    workflows: [Render QHelp changes]
+    workflows: ["Query help preview"]
     types:
       - completed
 
 permissions:
   pull-requests: write
-  actions: read
 
 jobs:
   post_comment:
@@ -22,53 +17,15 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ github.token }}
           WORKFLOW_RUN_ID: ${{ github.event.workflow_run.id }}
-
-      - name: Check that PR SHA matches workflow SHA
-        run: |
-          PR="$(grep -o '^[0-9]\+$' pr_number.txt)"
+      - run: |
+          PR="$(grep -o '^[0-9]\+$' pr.txt)"
           PR_HEAD_SHA="$(gh api "/repos/${GITHUB_REPOSITORY}/pulls/${PR}" --jq .head.sha)"
           # Check that the pull-request head SHA matches the head SHA of the workflow run
           if [ "${WORKFLOW_RUN_HEAD_SHA}" != "${PR_HEAD_SHA}" ]; then
             echo "PR head SHA ${PR_HEAD_SHA} does not match workflow_run event SHA ${WORKFLOW_RUN_HEAD_SHA}. Stopping." 1>&2
             exit 1
           fi
+          gh pr comment "${PR}" --repo "${GITHUB_REPOSITORY}" -F comment.txt
         env:
           GITHUB_TOKEN: ${{ github.token }}
           WORKFLOW_RUN_HEAD_SHA: ${{ github.event.workflow_run.head_commit.id }}
-
-      - name: Create or update comment
-        run: |
-          COMMENT_PREFIX="QHelp previews"
-          COMMENT_AUTHOR="github-actions[bot]"
-          PR_NUMBER="$(grep -o '^[0-9]\+$' pr_number.txt)"
-
-          # If there is no existing comment, comment_id.txt will contain just a
-          # newline (due to jq & gh behaviour). This will cause grep to fail, so
-          # we catch that.
-          RAW_COMMENT_ID=$(grep -o '^[0-9]\+$' comment_id.txt || true)
-
-          if [ $RAW_COMMENT_ID ]
-          then
-            # Fetch existing comment, and validate:
-            # - comment belongs to the PR with number $PR_NUMBER
-            # - comment starts with the expected prefix ("QHelp previews")
-            # - comment author is github-actions[bot]
-            FILTER='select(.issue_url | endswith($repo+"/issues/"+$pr))
-                  | select(.body | startswith($prefix))
-                  | select(.user.login == $author)
-                  | .id'
-            COMMENT_ID=$(gh api "repos/${GITHUB_REPOSITORY}/issues/comments/${RAW_COMMENT_ID}" | jq --arg repo "${GITHUB_REPOSITORY}" --arg pr "${PR_NUMBER}" --arg prefix "${COMMENT_PREFIX}" --arg author "${COMMENT_AUTHOR}" "${FILTER}")
-            if [ $COMMENT_ID ]
-            then
-              # Update existing comment
-              jq --rawfile body comment_body.txt '{"body":$body}' -n | gh api "repos/${GITHUB_REPOSITORY}/issues/comments/${COMMENT_ID}" -X PATCH --input -
-            else
-              echo "Comment ${RAW_COMMENT_ID} did not pass validations: not editing." >&2
-              exit 1
-            fi
-          else
-            # Create new comment
-            jq --rawfile body comment_body.txt '{"body":$body}' -n | gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" -X POST --input -
-          fi
-        env:
-          GITHUB_TOKEN: ${{ github.token }}

.github/workflows/qhelp-pr-preview.yml

@@ -1,25 +1,7 @@
-# This workflow checks for any changes in .qhelp files in pull requests.
-# For any changed files, it renders them to markdown in a file called `comment_body.txt`.
-# It then checks if there's an existing comment on the pull request generated by
-# this workflow, and writes the comment ID to `comment_id.txt`.
-# It also writes the PR number to `pr_number.txt`.
-# These three files are uploaded as an artifact.
-
-# When this workflow completes, the workflow "Post PR comment" runs.
-# It downloads the artifact and adds a comment to the PR with the rendered
-# QHelp.
-
-# The task is split like this because creating PR comments requires extra
-# permissions that we don't want to expose to PRs from external forks.
-
-# For more info see:
-# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run
-# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
-name: Render QHelp changes
+name: Query help preview
 
 permissions:
   contents: read
-  pull-requests: read
 
 on:
   pull_request:
@@ -33,17 +15,13 @@ jobs:
   qhelp:
     runs-on: ubuntu-latest
     steps:
-      - run: echo "${PR_NUMBER}" > pr_number.txt
-        env:
-          PR_NUMBER: ${{ github.event.number }}
-      - uses: actions/upload-artifact@v3
+      - run: echo "${{  github.event.number }}" > pr.txt
+      - uses: actions/upload-artifact@v2
         with:
           name: comment
-          path: pr_number.txt
-          if-no-files-found: error
+          path: pr.txt
           retention-days: 1
-
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
         with:
           fetch-depth: 2
           persist-credentials: false
@@ -58,7 +36,7 @@ jobs:
       - name: QHelp preview
         run: |
           EXIT_CODE=0
-          echo "QHelp previews:" > comment_body.txt
+          echo "QHelp previews:" > comment.txt
           while read -r -d $'\0' path; do
             if [ ! -f "${path}" ]; then
                exit 1
@@ -74,29 +52,12 @@ jobs:
                echo '```'
             fi
             echo "</details>"
-          done < "${RUNNER_TEMP}/paths.txt" >> comment_body.txt
+          done < "${RUNNER_TEMP}/paths.txt" >> comment.txt
           exit "${EXIT_CODE}"
 
       - if: always()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v2
         with:
           name: comment
-          path: comment_body.txt
-          if-no-files-found: error
-          retention-days: 1
-
-      - name: Save ID of existing QHelp comment (if it exists)
-        run: |
-          # Find the latest comment starting with "QHelp previews"
-          COMMENT_PREFIX="QHelp previews"
-          gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" --paginate | jq --arg prefix "${COMMENT_PREFIX}" '[.[] | select(.body|startswith($prefix)) | .id] | max' > comment_id.txt
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          PR_NUMBER: ${{ github.event.number }}
-
-      - uses: actions/upload-artifact@v3
-        with:
-          name: comment
-          path: comment_id.txt
-          if-no-files-found: error
+          path: comment.txt
           retention-days: 1

.github/workflows/ql-for-ql-build.yml

@@ -10,14 +10,13 @@ env:
   CARGO_TERM_COLOR: always
 
 jobs:
-  analyze:
-    runs-on: ubuntu-latest-xl
+  queries:
+    runs-on: ubuntu-latest
     steps:
-      ### Build the queries ###
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
       - name: Find codeql
         id: find-codeql
-        uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
+        uses: github/codeql-action/init@erik-krogh/ql
         with:
           languages: javascript # does not matter
       - name: Get CodeQL version
@@ -29,7 +28,7 @@ jobs:
           CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
       - name: Cache queries
         id: cache-queries
-        uses: actions/cache@v3
+        uses: actions/cache@v2
         with:
           path: ${{ runner.temp }}/query-pack.zip
           key: queries-${{ hashFiles('ql/**/*.ql*') }}-${{ hashFiles('ql/**/qlpack.yml') }}-${{ hashFiles('ql/ql/src/ql.dbscheme*') }}-${{ steps.get-codeql-version.outputs.version }}
@@ -44,15 +43,22 @@ jobs:
           CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
           PACKZIP: ${{ runner.temp }}/query-pack.zip
       - name: Upload query pack
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v2
         with:
           name: query-pack-zip
           path: ${{ runner.temp }}/query-pack.zip
 
-      ### Build the extractor ###
+  extractors:
+    strategy:
+      fail-fast: false
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
       - name: Cache entire extractor
         id: cache-extractor
-        uses: actions/cache@v3
+        uses: actions/cache@v2
         with:
           path: |
             ql/target/release/ql-autobuilder
@@ -62,7 +68,7 @@ jobs:
           key: ${{ runner.os }}-extractor-${{ hashFiles('ql/**/Cargo.lock') }}-${{ hashFiles('ql/**/*.rs') }}
       - name: Cache cargo
         if: steps.cache-extractor.outputs.cache-hit != 'true'
-        uses: actions/cache@v3
+        uses: actions/cache@v2
         with:
           path: |
             ~/.cargo/registry
@@ -84,7 +90,7 @@ jobs:
       - name: Generate dbscheme
         if: steps.cache-extractor.outputs.cache-hit != 'true'
         run: ql/target/release/ql-generator --dbscheme ql/ql/src/ql.dbscheme --library ql/ql/src/codeql_ql/ast/internal/TreeSitter.qll
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v2
         with:
           name: extractor-ubuntu-latest
           path: |
@@ -93,13 +99,20 @@ jobs:
             ql/target/release/ql-extractor
             ql/target/release/ql-extractor.exe
           retention-days: 1
+  package:
+    runs-on: ubuntu-latest
 
-      ### Package the queries and extractor ###
-      - uses: actions/download-artifact@v3
+    needs:
+      - extractors
+      - queries
+
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/download-artifact@v2
         with:
           name: query-pack-zip
           path: query-pack-zip
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v2
         with:
           name: extractor-ubuntu-latest
           path: linux64
@@ -117,15 +130,23 @@ jobs:
           fi
           cd pack
           zip -rq ../codeql-ql.zip .
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v2
         with:
           name: codeql-ql-pack
           path: codeql-ql.zip
           retention-days: 1
+  analyze:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        folder: [cpp, csharp, java, javascript, python, ql, ruby]
 
-      ### Run the analysis ###
+    needs:
+      - package
+
+    steps:
       - name: Download pack
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v2
         with:
           name: codeql-ql-pack
           path: ${{ runner.temp }}/codeql-ql-pack-artifact
@@ -138,51 +159,41 @@ jobs:
           PACK: ${{ runner.temp }}/pack
       - name: Hack codeql-action options
         run: |
-          JSON=$(jq -nc --arg pack "${PACK}" '.database."run-queries"=["--search-path", $pack] | .resolve.queries=["--search-path", $pack] | .resolve.extractor=["--search-path", $pack] | .database.init=["--search-path", $pack]')
+          JSON=$(jq -nc --arg pack "${PACK}" '.resolve.queries=["--search-path", $pack] | .resolve.extractor=["--search-path", $pack] | .database.init=["--search-path", $pack]')
           echo "CODEQL_ACTION_EXTRA_OPTIONS=${JSON}" >> ${GITHUB_ENV}
         env:
           PACK: ${{ runner.temp }}/pack
 
+      - name: Checkout repository
+        uses: actions/checkout@v2
       - name: Create CodeQL config file
         run: |
+          echo "paths:" > ${CONF}
+          echo "  - ${FOLDER}" >> ${CONF}
           echo "paths-ignore:" >> ${CONF}
-          echo "  - ql/ql/test" >> ${CONF} 
-          echo "  - \"*/ql/lib/upgrades/\"" >> ${CONF} 
-          echo "disable-default-queries: true" >> ${CONF}
-          echo "packs:" >> ${CONF}
-          echo "  - codeql/ql" >> ${CONF}
+          echo "  - ql/ql/test" >> ${CONF}
           echo "Config file: "
           cat ${CONF}
         env: 
           CONF: ./ql-for-ql-config.yml
+          FOLDER: ${{ matrix.folder }}
+
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
+        uses: github/codeql-action/init@erik-krogh/ql
         with:
           languages: ql
           db-location: ${{ runner.temp }}/db
           config-file: ./ql-for-ql-config.yml
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@aa93aea877e5fb8841bcb1193f672abf6e9f2980
+        uses: github/codeql-action/analyze@erik-krogh/ql
         with: 
-          category: "ql-for-ql"
+          category: "ql-for-ql-${{ matrix.folder }}"
       - name: Copy sarif file to CWD
-        run: cp ../results/ql.sarif ./ql-for-ql.sarif
-      - name: Fixup the $scema in sarif  # Until https://github.com/microsoft/sarif-vscode-extension/pull/436/ is part in a stable release
-        run: |
-          sed -i 's/\$schema.*/\$schema": "https:\/\/raw.githubusercontent.com\/oasis-tcs\/sarif-spec\/master\/Schemata\/sarif-schema-2.1.0",/' ql-for-ql.sarif 
+        run: cp ../results/ql.sarif ./${{ matrix.folder }}.sarif
       - name: Sarif as artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v2
         with:
-          name: ql-for-ql.sarif
-          path: ql-for-ql.sarif
-      - name: Split out the sarif file into langs
-        run: |
-          mkdir split-sarif
-          node ./ql/scripts/split-sarif.js ql-for-ql.sarif split-sarif
-      - name: Upload langs as artifacts
-        uses: actions/upload-artifact@v3
-        with:
-          name: ql-for-ql-langs
-          path: split-sarif
-          retention-days: 1
+          name: ${{ matrix.folder }}.sarif
+          path: ${{ matrix.folder }}.sarif
+

.github/workflows/ql-for-ql-dataset_measure.yml

@@ -19,16 +19,17 @@ jobs:
       matrix:
         repo:
           - github/codeql
+          - github/codeql-go
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
 
       - name: Find codeql
         id: find-codeql
-        uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
+        uses: github/codeql-action/init@erik-krogh/ql
         with:
           languages: javascript # does not matter
-      - uses: actions/cache@v3
+      - uses: actions/cache@v2
         with:
           path: |
             ~/.cargo/registry
@@ -36,11 +37,11 @@ jobs:
             ql/target
           key: ${{ runner.os }}-qltest-cargo-${{ hashFiles('ql/**/Cargo.lock') }}
       - name: Build Extractor
-        run: cd ql; env "PATH=$PATH:`dirname ${CODEQL}`" ./scripts/create-extractor-pack.sh
+        run: cd ql; env "PATH=$PATH:`dirname ${CODEQL}`" ./create-extractor-pack.sh
         env:
           CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
       - name: Checkout ${{ matrix.repo }}
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
         with:
           repository: ${{ matrix.repo }}
           path: ${{ github.workspace }}/repo
@@ -59,7 +60,7 @@ jobs:
           "${CODEQL}" dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ql"
         env:
           CODEQL: ${{ steps.find-codeql.outputs.codeql-path }}
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v2
         with:
           name: measurements
           path: stats
@@ -69,15 +70,15 @@ jobs:
     runs-on: ubuntu-latest
     needs: measure
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/download-artifact@v3
+      - uses: actions/checkout@v2
+      - uses: actions/download-artifact@v2
         with:
           name: measurements
           path: stats
       - run: |
           python -m pip install --user lxml
-          find stats -name 'stats.xml' -print0 | sort -z | xargs -0 python ruby/scripts/merge_stats.py --output ql/ql/src/ql.dbscheme.stats --normalise ql_tokeninfo
-      - uses: actions/upload-artifact@v3
+          find stats -name 'stats.xml' -print0 | sort -z | xargs -0 python ql/scripts/merge_stats.py --output ql/ql/src/ql.dbscheme.stats --normalise ql_tokeninfo
+      - uses: actions/upload-artifact@v2
         with:
           name: ql.dbscheme.stats
           path: ql/ql/src/ql.dbscheme.stats

.github/workflows/ql-for-ql-tests.yml

@@ -5,12 +5,10 @@ on:
     branches: [main]
     paths:
       - "ql/**"
-      - codeql-workspace.yml
   pull_request:
     branches: [main]
     paths:
       - "ql/**"
-      - codeql-workspace.yml
 
 env:
   CARGO_TERM_COLOR: always
@@ -19,13 +17,13 @@ jobs:
   qltest:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
       - name: Find codeql
         id: find-codeql
-        uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
+        uses: github/codeql-action/init@erik-krogh/ql
         with:
           languages: javascript # does not matter
-      - uses: actions/cache@v3
+      - uses: actions/cache@v2
         with:
           path: |
             ~/.cargo/registry
@@ -36,7 +34,7 @@ jobs:
         run: |
           cd ql;
           codeqlpath=$(dirname ${{ steps.find-codeql.outputs.codeql-path }});
-          env "PATH=$PATH:$codeqlpath" ./scripts/create-extractor-pack.sh
+          env "PATH=$PATH:$codeqlpath" ./create-extractor-pack.sh
       - name: Run QL tests
         run: |
           "${CODEQL}" test run --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --search-path "${{ github.workspace }}/ql/extractor-pack" --consistency-queries ql/ql/consistency-queries ql/ql/test

.github/workflows/query-list.yml

@@ -5,8 +5,6 @@ on:
     branches:
      - main
      - 'rc/**'
-    tags:
-     - 'codeql-cli/*'
   pull_request:
     paths:
       - '.github/workflows/query-list.yml'
@@ -19,23 +17,33 @@ jobs:
 
     steps:
     - name: Clone self (github/codeql)
-      uses: actions/checkout@v3
+      uses: actions/checkout@v2
       with:
         path: codeql 
+    - name: Clone github/codeql-go
+      uses: actions/checkout@v2
+      with:
+        repository: 'github/codeql-go'
+        path: codeql-go
     - name: Set up Python 3.8
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v2
       with:
         python-version: 3.8
     - name: Download CodeQL CLI
-      # Look under the `codeql` directory, as this is where we checked out the `github/codeql` repo
-      uses: ./codeql/.github/actions/fetch-codeql
+      uses: dsaltares/fetch-gh-release-asset@aa37ae5c44d3c9820bc12fe675e8670ecd93bd1c
+      with:
+        repo: "github/codeql-cli-binaries"
+        version: "latest"
+        file: "codeql-linux64.zip"
+        token: ${{ secrets.GITHUB_TOKEN }}
     - name: Unzip CodeQL CLI
       run: unzip -d codeql-cli codeql-linux64.zip
     - name: Build code scanning query list
       run: |
-        python codeql/misc/scripts/generate-code-scanning-query-list.py > code-scanning-query-list.csv
+        PATH="$PATH:codeql-cli/codeql" python codeql/misc/scripts/generate-code-scanning-query-list.py > code-scanning-query-list.csv
     - name: Upload code scanning query list
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v2
       with:
         name: code-scanning-query-list
         path: code-scanning-query-list.csv
+    

.github/workflows/ruby-build.yml

@@ -5,7 +5,6 @@ on:
     paths:
       - "ruby/**"
       - .github/workflows/ruby-build.yml
-      - codeql-workspace.yml
     branches:
       - main
       - "rc/*"
@@ -13,7 +12,6 @@ on:
     paths:
       - "ruby/**"
       - .github/workflows/ruby-build.yml
-      - codeql-workspace.yml
     branches:
       - main
       - "rc/*"
@@ -40,13 +38,13 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
       - name: Install GNU tar
         if: runner.os == 'macOS'
         run: |
           brew install gnu-tar
           echo "/usr/local/opt/gnu-tar/libexec/gnubin" >> $GITHUB_PATH
-      - uses: actions/cache@v3
+      - uses: actions/cache@v2
         with:
           path: |
             ~/.cargo/registry
@@ -64,17 +62,17 @@ jobs:
       - name: Generate dbscheme
         if: ${{ matrix.os == 'ubuntu-latest' }}
         run: target/release/ruby-generator --dbscheme ql/lib/ruby.dbscheme --library ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v2
         if: ${{ matrix.os == 'ubuntu-latest' }}
         with:
           name: ruby.dbscheme
           path: ruby/ql/lib/ruby.dbscheme
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v2
         if: ${{ matrix.os == 'ubuntu-latest' }}
         with:
           name: TreeSitter.qll
           path: ruby/ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v2
         with:
           name: extractor-${{ matrix.os }}
           path: |
@@ -88,7 +86,7 @@ jobs:
     env:
       CODEQL_THREADS: 4 # TODO: remove this once it's set by the CLI
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
       - name: Fetch CodeQL
         run: |
           LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
@@ -104,7 +102,7 @@ jobs:
           PACK_FOLDER=$(readlink -f target/packs/codeql/ruby-queries/*)
           codeql/codeql generate query-help --format=sarifv2.1.0 --output="${PACK_FOLDER}/rules.sarif" ql/src
           (cd ql/src; find queries \( -name '*.qhelp' -o -name '*.rb' -o -name '*.erb' \) -exec bash -c 'mkdir -p "'"${PACK_FOLDER}"'/$(dirname "{}")"' \; -exec cp "{}" "${PACK_FOLDER}/{}" \;)
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v2
         with:
           name: codeql-ruby-queries
           path: |
@@ -115,20 +113,20 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build, compile-queries]
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/download-artifact@v3
+      - uses: actions/checkout@v2
+      - uses: actions/download-artifact@v2
         with:
           name: ruby.dbscheme
           path: ruby/ruby
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v2
         with:
           name: extractor-ubuntu-latest
           path: ruby/linux64
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v2
         with:
           name: extractor-windows-latest
           path: ruby/win64
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v2
         with:
           name: extractor-macos-latest
           path: ruby/osx64
@@ -144,12 +142,12 @@ jobs:
           cp win64/ruby-extractor.exe ruby/tools/win64/extractor.exe
           chmod +x ruby/tools/{linux64,osx64}/{autobuilder,extractor}
           zip -rq codeql-ruby.zip ruby
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v2
         with:
           name: codeql-ruby-pack
           path: ruby/codeql-ruby.zip
           retention-days: 1
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v2
         with:
           name: codeql-ruby-queries
           path: ruby/qlpacks
@@ -161,7 +159,7 @@ jobs:
             ]
           }' > .codeqlmanifest.json
           zip -rq codeql-ruby-bundle.zip .codeqlmanifest.json ruby qlpacks
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v2
         with:
           name: codeql-ruby-bundle
           path: ruby/codeql-ruby-bundle.zip
@@ -179,7 +177,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     needs: [package]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
         with:
           repository: Shopify/example-ruby-app
           ref: 67a0decc5eb550f3a9228eda53925c3afd40dfe9
@@ -193,7 +191,7 @@ jobs:
           GITHUB_TOKEN: ${{ github.token }}
         working-directory: ${{ runner.temp }}
       - name: Download Ruby bundle
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v2
         with:
           name: codeql-ruby-bundle
           path: ${{ runner.temp }}

.github/workflows/ruby-dataset-measure.yml

@@ -27,14 +27,14 @@ jobs:
         repo: [rails/rails, discourse/discourse, spree/spree, ruby/ruby]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
 
       - uses: ./.github/actions/fetch-codeql
 
       - uses: ./ruby/actions/create-extractor-pack
 
       - name: Checkout ${{ matrix.repo }}
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
         with:
           repository: ${{ matrix.repo }}
           path: ${{ github.workspace }}/repo
@@ -49,7 +49,7 @@ jobs:
         run: |
           mkdir -p "stats/${{ matrix.repo }}"
           codeql dataset measure --threads 4 --output "stats/${{ matrix.repo }}/stats.xml" "${{ runner.temp }}/database/db-ruby"
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v2
         with:
           name: measurements
           path: stats
@@ -59,15 +59,15 @@ jobs:
     runs-on: ubuntu-latest
     needs: measure
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/download-artifact@v3
+      - uses: actions/checkout@v2
+      - uses: actions/download-artifact@v2
         with:
           name: measurements
           path: stats
       - run: |
           python -m pip install --user lxml
           find stats -name 'stats.xml' | sort | xargs python ruby/scripts/merge_stats.py --output ruby/ql/lib/ruby.dbscheme.stats --normalise ruby_tokeninfo
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v2
         with:
           name: ruby.dbscheme.stats
           path: ruby/ql/lib/ruby.dbscheme.stats

.github/workflows/ruby-qltest.yml

@@ -5,7 +5,6 @@ on:
     paths:
       - "ruby/**"
       - .github/workflows/ruby-qltest.yml
-      - codeql-workspace.yml
     branches:
       - main
       - "rc/*"
@@ -13,7 +12,6 @@ on:
     paths:
       - "ruby/**"
       - .github/workflows/ruby-qltest.yml
-      - codeql-workspace.yml
     branches:
       - main
       - "rc/*"
@@ -29,14 +27,14 @@ jobs:
   qlformat:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
       - uses: ./.github/actions/fetch-codeql
       - name: Check QL formatting
         run: find ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 codeql query format --check-only
   qlcompile:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
       - uses: ./.github/actions/fetch-codeql
       - name: Check QL compilation
         run: |
@@ -46,7 +44,7 @@ jobs:
   qlupgrade:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
       - uses: ./.github/actions/fetch-codeql
       - name: Check DB upgrade scripts
         run: |
@@ -69,7 +67,7 @@ jobs:
       matrix:
         slice: ["1/2", "2/2"]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
       - uses: ./.github/actions/fetch-codeql
       - uses: ./ruby/actions/create-extractor-pack
       - name: Run QL tests

.github/workflows/swift-codegen.yml

@@ -1,36 +0,0 @@
-name: "Swift: Check code generation"
-
-on:
-  pull_request:
-    paths:
-      - "swift/**"
-      - .github/workflows/swift-codegen.yml
-    branches:
-      - main
-
-jobs:
-  codegen:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./.github/actions/fetch-codeql
-      - uses: bazelbuild/setup-bazelisk@v2
-      - uses: actions/setup-python@v3
-      - uses: pre-commit/action@v3.0.0
-        name: Check that python code is properly formatted
-        with:
-          extra_args: autopep8 --all-files
-      - name: Run unit tests
-        run: |
-          bazel test //swift/codegen/test --test_output=errors
-      - uses: pre-commit/action@v3.0.0
-        name: Check that QL generated code was checked in
-        with:
-          extra_args: swift-codegen --all-files
-      - name: Generate C++ files
-        run: |
-          bazel run //swift/codegen:codegen -- --generate=trap,cpp --cpp-output=$PWD/swift-generated-cpp-files
-      - uses: actions/upload-artifact@v3
-        with:
-          name: swift-generated-cpp-files
-          path: swift-generated-cpp-files/**

.github/workflows/swift-integration-tests.yml

@@ -1,34 +0,0 @@
-name: "Swift: Run Integration Tests"
-
-on:
-  pull_request:
-    paths:
-      - "swift/**"
-      - .github/workflows/swift-integration-tests.yml
-      - codeql-workspace.yml
-    branches:
-      - main
-defaults:
-  run:
-    working-directory: swift
-
-jobs:
-  integration-tests:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os:
-          - ubuntu-20.04
-#          - macos-latest  TODO
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./.github/actions/fetch-codeql
-      - uses: bazelbuild/setup-bazelisk@v2
-      - uses: actions/setup-python@v3
-      - name: Build Swift extractor
-        run: |
-          bazel run //swift:create-extractor-pack
-      - name: Run integration tests
-        run: |
-          python integration-tests/runner.py

.github/workflows/swift-qltest.yml

@@ -1,40 +0,0 @@
-name: "Swift: Run QL Tests"
-
-on:
-  pull_request:
-    paths:
-      - "swift/**"
-      - .github/workflows/swift-qltest.yml
-      - codeql-workspace.yml
-    branches:
-      - main
-defaults:
-  run:
-    working-directory: swift
-
-jobs:
-  qlformat:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./.github/actions/fetch-codeql
-      - name: Check QL formatting
-        run: find ql "(" -name "*.ql" -or -name "*.qll" ")" -print0 | xargs -0 codeql query format --check-only
-  qltest:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os : [ubuntu-20.04, macos-latest]
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./.github/actions/fetch-codeql
-      - uses: bazelbuild/setup-bazelisk@v2
-      - name: Build Swift extractor
-        run: |
-          bazel run //swift:create-extractor-pack
-      - name: Run QL tests
-        run: |
-          codeql test run --threads=0 --ram 5000 --search-path "${{ github.workspace }}/swift/extractor-pack" --check-databases --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition ql/test
-        env:
-          GITHUB_TOKEN: ${{ github.token }}

.github/workflows/sync-files.yml

@@ -14,7 +14,7 @@ jobs:
   sync:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v2
       - name: Check synchronized files
         run: python config/sync-files.py
 

.github/workflows/validate-change-notes.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
 
       - name: Setup CodeQL
         uses: ./.github/actions/fetch-codeql

.gitignore

@@ -9,7 +9,6 @@
 # qltest projects and artifacts
 */ql/test/**/*.testproj
 */ql/test/**/*.actual
-*/ql/test/**/go.sum
 
 # Visual studio temporaries, except a file used by QL4VS
 .vs/*
@@ -18,12 +17,9 @@
 # Byte-compiled python files
 *.pyc
 
-# python virtual environment folder
+# python virtual environment folder 
 .venv/
 
-# binary files created by pytest-cov
-.coverage
-
 # It's useful (though not required) to be able to unpack codeql in the ql checkout itself
 /codeql/
 
@@ -33,31 +29,4 @@ csharp/extractor/Semmle.Extraction.CSharp.Driver/Properties/launchSettings.json
 .codeql
 
 # Compiled class file
-*.class
-
-# links created by bazel
-/bazel-*
-
-# local bazel options
-/local.bazelrc
-
-# CLion project files
-/.clwb
-
-# Go build artifacts
-go/build/*
-
-# Go binaries
-go/tools/bin
-go/tools/linux64
-go/tools/osx64
-go/tools/win64
-go/tools/tokenizer.jar
-go/main
-
-# node_modules folders except in the JS test suite
-node_modules/
-!/javascript/ql/test/**/node_modules/
-
-# Temporary folders for working with generated models
-.model-temp
+*.class

.lgtm.yml

@@ -6,7 +6,6 @@ path_classifiers:
   test:
   - csharp/ql/src
   - csharp/ql/test
-  - go/ql/test
   - javascript/extractor/parser-tests
   - javascript/extractor/tests
   - javascript/ql/src
@@ -14,9 +13,6 @@ path_classifiers:
   - python/ql/src
   - python/ql/test
 
-  example:
-  - go/ql/src
-
 queries:
   - include: "*"
 

.pre-commit-config.yaml

@@ -1,57 +1,29 @@
 # See https://pre-commit.com for more information
 # See https://pre-commit.com/hooks.html for more hooks
+exclude: /test/.*$(?<!\.ql)(?<!\.qll)(?<!\.qlref)
 repos:
-  - repo: https://github.com/pre-commit/pre-commit-hooks
+-   repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v3.2.0
     hooks:
-      - id: trailing-whitespace
-        exclude: /test/.*$(?<!\.ql)(?<!\.qll)(?<!\.qlref)
-      - id: end-of-file-fixer
-        exclude: /test/.*$(?<!\.ql)(?<!\.qll)(?<!\.qlref)
+    -   id: trailing-whitespace
+    -   id: end-of-file-fixer
 
-  - repo: https://github.com/pre-commit/mirrors-clang-format
-    rev: v13.0.1
+-   repo: local
     hooks:
-      - id: clang-format
-        files: ^swift/.*\.(h|c|cpp)$
-
-  - repo: https://github.com/pre-commit/mirrors-autopep8
-    rev: v1.6.0
-    hooks:
-      - id: autopep8
-        files: ^swift/codegen/.*\.py
-
-  - repo: local
-    hooks:
-      - id: codeql-format
+    -   id: codeql-format
         name: Fix QL file formatting
         files: \.qll?$
         language: system
         entry: codeql query format --in-place
 
-      - id: sync-files
+    -   id: sync-files
         name: Fix files required to be identical
-        files: \.(qll?|qhelp|swift)$
         language: system
         entry: python3 config/sync-files.py --latest
         pass_filenames: false
 
-      - id: qhelp
+    -   id: qhelp
         name: Check query help generation
         files: \.qhelp$
         language: system
         entry: python3 misc/scripts/check-qhelp.py
-
-      - id: swift-codegen
-        name: Run Swift checked in code generation
-        files: ^swift/(codegen/|.*/generated/|ql/lib/(swift\.dbscheme$|codeql/swift/elements))
-        language: system
-        entry: bazel run //swift/codegen -- --quiet
-        pass_filenames: false
-
-      - id: swift-codegen-unit-tests
-        name: Run Swift code generation unit tests
-        files: ^swift/codegen/.*\.py$
-        language: system
-        entry: bazel test //swift/codegen/test
-        pass_filenames: false

CODEOWNERS

@@ -1,13 +1,17 @@
 /cpp/ @github/codeql-c-analysis
 /csharp/ @github/codeql-csharp
-/go/ @github/codeql-go
 /java/ @github/codeql-java
 /javascript/ @github/codeql-javascript
 /python/ @github/codeql-python
 /ruby/ @github/codeql-ruby
-/swift/ @github/codeql-c
-/java/kotlin-extractor/ @github/codeql-kotlin
-/java/kotlin-explorer/ @github/codeql-kotlin
+
+# Make @xcorail (GitHub Security Lab) a code owner for experimental queries so he gets pinged when we promote a query out of experimental
+/cpp/**/experimental/**/* @github/codeql-c-analysis @xcorail
+/csharp/**/experimental/**/* @github/codeql-csharp @xcorail
+/java/**/experimental/**/* @github/codeql-java @xcorail
+/javascript/**/experimental/**/* @github/codeql-javascript @xcorail
+/python/**/experimental/**/* @github/codeql-python @xcorail
+/ruby/**/experimental/**/* @github/codeql-ruby @xcorail
 
 # ML-powered queries
 /javascript/ql/experimental/adaptivethreatmodeling/ @github/codeql-ml-powered-queries-reviewers
@@ -27,19 +31,3 @@
 
 # QL for QL reviewers
 /ql/ @github/codeql-ql-for-ql-reviewers
-
-# Bazel (excluding BUILD.bazel files)
-WORKSPACE.bazel @github/codeql-ci-reviewers
-**/*.bzl @github/codeql-ci-reviewers
-
-# Documentation etc
-/*.md @github/code-scanning-product
-/LICENSE @github/code-scanning-product
-
-# Workflows
-/.github/workflows/ @github/codeql-ci-reviewers
-/.github/workflows/go-* @github/codeql-go
-/.github/workflows/js-ml-tests.yml @github/codeql-ml-powered-queries-reviewers
-/.github/workflows/ql-for-ql-* @github/codeql-ql-for-ql-reviewers
-/.github/workflows/ruby-* @github/codeql-ruby
-/.github/workflows/swift-* @github/codeql-c

CONTRIBUTING.md

@@ -2,7 +2,7 @@
 
 We welcome contributions to our CodeQL libraries and queries. Got an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Contributions to this project are [released](https://help.github.com/articles/github-terms-of-service/#6-contributions-under-repository-license) to the public under the [project's open source license](LICENSE).
 
-There is lots of useful documentation to help you write queries, ranging from information about query file structure to tutorials for specific target languages. For more information on the documentation available, see [CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/codeql-queries) on [codeql.github.com](https://codeql.github.com).
+There is lots of useful documentation to help you write queries, ranging from information about query file structure to tutorials for specific target languages. For more information on the documentation available, see [CodeQL queries](https://help.semmle.com/QL/learn-ql/writing-queries/writing-queries.html) on [help.semmle.com](https://help.semmle.com).
 
 ## Change notes
 
@@ -40,7 +40,7 @@ If you have an idea for a query that you would like to share with other CodeQL u
 
 3. **Formatting**
 
-    - The queries and libraries must be autoformatted, for example using the "Format Document" command in [CodeQL for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/about-codeql-for-visual-studio-code).
+    - The queries and libraries must be autoformatted, for example using the "Format Document" command in [CodeQL for Visual Studio Code](https://help.semmle.com/codeql/codeql-for-vscode/procedures/about-codeql-for-vscode.html).
 
     If you prefer, you can either:
     1. install the [pre-commit framework](https://pre-commit.com/) and install the configured hooks on this repo via `pre-commit install`, or
@@ -70,7 +70,3 @@ After the experimental query is merged, we welcome pull requests to improve it.
 If you contribute to this project, we will record your name and email address (as provided by you with your contributions) as part of the code repositories, which are public. We might also use this information to contact you in relation to your contributions, as well as in the normal course of software development. We also store records of CLA agreements signed in the past, but no longer require contributors to sign a CLA. Under GDPR legislation, we do this on the basis of our legitimate interest in creating the CodeQL product.
 
 Please do get in touch (privacy@github.com) if you have any questions about this or our data protection policies.
-
-## Bazel
-Please notice that any bazel targets and definitions in this repository are currently experimental
-and for internal use only.

README.md

@@ -1,6 +1,6 @@
 # CodeQL
 
-This open source repository contains the standard CodeQL libraries and queries that power [GitHub Advanced Security](https://github.com/features/security/code) and the other application security products that [GitHub](https://github.com/features/security/) makes available to its customers worldwide.
+This open source repository contains the standard CodeQL libraries and queries that power [GitHub Advanced Security](https://github.com/features/security/code) and the other application security products that [GitHub](https://github.com/features/security/) makes available to its customers worldwide. For the queries, libraries, and extractor that power Go analysis, visit the [CodeQL for Go repository](https://github.com/github/codeql-go).
 
 ## How do I learn CodeQL and run queries?
 
@@ -13,9 +13,7 @@ We welcome contributions to our standard library and standard checks. Do you hav
 
 ## License
 
-The code in this repository is licensed under the [MIT License](LICENSE) by [GitHub](https://github.com).
-
-The CodeQL CLI (including the CodeQL engine) is hosted in a [different repository](https://github.com/github/codeql-cli-binaries) and is [licensed separately](https://github.com/github/codeql-cli-binaries/blob/main/LICENSE.md). If you'd like to use the CodeQL CLI to analyze closed-source code, you will need a separate commercial license; please [contact us](https://github.com/enterprise/contact) for further help.
+The code in this repository is licensed under the [MIT License](LICENSE) by [GitHub](https://github.com). The use of CodeQL on open source code is licensed under specific [Terms & Conditions](https://securitylab.github.com/tools/codeql/license/) UNLESS you have a commercial license in place. If you'd like to use CodeQL with a commercial codebase, please [contact us](https://github.com/enterprise/contact) for further help.
 
 ## Visual Studio Code integration
 

WORKSPACE.bazel

@@ -1,12 +0,0 @@
-# Please notice that any bazel targets and definitions in this repository are currently experimental
-# and for internal use only.
-
-workspace(name = "codeql")
-
-load("//misc/bazel:workspace.bzl", "codeql_workspace")
-
-codeql_workspace()
-
-load("//misc/bazel:workspace_deps.bzl", "codeql_workspace_deps")
-
-codeql_workspace_deps()

benjamin-button.md

@@ -0,0 +1,51 @@
+# benjamin-buttons.md
+
+This file describes the changes that have been applied to
+the library to make it behave as if it was younger.
+
+## TaintedPath.ql
+
+Sinks added between 2020-01-01 and 2020-10-06 have been removed. Found by looking at:
+
+- the commit titles of https://github.com/github/codeql/commits/main/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+sink
+
+Sinks added between 2018-08-02 and 2020-01-01 have been removed. Found by looking at:
+
+- the commit titles of https://github.com/github/codeql/commits/main/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+sink
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+pathinjection
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+tainted-path
+
+Sinks from the "graceful-fs" and "fs-extra" (added before the open-sourcing squash).
+
+## Xss.ql
+
+Sinks added between 2020-01-01 and 2020-10-06 have been removed. Found by looking at:
+
+- the commit titles of https://github.com/github/codeql/commits/main/javascript/ql/test/query-tests/Security/CWE-079/Xss.expected
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+sink
+
+- recursive type tracking for `jQuery::dollar`, `DOM::domValueRef`.
+
+## SqlInjection.ql
+
+Sinks added between 2020-01-01 and 2020-10-06 have been removed. Found by looking at:
+
+- the commit titles of https://github.com/github/codeql/commits/main/javascript/ql/test/query-tests/Security/CWE-089
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+sink
+
+Sinks added between 2018-08-02 and 2020-01-01 have been removed. Found by looking at:
+
+- the commit titles of https://github.com/github/codeql/commits/main/javascript/ql/test/query-tests/Security/CWE-089
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+sink
+- the PR titles of https://github.com/github/codeql/pulls?page=2&q=is%3Apr+label%3AJS+is%3Aclosed+sql
+
+TypeTracking in SQL.qll (added before the open-sourcing squash)
+
+The model of `mssql` and `sequelize` (added before the open-sourcing squash)
+
+## PseudoProperties
+
+Pseudo-properties (`$name$`) used in type-tracking and global dataflow configurations have been disabled.
+Found by searching for `"\$.*\$"`.

codeql-workspace.yml

@@ -1,32 +0,0 @@
-provide:
-  - "*/ql/src/qlpack.yml"
-  - "*/ql/lib/qlpack.yml"
-  - "*/ql/test/qlpack.yml"
-  - "*/ql/examples/qlpack.yml"
-  - "*/ql/consistency-queries/qlpack.yml"
-  - "cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/qlpack.yml"
-  - "go/ql/config/legacy-support/qlpack.yml"
-  - "go/build/codeql-extractor-go/codeql-extractor.yml"
-  - "javascript/ql/experimental/adaptivethreatmodeling/lib/qlpack.yml"
-  # This pack is explicitly excluded from the workspace since most users
-  # will want to use a version of this pack from the package cache. Internal
-  # users can uncomment the following line and place a custom ML model
-  # in the corresponding pack to test a custom ML model within their local
-  # checkout.
-  # - "javascript/ql/experimental/adaptivethreatmodeling/model/qlpack.yml"
-  - "javascript/ql/experimental/adaptivethreatmodeling/modelbuilding/qlpack.yml"
-  - "javascript/ql/experimental/adaptivethreatmodeling/src/qlpack.yml"
-  - "csharp/ql/campaigns/Solorigate/lib/qlpack.yml"
-  - "csharp/ql/campaigns/Solorigate/src/qlpack.yml"
-  - "csharp/ql/campaigns/Solorigate/test/qlpack.yml"
-  - "misc/legacy-support/*/qlpack.yml"
-  - "misc/suite-helpers/qlpack.yml"
-  - "ruby/extractor-pack/codeql-extractor.yml"
-  - "swift/extractor-pack/codeql-extractor.yml"
-  - "ql/extractor-pack/codeql-extractor.ym"
-
-versionPolicies:
-  default:
-    requireChangeNotes: true
-    committedPrereleaseSuffix: dev
-    committedVersion: nextPatchRelease

config/identical-files.json

@@ -22,15 +22,13 @@
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll",
-    "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplForContentDataFlow.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImpl4.qll",
     "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl.qll",
     "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForLibraries.qll",
-    "swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl.qll"
+    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplForLibraries.qll"
   ],
   "DataFlow Java/C++/C#/Python Common": [
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll",
@@ -38,8 +36,7 @@
     "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll",
-    "swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplCommon.qll"
+    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplCommon.qll"
   ],
   "TaintTracking::Configuration Java/C++/C#/Python": [
     "cpp/ql/lib/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
@@ -54,14 +51,12 @@
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
-    "java/ql/lib/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll",
     "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttrackingforlibraries/TaintTrackingImpl.qll",
-    "swift/ql/lib/codeql/swift/dataflow/internal/tainttracking1/TaintTrackingImpl.qll"
+    "ruby/ql/lib/codeql/ruby/dataflow/internal/tainttrackingforlibraries/TaintTrackingImpl.qll"
   ],
   "DataFlow Java/C++/C#/Python Consistency checks": [
     "java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll",
@@ -69,22 +64,24 @@
     "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplConsistency.qll",
     "python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplConsistency.qll",
-    "swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImplConsistency.qll"
+    "ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImplConsistency.qll"
   ],
   "DataFlow Java/C# Flow Summaries": [
     "java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll",
-    "swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll"
+    "ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll"
   ],
   "SsaReadPosition Java/C#": [
     "java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll"
   ],
-  "Model as Data Generation Java/C# - CaptureModels": [
-    "java/ql/src/utils/model-generator/internal/CaptureModels.qll",
-    "csharp/ql/src/utils/model-generator/internal/CaptureModels.qll"
+  "Model as Data Generation Java/C# - Utils": [
+    "java/ql/src/utils/model-generator/ModelGeneratorUtils.qll",
+    "csharp/ql/src/utils/model-generator/ModelGeneratorUtils.qll"
+  ],
+  "Model as Data Generation Java/C# - SummaryModels": [
+    "java/ql/src/utils/model-generator/CaptureSummaryModels.qll",
+    "csharp/ql/src/utils/model-generator/CaptureSummaryModels.qll"
   ],
   "Sign Java/C#": [
     "java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/Sign.qll",
@@ -390,9 +387,7 @@
     "csharp/ql/test/TestUtilities/InlineExpectationsTest.qll",
     "java/ql/test/TestUtilities/InlineExpectationsTest.qll",
     "python/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "ruby/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "ql/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "go/ql/test/TestUtilities/InlineExpectationsTest.qll"
+    "ruby/ql/test/TestUtilities/InlineExpectationsTest.qll"
   ],
   "C++ ExternalAPIs": [
     "cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll",
@@ -453,11 +448,11 @@
     "python/ql/src/Lexical/CommentedOutCodeReferences.inc.qhelp"
   ],
   "IDE Contextual Queries": [
-    "cpp/ql/lib/IDEContextual.qll",
-    "csharp/ql/lib/IDEContextual.qll",
-    "java/ql/lib/IDEContextual.qll",
-    "javascript/ql/lib/IDEContextual.qll",
-    "python/ql/lib/analysis/IDEContextual.qll"
+    "cpp/ql/src/IDEContextual.qll",
+    "csharp/ql/src/IDEContextual.qll",
+    "java/ql/src/IDEContextual.qll",
+    "javascript/ql/src/IDEContextual.qll",
+    "python/ql/src/analysis/IDEContextual.qll"
   ],
   "SSA C#": [
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImplCommon.qll",
@@ -465,8 +460,7 @@
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/basessa/SsaImplCommon.qll",
     "csharp/ql/lib/semmle/code/cil/internal/SsaImplCommon.qll",
     "ruby/ql/lib/codeql/ruby/dataflow/internal/SsaImplCommon.qll",
-    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll",
-    "swift/ql/lib/codeql/swift/dataflow/internal/SsaImplCommon.qll"
+    "cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImplCommon.qll"
   ],
   "CryptoAlgorithms Python/JS/Ruby": [
     "javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll",
@@ -483,23 +477,20 @@
     "python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll",
     "ruby/ql/lib/codeql/ruby/security/internal/SensitiveDataHeuristics.qll"
   ],
-  "ReDoS Util Python/JS/Ruby/Java": [
+  "ReDoS Util Python/JS/Ruby": [
     "javascript/ql/lib/semmle/javascript/security/performance/ReDoSUtil.qll",
     "python/ql/lib/semmle/python/security/performance/ReDoSUtil.qll",
-    "ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll",
-    "java/ql/lib/semmle/code/java/security/performance/ReDoSUtil.qll"
+    "ruby/ql/lib/codeql/ruby/security/performance/ReDoSUtil.qll"
   ],
-  "ReDoS Exponential Python/JS/Ruby/Java": [
+  "ReDoS Exponential Python/JS/Ruby": [
     "javascript/ql/lib/semmle/javascript/security/performance/ExponentialBackTracking.qll",
     "python/ql/lib/semmle/python/security/performance/ExponentialBackTracking.qll",
-    "ruby/ql/lib/codeql/ruby/security/performance/ExponentialBackTracking.qll",
-    "java/ql/lib/semmle/code/java/security/performance/ExponentialBackTracking.qll"
+    "ruby/ql/lib/codeql/ruby/security/performance/ExponentialBackTracking.qll"
   ],
-  "ReDoS Polynomial Python/JS/Ruby/Java": [
+  "ReDoS Polynomial Python/JS/Ruby": [
     "javascript/ql/lib/semmle/javascript/security/performance/SuperlinearBackTracking.qll",
     "python/ql/lib/semmle/python/security/performance/SuperlinearBackTracking.qll",
-    "ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll",
-    "java/ql/lib/semmle/code/java/security/performance/SuperlinearBackTracking.qll"
+    "ruby/ql/lib/codeql/ruby/security/performance/SuperlinearBackTracking.qll"
   ],
   "BadTagFilterQuery Python/JS/Ruby": [
     "javascript/ql/lib/semmle/javascript/security/BadTagFilterQuery.qll",
@@ -508,8 +499,7 @@
   ],
   "CFG": [
     "csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll",
-    "ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll",
-    "swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImplShared.qll"
+    "ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImplShared.qll"
   ],
   "TypeTracker": [
     "python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll",
@@ -527,18 +517,7 @@
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/AccessPathSyntax.qll",
     "java/ql/lib/semmle/code/java/dataflow/internal/AccessPathSyntax.qll",
     "javascript/ql/lib/semmle/javascript/frameworks/data/internal/AccessPathSyntax.qll",
-    "ruby/ql/lib/codeql/ruby/dataflow/internal/AccessPathSyntax.qll",
-    "python/ql/lib/semmle/python/frameworks/data/internal/AccessPathSyntax.qll",
-    "swift/ql/lib/codeql/swift/dataflow/internal/AccessPathSyntax.qll"
-  ],
-  "IncompleteUrlSubstringSanitization": [
-    "javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll",
-    "ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll"
-  ],
-  "Concepts Python/Ruby/JS": [
-    "python/ql/lib/semmle/python/internal/ConceptsShared.qll",
-    "ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll",
-    "javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll"
+    "ruby/ql/lib/codeql/ruby/dataflow/internal/AccessPathSyntax.qll"
   ],
   "Hostname Regexp queries": [
     "javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll",
@@ -547,8 +526,7 @@
   ],
   "ApiGraphModels": [
     "javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll",
-    "ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll",
-    "python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll"
+    "ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll"
   ],
   "TaintedFormatStringQuery Ruby/JS": [
     "javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll",
@@ -565,25 +543,5 @@
   "HttpToFileAccessCustomizations JS/Ruby": [
     "javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessCustomizations.qll",
     "ruby/ql/lib/codeql/ruby/security/HttpToFileAccessCustomizations.qll"
-  ],
-  "Typo database": [
-    "javascript/ql/src/Expressions/TypoDatabase.qll",
-    "ql/ql/src/codeql_ql/style/TypoDatabase.qll"
-  ],
-  "Swift declarations test file": [
-    "swift/ql/test/extractor-tests/declarations/declarations.swift",
-    "swift/ql/test/library-tests/parent/declarations.swift"
-  ],
-  "Swift statements test file": [
-    "swift/ql/test/extractor-tests/statements/statements.swift",
-    "swift/ql/test/library-tests/parent/statements.swift"
-  ],
-  "Swift expressions test file": [
-    "swift/ql/test/extractor-tests/expressions/expressions.swift",
-    "swift/ql/test/library-tests/parent/expressions.swift"
-  ],
-  "Swift patterns test file": [
-    "swift/ql/test/extractor-tests/patterns/patterns.swift",
-    "swift/ql/test/library-tests/parent/patterns.swift"
   ]
-}
+}

conftest.py

@@ -1 +0,0 @@
-# this empty file adds the repo root to PYTHON_PATH when running pytest

cpp/BUILD.bazel

@@ -1,17 +0,0 @@
-package(default_visibility = ["//visibility:public"])
-
-load("@rules_pkg//:mappings.bzl", "pkg_filegroup")
-
-alias(
-    name = "dbscheme",
-    actual = "//cpp/ql/lib:dbscheme",
-)
-
-pkg_filegroup(
-    name = "db-files",
-    srcs = [
-        ":dbscheme",
-        "//cpp/downgrades",
-        "//cpp/ql/lib:dbscheme-stats",
-    ],
-)

cpp/downgrades/19e31bf071f588bb7efd1e4d5a185ce4f6fbbd84/upgrade.properties

@@ -1,3 +0,0 @@
-description: Add relation for tracking C++ braced initializers
-compatibility: full
-braced_initialisers.rel: delete

cpp/downgrades/BUILD.bazel

@@ -1,12 +0,0 @@
-load("@rules_pkg//:mappings.bzl", "pkg_files", "strip_prefix")
-
-pkg_files(
-    name = "downgrades",
-    srcs = glob(
-        ["**"],
-        exclude = ["BUILD.bazel"],
-    ),
-    prefix = "cpp/downgrades",
-    strip_prefix = strip_prefix.from_pkg(),
-    visibility = ["//cpp:__pkg__"],
-)

cpp/downgrades/cf72c8898d19eb1b3374432cf79d8276cb07ad43/exprparents.ql

@@ -1,21 +0,0 @@
-class Element extends @element {
-  string toString() { none() }
-}
-
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-class Stmt extends @stmt {
-  string toString() { none() }
-}
-
-predicate isStmtWithInitializer(Stmt stmt) {
-  exists(int kind | stmts(stmt, kind, _) | kind = 2 or kind = 11 or kind = 35)
-}
-
-from Expr child, int index, int index_new, Element parent
-where
-  exprparents(child, index, parent) and
-  if isStmtWithInitializer(parent) then index_new = index - 1 else index_new = index
-select child, index_new, parent

cpp/downgrades/cf72c8898d19eb1b3374432cf79d8276cb07ad43/stmtparents.ql

@@ -1,22 +0,0 @@
-class Element extends @element {
-  string toString() { none() }
-}
-
-class Stmt extends @stmt {
-  string toString() { none() }
-}
-
-predicate isStmtWithInitializer(Stmt stmt) {
-  exists(int kind | stmts(stmt, kind, _) | kind = 2 or kind = 11 or kind = 35)
-}
-
-from Stmt child, int index, int index_new, Element parent
-where
-  stmtparents(child, index, parent) and
-  (
-    not isStmtWithInitializer(parent)
-    or
-    index > 0
-  ) and
-  if isStmtWithInitializer(parent) then index_new = index - 1 else index_new = index
-select child, index_new, parent

cpp/downgrades/cf72c8898d19eb1b3374432cf79d8276cb07ad43/upgrade.properties

@@ -1,6 +0,0 @@
-description: Support C++17 if and switch initializers
-compatibility: partial
-if_initialization.rel: delete
-switch_initialization.rel: delete
-exprparents.rel: run exprparents.qlo
-stmtparents.rel: run stmtparents.qlo

cpp/ql/lib/BUILD.bazel

@@ -1,15 +0,0 @@
-package(default_visibility = ["//cpp:__pkg__"])
-
-load("@rules_pkg//:mappings.bzl", "pkg_files")
-
-pkg_files(
-    name = "dbscheme",
-    srcs = ["semmlecode.cpp.dbscheme"],
-    prefix = "cpp",
-)
-
-pkg_files(
-    name = "dbscheme-stats",
-    srcs = ["semmlecode.cpp.dbscheme.stats"],
-    prefix = "cpp",
-)

cpp/ql/lib/CHANGELOG.md

@@ -1,85 +1,3 @@
-## 0.3.1
-
-### Minor Analysis Improvements
-
-* `AnalysedExpr::isNullCheck` and `AnalysedExpr::isValidCheck` have been updated to handle variable accesses on the left-hand side of the C++ logical "and", and variable declarations in conditions.
-
-## 0.3.0
-
-### Deprecated APIs
-
-* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
-
-### Bug Fixes
-
-* `UserType.getADeclarationEntry()` now yields all forward declarations when the user type is a `class`, `struct`, or `union`.
-
-## 0.2.3
-
-### New Features
-
-* An `isBraced` predicate was added to the `Initializer` class which holds when a C++ braced initializer was used in the initialization.
-
-## 0.2.2
-
-### Deprecated APIs
-
- * The `AnalysedString` class in the `StringAnalysis` module has been replaced with `AnalyzedString`, to follow our style guide. The old name still exists as a deprecated alias.
-
-### New Features
-
-* A `getInitialization` predicate was added to the `ConstexprIfStmt`, `IfStmt`, and `SwitchStmt` classes that yields the C++17-style initializer of the `if` or `switch` statement when it exists.
-
-## 0.2.1
-
-## 0.2.0
-
-### Breaking Changes
-
-* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
-
-### Minor Analysis Improvements
-
-* More Windows pool allocation functions are now detected as `AllocationFunction`s.
-* The `semmle.code.cpp.commons.Buffer` library has been enhanced to handle array members of classes that do not specify a size.
-
-## 0.1.0
-
-### Breaking Changes
-
-* The recently added flow-state versions of `isBarrierIn`, `isBarrierOut`, `isSanitizerIn`, and `isSanitizerOut` in the data flow and taint tracking libraries have been removed.
-
-### New Features
-
-* A new library `semmle.code.cpp.security.PrivateData` has been added. The new library heuristically detects variables and functions dealing with sensitive private data, such as e-mail addresses and credit card numbers.
-
-### Minor Analysis Improvements
-
-* The `semmle.code.cpp.security.SensitiveExprs` library has been enhanced with some additional rules for detecting credentials.
-
-## 0.0.13
-
-## 0.0.12
-
-### Breaking Changes
-
-* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
-
-### Deprecated APIs
-
-* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. 
-  The old name still exists as a deprecated alias.
-
-### New Features
-
-* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
-
-### Minor Analysis Improvements
-
-* `DefaultOptions::exits` now holds for C11 functions with the `_Noreturn` or `noreturn` specifier.
-* `hasImplicitCopyConstructor` and `hasImplicitCopyAssignmentOperator` now correctly handle implicitly-deleted operators in templates.
-* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.
-
 ## 0.0.11
 
 ### Minor Analysis Improvements

cpp/ql/lib/change-notes/2022-02-07-deleted-deprecations.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.

cpp/ql/lib/change-notes/2022-02-07-deprecated-acronyms.md

@@ -0,0 +1,5 @@
+---
+category: deprecated
+---
+* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. 
+  The old name still exists as a deprecated alias.

cpp/ql/lib/change-notes/2022-03-10-template-implicit-copy.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* `hasImplicitCopyConstructor` and `hasImplicitCopyAssignmentOperator` now correctly handle implicitly-deleted operators in templates.

cpp/ql/lib/change-notes/2022-03-14-c11-noreturn.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* `DefaultOptions::exits` now holds for C11 functions with the `_Noreturn` or `noreturn` specifier.

cpp/ql/lib/change-notes/2022-03-14-flow-state-barriers.md

@@ -0,0 +1,4 @@
+---
+category: feature
+---
+* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.

cpp/ql/lib/change-notes/2022-03-14-taint-interface-cleanup.md

@@ -0,0 +1,4 @@
+---
+category: breaking
+---
+* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.

cpp/ql/lib/change-notes/2022-06-24-unique-variable.md

@@ -1,4 +0,0 @@
----
-category: fix
----
-* Under certain circumstances a variable declaration that is not also a definition could be associated with a `Variable` that did not have the definition as a `VariableDeclarationEntry`. This is now fixed, and a unique `Variable` will exist that has both the declaration and the definition as a `VariableDeclarationEntry`.

cpp/ql/lib/change-notes/released/0.0.12.md

@@ -1,20 +0,0 @@
-## 0.0.12
-
-### Breaking Changes
-
-* The flow state variants of `isBarrier` and `isAdditionalFlowStep` are no longer exposed in the taint tracking library. The `isSanitizer` and `isAdditionalTaintStep` predicates should be used instead.
-
-### Deprecated APIs
-
-* Many classes/predicates/modules that had upper-case acronyms have been renamed to follow our style-guide. 
-  The old name still exists as a deprecated alias.
-
-### New Features
-
-* The data flow and taint tracking libraries have been extended with versions of `isBarrierIn`, `isBarrierOut`, and `isBarrierGuard`, respectively `isSanitizerIn`, `isSanitizerOut`, and `isSanitizerGuard`, that support flow states.
-
-### Minor Analysis Improvements
-
-* `DefaultOptions::exits` now holds for C11 functions with the `_Noreturn` or `noreturn` specifier.
-* `hasImplicitCopyConstructor` and `hasImplicitCopyAssignmentOperator` now correctly handle implicitly-deleted operators in templates.
-* All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted.

cpp/ql/lib/change-notes/released/0.0.13.md

@@ -1 +0,0 @@
-## 0.0.13

cpp/ql/lib/change-notes/released/0.1.0.md

@@ -1,13 +0,0 @@
-## 0.1.0
-
-### Breaking Changes
-
-* The recently added flow-state versions of `isBarrierIn`, `isBarrierOut`, `isSanitizerIn`, and `isSanitizerOut` in the data flow and taint tracking libraries have been removed.
-
-### New Features
-
-* A new library `semmle.code.cpp.security.PrivateData` has been added. The new library heuristically detects variables and functions dealing with sensitive private data, such as e-mail addresses and credit card numbers.
-
-### Minor Analysis Improvements
-
-* The `semmle.code.cpp.security.SensitiveExprs` library has been enhanced with some additional rules for detecting credentials.

cpp/ql/lib/change-notes/released/0.2.0.md

@@ -1,10 +0,0 @@
-## 0.2.0
-
-### Breaking Changes
-
-* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
-
-### Minor Analysis Improvements
-
-* More Windows pool allocation functions are now detected as `AllocationFunction`s.
-* The `semmle.code.cpp.commons.Buffer` library has been enhanced to handle array members of classes that do not specify a size.

cpp/ql/lib/change-notes/released/0.2.1.md

@@ -1 +0,0 @@
-## 0.2.1

cpp/ql/lib/change-notes/released/0.2.2.md

@@ -1,9 +0,0 @@
-## 0.2.2
-
-### Deprecated APIs
-
- * The `AnalysedString` class in the `StringAnalysis` module has been replaced with `AnalyzedString`, to follow our style guide. The old name still exists as a deprecated alias.
-
-### New Features
-
-* A `getInitialization` predicate was added to the `ConstexprIfStmt`, `IfStmt`, and `SwitchStmt` classes that yields the C++17-style initializer of the `if` or `switch` statement when it exists.

cpp/ql/lib/change-notes/released/0.2.3.md

@@ -1,5 +0,0 @@
-## 0.2.3
-
-### New Features
-
-* An `isBraced` predicate was added to the `Initializer` class which holds when a C++ braced initializer was used in the initialization.

cpp/ql/lib/change-notes/released/0.3.0.md

@@ -1,9 +0,0 @@
-## 0.3.0
-
-### Deprecated APIs
-
-* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
-
-### Bug Fixes
-
-* `UserType.getADeclarationEntry()` now yields all forward declarations when the user type is a `class`, `struct`, or `union`.

cpp/ql/lib/change-notes/released/0.3.1.md

@@ -1,5 +0,0 @@
-## 0.3.1
-
-### Minor Analysis Improvements
-
-* `AnalysedExpr::isNullCheck` and `AnalysedExpr::isValidCheck` have been updated to handle variable accesses on the left-hand side of the C++ logical "and", and variable declarations in conditions.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.1
+lastReleaseVersion: 0.0.11

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateCleartextWrite.qll

@@ -4,7 +4,7 @@
 
 import cpp
 import semmle.code.cpp.dataflow.TaintTracking
-import semmle.code.cpp.security.PrivateData
+import experimental.semmle.code.cpp.security.PrivateData
 import semmle.code.cpp.security.FileWrite
 import semmle.code.cpp.security.BufferWrite
 

cpp/ql/lib/experimental/semmle/code/cpp/security/PrivateData.qll

@@ -0,0 +1,52 @@
+/**
+ * Provides classes and predicates for identifying private data and functions for security.
+ *
+ * 'Private' data in general is anything that would compromise user privacy if exposed. This
+ * library tries to guess where private data may either be stored in a variable or produced by a
+ * function.
+ *
+ * This library is not concerned with credentials. See `SensitiveActions` for expressions related
+ * to credentials.
+ */
+
+import cpp
+
+/** A string for `match` that identifies strings that look like they represent private data. */
+private string privateNames() {
+  result =
+    [
+      // Inspired by the list on https://cwe.mitre.org/data/definitions/359.html
+      // Government identifiers, such as Social Security Numbers
+      "%social%security%number%",
+      // Contact information, such as home addresses and telephone numbers
+      "%postcode%", "%zipcode%",
+      // result = "%telephone%" or
+      // Geographic location - where the user is (or was)
+      "%latitude%", "%longitude%",
+      // Financial data - such as credit card numbers, salary, bank accounts, and debts
+      "%creditcard%", "%salary%", "%bankaccount%",
+      // Communications - e-mail addresses, private e-mail messages, SMS text messages, chat logs, etc.
+      // result = "%email%" or
+      // result = "%mobile%" or
+      "%employer%",
+      // Health - medical conditions, insurance status, prescription records
+      "%medical%"
+    ]
+}
+
+/** An expression that might contain private data. */
+abstract class PrivateDataExpr extends Expr { }
+
+/** A functiond call that might produce private data. */
+class PrivateFunctionCall extends PrivateDataExpr, FunctionCall {
+  PrivateFunctionCall() {
+    exists(string s | this.getTarget().getName().toLowerCase() = s | s.matches(privateNames()))
+  }
+}
+
+/** An access to a variable that might contain private data. */
+class PrivateVariableAccess extends PrivateDataExpr, VariableAccess {
+  PrivateVariableAccess() {
+    exists(string s | this.getTarget().getName().toLowerCase() = s | s.matches(privateNames()))
+  }
+}

cpp/ql/lib/experimental/semmle/code/cpp/semantic/Semantic.qll

@@ -1,7 +0,0 @@
-import SemanticExpr
-import SemanticBound
-import SemanticSSA
-import SemanticGuard
-import SemanticCFG
-import SemanticType
-import SemanticOpcode

cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticBound.qll

@@ -1,42 +0,0 @@
-/**
- * Semantic wrapper around the language-specific bounds library.
- */
-
-private import SemanticExpr
-private import SemanticExprSpecific::SemanticExprConfig as Specific
-private import SemanticSSA
-
-/**
- * A valid base for an expression bound.
- *
- * Can be either a variable (`SemSsaBound`) or zero (`SemZeroBound`).
- */
-class SemBound instanceof Specific::Bound {
-  final string toString() { result = super.toString() }
-
-  final SemExpr getExpr(int delta) { result = Specific::getBoundExpr(this, delta) }
-}
-
-/**
- * A bound that is a constant zero.
- */
-class SemZeroBound extends SemBound {
-  SemZeroBound() { Specific::zeroBound(this) }
-}
-
-/**
- * A bound that is an SSA definition.
- */
-class SemSsaBound extends SemBound {
-  /**
-   * The variables whose value is used as the bound.
-   *
-   * Can be multi-valued in some implementations. If so, all variables will be equivalent.
-   */
-  SemSsaVariable var;
-
-  SemSsaBound() { Specific::ssaBound(this, var) }
-
-  /** Gets a variable whose value is used as the bound. */
-  final SemSsaVariable getAVariable() { result = var }
-}

cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticCFG.qll

@@ -1,22 +0,0 @@
-/**
- * Semantic interface to the control flow graph.
- */
-
-private import Semantic
-private import SemanticExprSpecific::SemanticExprConfig as Specific
-
-/**
- * A basic block in the control-flow graph.
- */
-class SemBasicBlock extends Specific::BasicBlock {
-  /** Holds if this block (transitively) dominates `otherblock`. */
-  final predicate bbDominates(SemBasicBlock otherBlock) { Specific::bbDominates(this, otherBlock) }
-
-  /** Holds if this block has dominance information. */
-  final predicate hasDominanceInformation() { Specific::hasDominanceInformation(this) }
-
-  /** Gets an expression that is evaluated in this basic block. */
-  final SemExpr getAnExpr() { result.getBasicBlock() = this }
-
-  final int getUniqueId() { result = Specific::getBasicBlockUniqueId(this) }
-}

cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticExpr.qll

@@ -1,309 +0,0 @@
-/**
- * Semantic interface for expressions.
- */
-
-private import Semantic
-private import SemanticExprSpecific::SemanticExprConfig as Specific
-
-/**
- * An language-neutral expression.
- *
- * The expression computes a value of type `getSemType()`. The actual computation is determined by
- * the expression's opcode (`getOpcode()`).
- */
-class SemExpr instanceof Specific::Expr {
-  final string toString() { result = super.toString() }
-
-  final Specific::Location getLocation() { result = super.getLocation() }
-
-  Opcode getOpcode() { result instanceof Opcode::Unknown }
-
-  SemType getSemType() { result = Specific::getUnknownExprType(this) }
-
-  final SemBasicBlock getBasicBlock() { result = Specific::getExprBasicBlock(this) }
-}
-
-/** An expression with an opcode other than `Unknown`. */
-abstract private class SemKnownExpr extends SemExpr {
-  Opcode opcode;
-  SemType type;
-
-  final override Opcode getOpcode() { result = opcode }
-
-  final override SemType getSemType() { result = type }
-}
-
-/** An expression that returns a literal value. */
-class SemLiteralExpr extends SemKnownExpr {
-  SemLiteralExpr() {
-    Specific::integerLiteral(this, type, _) and opcode instanceof Opcode::Constant
-    or
-    Specific::largeIntegerLiteral(this, type, _) and opcode instanceof Opcode::Constant
-    or
-    Specific::booleanLiteral(this, type, _) and opcode instanceof Opcode::Constant
-    or
-    Specific::floatingPointLiteral(this, type, _) and opcode instanceof Opcode::Constant
-    or
-    Specific::nullLiteral(this, type) and opcode instanceof Opcode::Constant
-    or
-    Specific::stringLiteral(this, type, _) and opcode instanceof Opcode::StringConstant
-  }
-}
-
-/** An expression that returns a numeric literal value. */
-class SemNumericLiteralExpr extends SemLiteralExpr {
-  SemNumericLiteralExpr() {
-    Specific::integerLiteral(this, _, _)
-    or
-    Specific::largeIntegerLiteral(this, _, _)
-    or
-    Specific::floatingPointLiteral(this, _, _)
-  }
-
-  /**
-   * Gets an approximation of the value of the literal, as a `float`.
-   *
-   * If the value can be precisely represented as a `float`, the result will be exact. If the actual
-   * value cannot be precisely represented (for example, it is an integer with more than 53
-   * significant bits), then the result is an approximation.
-   */
-  float getApproximateFloatValue() { none() }
-}
-
-/** An expression that returns an integer literal value. */
-class SemIntegerLiteralExpr extends SemNumericLiteralExpr {
-  SemIntegerLiteralExpr() {
-    Specific::integerLiteral(this, _, _)
-    or
-    Specific::largeIntegerLiteral(this, _, _)
-  }
-
-  /**
-   * Gets the value of the literal, if it can be represented as an `int`.
-   *
-   * If the value is outside the range of an `int`, use `getApproximateFloatValue()` to get a value
-   * that is equal to the actual integer value, within rounding error.
-   */
-  final int getIntValue() { Specific::integerLiteral(this, _, result) }
-
-  final override float getApproximateFloatValue() {
-    result = getIntValue()
-    or
-    Specific::largeIntegerLiteral(this, _, result)
-  }
-}
-
-/**
- * An expression that returns a floating-point literal value.
- */
-class SemFloatingPointLiteralExpr extends SemNumericLiteralExpr {
-  float value;
-
-  SemFloatingPointLiteralExpr() { Specific::floatingPointLiteral(this, _, value) }
-
-  final override float getApproximateFloatValue() { result = value }
-
-  /** Gets the value of the literal. */
-  final float getFloatValue() { result = value }
-}
-
-/**
- * An expression that consumes two operands.
- */
-class SemBinaryExpr extends SemKnownExpr {
-  SemExpr leftOperand;
-  SemExpr rightOperand;
-
-  SemBinaryExpr() { Specific::binaryExpr(this, opcode, type, leftOperand, rightOperand) }
-
-  /** Gets the left operand. */
-  final SemExpr getLeftOperand() { result = leftOperand }
-
-  /** Gets the right operand. */
-  final SemExpr getRightOperand() { result = rightOperand }
-
-  /** Holds if `a` and `b` are the two operands, in either order. */
-  final predicate hasOperands(SemExpr a, SemExpr b) {
-    a = getLeftOperand() and b = getRightOperand()
-    or
-    a = getRightOperand() and b = getLeftOperand()
-  }
-
-  /** Gets the two operands. */
-  final SemExpr getAnOperand() { result = getLeftOperand() or result = getRightOperand() }
-}
-
-/** An expression that performs and ordered comparison of two operands. */
-class SemRelationalExpr extends SemBinaryExpr {
-  SemRelationalExpr() {
-    opcode instanceof Opcode::CompareLT
-    or
-    opcode instanceof Opcode::CompareLE
-    or
-    opcode instanceof Opcode::CompareGT
-    or
-    opcode instanceof Opcode::CompareGE
-  }
-
-  /**
-   * Get the operand that will be less than the other operand if the result of the comparison is
-   * `true`.
-   *
-   * For `x < y` or `x <= y`, this will return `x`.
-   * For `x > y` or `x >= y`, this will return `y`.`
-   */
-  final SemExpr getLesserOperand() {
-    if opcode instanceof Opcode::CompareLT or opcode instanceof Opcode::CompareLE
-    then result = getLeftOperand()
-    else result = getRightOperand()
-  }
-
-  /**
-   * Get the operand that will be greater than the other operand if the result of the comparison is
-   * `true`.
-   *
-   * For `x < y` or `x <= y`, this will return `y`.
-   * For `x > y` or `x >= y`, this will return `x`.`
-   */
-  final SemExpr getGreaterOperand() {
-    if opcode instanceof Opcode::CompareGT or opcode instanceof Opcode::CompareGE
-    then result = getLeftOperand()
-    else result = getRightOperand()
-  }
-
-  /** Holds if this comparison returns `false` if the two operands are equal. */
-  final predicate isStrict() {
-    opcode instanceof Opcode::CompareLT or opcode instanceof Opcode::CompareGT
-  }
-}
-
-class SemAddExpr extends SemBinaryExpr {
-  SemAddExpr() { opcode instanceof Opcode::Add }
-}
-
-class SemSubExpr extends SemBinaryExpr {
-  SemSubExpr() { opcode instanceof Opcode::Sub }
-}
-
-class SemMulExpr extends SemBinaryExpr {
-  SemMulExpr() { opcode instanceof Opcode::Mul }
-}
-
-class SemDivExpr extends SemBinaryExpr {
-  SemDivExpr() { opcode instanceof Opcode::Div }
-}
-
-class SemRemExpr extends SemBinaryExpr {
-  SemRemExpr() { opcode instanceof Opcode::Rem }
-}
-
-class SemShiftLeftExpr extends SemBinaryExpr {
-  SemShiftLeftExpr() { opcode instanceof Opcode::ShiftLeft }
-}
-
-class SemShiftRightExpr extends SemBinaryExpr {
-  SemShiftRightExpr() { opcode instanceof Opcode::ShiftRight }
-}
-
-class SemShiftRightUnsignedExpr extends SemBinaryExpr {
-  SemShiftRightUnsignedExpr() { opcode instanceof Opcode::ShiftRightUnsigned }
-}
-
-class SemBitAndExpr extends SemBinaryExpr {
-  SemBitAndExpr() { opcode instanceof Opcode::BitAnd }
-}
-
-class SemBitOrExpr extends SemBinaryExpr {
-  SemBitOrExpr() { opcode instanceof Opcode::BitOr }
-}
-
-class SemBitXorExpr extends SemBinaryExpr {
-  SemBitXorExpr() { opcode instanceof Opcode::BitXor }
-}
-
-class SemUnaryExpr extends SemKnownExpr {
-  SemExpr operand;
-
-  SemUnaryExpr() { Specific::unaryExpr(this, opcode, type, operand) }
-
-  final SemExpr getOperand() { result = operand }
-}
-
-class SemBoxExpr extends SemUnaryExpr {
-  SemBoxExpr() { opcode instanceof Opcode::Box }
-}
-
-class SemUnboxExpr extends SemUnaryExpr {
-  SemUnboxExpr() { opcode instanceof Opcode::Unbox }
-}
-
-class SemConvertExpr extends SemUnaryExpr {
-  SemConvertExpr() { opcode instanceof Opcode::Convert }
-}
-
-class SemCopyValueExpr extends SemUnaryExpr {
-  SemCopyValueExpr() { opcode instanceof Opcode::CopyValue }
-}
-
-class SemNegateExpr extends SemUnaryExpr {
-  SemNegateExpr() { opcode instanceof Opcode::Negate }
-}
-
-class SemBitComplementExpr extends SemUnaryExpr {
-  SemBitComplementExpr() { opcode instanceof Opcode::BitComplement }
-}
-
-class SemLogicalNotExpr extends SemUnaryExpr {
-  SemLogicalNotExpr() { opcode instanceof Opcode::LogicalNot }
-}
-
-class SemAddOneExpr extends SemUnaryExpr {
-  SemAddOneExpr() { opcode instanceof Opcode::AddOne }
-}
-
-class SemSubOneExpr extends SemUnaryExpr {
-  SemSubOneExpr() { opcode instanceof Opcode::SubOne }
-}
-
-private class SemNullaryExpr extends SemKnownExpr {
-  SemNullaryExpr() { Specific::nullaryExpr(this, opcode, type) }
-}
-
-class SemInitializeParameterExpr extends SemNullaryExpr {
-  SemInitializeParameterExpr() { opcode instanceof Opcode::InitializeParameter }
-}
-
-class SemLoadExpr extends SemNullaryExpr {
-  SemLoadExpr() { opcode instanceof Opcode::Load }
-
-  final SemSsaVariable getDef() { result.getAUse() = this }
-}
-
-class SemSsaLoadExpr extends SemLoadExpr {
-  SemSsaLoadExpr() { exists(getDef()) }
-}
-
-class SemNonSsaLoadExpr extends SemLoadExpr {
-  SemNonSsaLoadExpr() { not exists(getDef()) }
-}
-
-class SemStoreExpr extends SemUnaryExpr {
-  SemStoreExpr() { opcode instanceof Opcode::Store }
-}
-
-class SemConditionalExpr extends SemKnownExpr {
-  SemExpr condition;
-  SemExpr trueResult;
-  SemExpr falseResult;
-
-  SemConditionalExpr() {
-    opcode instanceof Opcode::Conditional and
-    Specific::conditionalExpr(this, type, condition, trueResult, falseResult)
-  }
-
-  final SemExpr getBranchExpr(boolean branch) {
-    branch = true and result = trueResult
-    or
-    branch = false and result = falseResult
-  }
-}

cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticExprSpecific.qll

@@ -1,297 +0,0 @@
-/**
- * C++-specific implementation of the semantic interface.
- */
-
-private import cpp as Cpp
-private import semmle.code.cpp.ir.IR as IR
-private import Semantic
-private import experimental.semmle.code.cpp.rangeanalysis.Bound as IRBound
-private import semmle.code.cpp.controlflow.IRGuards as IRGuards
-
-module SemanticExprConfig {
-  class Location = Cpp::Location;
-
-  class Expr = IR::Instruction;
-
-  SemBasicBlock getExprBasicBlock(Expr e) { result = getSemanticBasicBlock(e.getBlock()) }
-
-  private predicate anyConstantExpr(Expr expr, SemType type, string value) {
-    exists(IR::ConstantInstruction instr | instr = expr |
-      type = getSemanticType(instr.getResultIRType()) and
-      value = instr.getValue()
-    )
-  }
-
-  predicate integerLiteral(Expr expr, SemIntegerType type, int value) {
-    exists(string valueString |
-      anyConstantExpr(expr, type, valueString) and
-      value = valueString.toInt()
-    )
-  }
-
-  predicate largeIntegerLiteral(Expr expr, SemIntegerType type, float approximateFloatValue) {
-    exists(string valueString |
-      anyConstantExpr(expr, type, valueString) and
-      not exists(valueString.toInt()) and
-      approximateFloatValue = valueString.toFloat()
-    )
-  }
-
-  predicate floatingPointLiteral(Expr expr, SemFloatingPointType type, float value) {
-    exists(string valueString |
-      anyConstantExpr(expr, type, valueString) and value = valueString.toFloat()
-    )
-  }
-
-  predicate booleanLiteral(Expr expr, SemBooleanType type, boolean value) {
-    exists(string valueString |
-      anyConstantExpr(expr, type, valueString) and
-      (
-        valueString = "true" and value = true
-        or
-        valueString = "false" and value = false
-      )
-    )
-  }
-
-  predicate nullLiteral(Expr expr, SemAddressType type) { anyConstantExpr(expr, type, _) }
-
-  predicate stringLiteral(Expr expr, SemType type, string value) {
-    anyConstantExpr(expr, type, value) and expr instanceof IR::StringConstantInstruction
-  }
-
-  predicate binaryExpr(Expr expr, Opcode opcode, SemType type, Expr leftOperand, Expr rightOperand) {
-    exists(IR::BinaryInstruction instr | instr = expr |
-      type = getSemanticType(instr.getResultIRType()) and
-      leftOperand = instr.getLeft() and
-      rightOperand = instr.getRight() and
-      // REVIEW: Merge the two `Opcode` types.
-      opcode.toString() = instr.getOpcode().toString()
-    )
-  }
-
-  predicate unaryExpr(Expr expr, Opcode opcode, SemType type, Expr operand) {
-    type = getSemanticType(expr.getResultIRType()) and
-    (
-      exists(IR::UnaryInstruction instr | instr = expr |
-        operand = instr.getUnary() and
-        // REVIEW: Merge the two operand types.
-        opcode.toString() = instr.getOpcode().toString()
-      )
-      or
-      exists(IR::StoreInstruction instr | instr = expr |
-        operand = instr.getSourceValue() and
-        opcode instanceof Opcode::Store
-      )
-    )
-  }
-
-  predicate nullaryExpr(Expr expr, Opcode opcode, SemType type) {
-    type = getSemanticType(expr.getResultIRType()) and
-    (
-      expr instanceof IR::LoadInstruction and opcode instanceof Opcode::Load
-      or
-      expr instanceof IR::InitializeParameterInstruction and
-      opcode instanceof Opcode::InitializeParameter
-    )
-  }
-
-  predicate conditionalExpr(
-    Expr expr, SemType type, Expr condition, Expr trueResult, Expr falseResult
-  ) {
-    none()
-  }
-
-  SemType getUnknownExprType(Expr expr) { result = getSemanticType(expr.getResultIRType()) }
-
-  class BasicBlock = IR::IRBlock;
-
-  predicate bbDominates(BasicBlock dominator, BasicBlock dominated) {
-    dominator.dominates(dominated)
-  }
-
-  predicate hasDominanceInformation(BasicBlock block) { any() }
-
-  int getBasicBlockUniqueId(BasicBlock block) {
-    // REVIEW: `getDisplayIndex()` is not intended for use in real queries, but for now it's the
-    // best we can do because `equivalentRelation` won't accept a predicate whose parameters are IPA
-    // types.
-    result = block.getDisplayIndex()
-  }
-
-  class SsaVariable instanceof IR::Instruction {
-    SsaVariable() { super.hasMemoryResult() }
-
-    final string toString() { result = super.toString() }
-
-    final Location getLocation() { result = super.getLocation() }
-  }
-
-  predicate explicitUpdate(SsaVariable v, Expr sourceExpr) { v = sourceExpr }
-
-  predicate phi(SsaVariable v) { v instanceof IR::PhiInstruction }
-
-  SsaVariable getAPhiInput(SsaVariable v) { result = v.(IR::PhiInstruction).getAnInput() }
-
-  Expr getAUse(SsaVariable v) { result.(IR::LoadInstruction).getSourceValue() = v }
-
-  SemType getSsaVariableType(SsaVariable v) {
-    result = getSemanticType(v.(IR::Instruction).getResultIRType())
-  }
-
-  BasicBlock getSsaVariableBasicBlock(SsaVariable v) { result = v.(IR::Instruction).getBlock() }
-
-  private newtype TReadPosition =
-    TReadPositionBlock(IR::IRBlock block) or
-    TReadPositionPhiInputEdge(IR::IRBlock pred, IR::IRBlock succ) {
-      exists(IR::PhiInputOperand input |
-        pred = input.getPredecessorBlock() and
-        succ = input.getUse().getBlock()
-      )
-    }
-
-  class SsaReadPosition extends TReadPosition {
-    string toString() { none() }
-
-    Location getLocation() { none() }
-
-    predicate hasRead(SsaVariable v) { none() }
-  }
-
-  private class SsaReadPositionBlock extends SsaReadPosition, TReadPositionBlock {
-    IR::IRBlock block;
-
-    SsaReadPositionBlock() { this = TReadPositionBlock(block) }
-
-    final override string toString() { result = block.toString() }
-
-    final override Location getLocation() { result = block.getLocation() }
-
-    final override predicate hasRead(SsaVariable v) {
-      exists(IR::Operand operand |
-        operand.getDef() = v and not operand instanceof IR::PhiInputOperand
-      )
-    }
-  }
-
-  private class SsaReadPositionPhiInputEdge extends SsaReadPosition, TReadPositionPhiInputEdge {
-    IR::IRBlock pred;
-    IR::IRBlock succ;
-
-    SsaReadPositionPhiInputEdge() { this = TReadPositionPhiInputEdge(pred, succ) }
-
-    final override string toString() { result = pred.toString() + "->" + succ.toString() }
-
-    final override Location getLocation() { result = succ.getLocation() }
-
-    final override predicate hasRead(SsaVariable v) {
-      exists(IR::PhiInputOperand operand |
-        operand.getDef() = v and
-        operand.getPredecessorBlock() = pred and
-        operand.getUse().getBlock() = succ
-      )
-    }
-  }
-
-  predicate hasReadOfSsaVariable(SsaReadPosition pos, SsaVariable v) { pos.hasRead(v) }
-
-  predicate readBlock(SsaReadPosition pos, BasicBlock block) { pos = TReadPositionBlock(block) }
-
-  predicate phiInputEdge(SsaReadPosition pos, BasicBlock origBlock, BasicBlock phiBlock) {
-    pos = TReadPositionPhiInputEdge(origBlock, phiBlock)
-  }
-
-  predicate phiInput(SsaReadPosition pos, SsaVariable phi, SsaVariable input) {
-    exists(IR::PhiInputOperand operand |
-      pos = TReadPositionPhiInputEdge(operand.getPredecessorBlock(), operand.getUse().getBlock())
-    |
-      phi = operand.getUse() and input = operand.getDef()
-    )
-  }
-
-  class Bound instanceof IRBound::Bound {
-    Bound() {
-      this instanceof IRBound::ZeroBound
-      or
-      this.(IRBound::ValueNumberBound).getValueNumber().getAnInstruction() instanceof SsaVariable
-    }
-
-    string toString() { result = super.toString() }
-
-    final Location getLocation() { result = super.getLocation() }
-  }
-
-  private class ValueNumberBound extends Bound {
-    IRBound::ValueNumberBound bound;
-
-    ValueNumberBound() { bound = this }
-
-    override string toString() {
-      result =
-        min(SsaVariable instr |
-          instr = bound.getValueNumber().getAnInstruction()
-        |
-          instr
-          order by
-            instr.(IR::Instruction).getBlock().getDisplayIndex(),
-            instr.(IR::Instruction).getDisplayIndexInBlock()
-        ).toString()
-    }
-  }
-
-  predicate zeroBound(Bound bound) { bound instanceof IRBound::ZeroBound }
-
-  predicate ssaBound(Bound bound, SsaVariable v) {
-    v = bound.(IRBound::ValueNumberBound).getValueNumber().getAnInstruction()
-  }
-
-  Expr getBoundExpr(Bound bound, int delta) {
-    result = bound.(IRBound::Bound).getInstruction(delta)
-  }
-
-  class Guard = IRGuards::IRGuardCondition;
-
-  predicate guard(Guard guard, BasicBlock block) {
-    block = guard.(IRGuards::IRGuardCondition).getBlock()
-  }
-
-  Expr getGuardAsExpr(Guard guard) { result = guard }
-
-  predicate equalityGuard(Guard guard, Expr e1, Expr e2, boolean polarity) {
-    guard.(IRGuards::IRGuardCondition).comparesEq(e1.getAUse(), e2.getAUse(), 0, true, polarity)
-  }
-
-  predicate guardDirectlyControlsBlock(Guard guard, BasicBlock controlled, boolean branch) {
-    guard.(IRGuards::IRGuardCondition).controls(controlled, branch)
-  }
-
-  predicate guardHasBranchEdge(Guard guard, BasicBlock bb1, BasicBlock bb2, boolean branch) {
-    guard.(IRGuards::IRGuardCondition).controlsEdge(bb1, bb2, branch)
-  }
-
-  Guard comparisonGuard(Expr e) { result = e }
-
-  predicate implies_v2(Guard g1, boolean b1, Guard g2, boolean b2) {
-    none() // TODO
-  }
-}
-
-SemExpr getSemanticExpr(IR::Instruction instr) { result = instr }
-
-IR::Instruction getCppInstruction(SemExpr e) { e = result }
-
-SemBasicBlock getSemanticBasicBlock(IR::IRBlock block) { result = block }
-
-IR::IRBlock getCppBasicBlock(SemBasicBlock block) { block = result }
-
-SemSsaVariable getSemanticSsaVariable(IR::Instruction instr) { result = instr }
-
-IR::Instruction getCppSsaVariableInstruction(SemSsaVariable v) { v = result }
-
-SemBound getSemanticBound(IRBound::Bound bound) { result = bound }
-
-IRBound::Bound getCppBound(SemBound bound) { bound = result }
-
-SemGuard getSemanticGuard(IRGuards::IRGuardCondition guard) { result = guard }
-
-IRGuards::IRGuardCondition getCppGuard(SemGuard guard) { guard = result }

cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticGuard.qll

@@ -1,65 +0,0 @@
-/**
- * Semantic interface to the guards library.
- */
-
-private import Semantic
-private import SemanticExprSpecific::SemanticExprConfig as Specific
-
-class SemGuard instanceof Specific::Guard {
-  SemBasicBlock block;
-
-  SemGuard() { Specific::guard(this, block) }
-
-  final string toString() { result = super.toString() }
-
-  final Specific::Location getLocation() { result = super.getLocation() }
-
-  final predicate isEquality(SemExpr e1, SemExpr e2, boolean polarity) {
-    Specific::equalityGuard(this, e1, e2, polarity)
-  }
-
-  final predicate directlyControls(SemBasicBlock controlled, boolean branch) {
-    Specific::guardDirectlyControlsBlock(this, controlled, branch)
-  }
-
-  final predicate hasBranchEdge(SemBasicBlock bb1, SemBasicBlock bb2, boolean branch) {
-    Specific::guardHasBranchEdge(this, bb1, bb2, branch)
-  }
-
-  final SemBasicBlock getBasicBlock() { result = block }
-
-  final SemExpr asExpr() { result = Specific::getGuardAsExpr(this) }
-}
-
-predicate semImplies_v2(SemGuard g1, boolean b1, SemGuard g2, boolean b2) {
-  Specific::implies_v2(g1, b1, g2, b2)
-}
-
-/**
- * Holds if `guard` directly controls the position `controlled` with the
- * value `testIsTrue`.
- */
-predicate semGuardDirectlyControlsSsaRead(
-  SemGuard guard, SemSsaReadPosition controlled, boolean testIsTrue
-) {
-  guard.directlyControls(controlled.(SemSsaReadPositionBlock).getBlock(), testIsTrue)
-  or
-  exists(SemSsaReadPositionPhiInputEdge controlledEdge | controlledEdge = controlled |
-    guard.directlyControls(controlledEdge.getOrigBlock(), testIsTrue) or
-    guard.hasBranchEdge(controlledEdge.getOrigBlock(), controlledEdge.getPhiBlock(), testIsTrue)
-  )
-}
-
-/**
- * Holds if `guard` controls the position `controlled` with the value `testIsTrue`.
- */
-predicate semGuardControlsSsaRead(SemGuard guard, SemSsaReadPosition controlled, boolean testIsTrue) {
-  semGuardDirectlyControlsSsaRead(guard, controlled, testIsTrue)
-  or
-  exists(SemGuard guard0, boolean testIsTrue0 |
-    semImplies_v2(guard0, testIsTrue0, guard, testIsTrue) and
-    semGuardControlsSsaRead(guard0, controlled, testIsTrue0)
-  )
-}
-
-SemGuard semGetComparisonGuard(SemRelationalExpr e) { result = Specific::comparisonGuard(e) }

cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticOpcode.qll

@@ -1,179 +0,0 @@
-/**
- * Definitions of all possible opcodes for `SemExpr`.
- */
-private newtype TOpcode =
-  TInitializeParameter() or
-  TCopyValue() or
-  TLoad() or
-  TStore() or
-  TAdd() or
-  TSub() or
-  TMul() or
-  TDiv() or
-  TRem() or
-  TNegate() or
-  TShiftLeft() or
-  TShiftRight() or
-  TShiftRightUnsigned() or // TODO: Based on type
-  TBitAnd() or
-  TBitOr() or
-  TBitXor() or
-  TBitComplement() or
-  TLogicalNot() or
-  TCompareEQ() or
-  TCompareNE() or
-  TCompareLT() or
-  TCompareGT() or
-  TCompareLE() or
-  TCompareGE() or
-  TPointerAdd() or
-  TPointerSub() or
-  TPointerDiff() or
-  TConvert() or
-  TConstant() or
-  TStringConstant() or
-  TAddOne() or // TODO: Combine with `TAdd`
-  TSubOne() or // TODO: Combine with `TSub`
-  TConditional() or // TODO: Represent as flow
-  TCall() or
-  TBox() or
-  TUnbox() or
-  TUnknown()
-
-class Opcode extends TOpcode {
-  string toString() { result = "???" }
-}
-
-module Opcode {
-  class InitializeParameter extends Opcode, TInitializeParameter {
-    override string toString() { result = "InitializeParameter" }
-  }
-
-  class CopyValue extends Opcode, TCopyValue {
-    override string toString() { result = "CopyValue" }
-  }
-
-  class Load extends Opcode, TLoad {
-    override string toString() { result = "Load" }
-  }
-
-  class Store extends Opcode, TStore {
-    override string toString() { result = "Store" }
-  }
-
-  class Add extends Opcode, TAdd {
-    override string toString() { result = "Add" }
-  }
-
-  class Sub extends Opcode, TSub {
-    override string toString() { result = "Sub" }
-  }
-
-  class Mul extends Opcode, TMul {
-    override string toString() { result = "Mul" }
-  }
-
-  class Div extends Opcode, TDiv {
-    override string toString() { result = "Div" }
-  }
-
-  class Rem extends Opcode, TRem {
-    override string toString() { result = "Rem" }
-  }
-
-  class Negate extends Opcode, TNegate {
-    override string toString() { result = "Negate" }
-  }
-
-  class ShiftLeft extends Opcode, TShiftLeft {
-    override string toString() { result = "ShiftLeft" }
-  }
-
-  class ShiftRight extends Opcode, TShiftRight {
-    override string toString() { result = "ShiftRight" }
-  }
-
-  class ShiftRightUnsigned extends Opcode, TShiftRightUnsigned {
-    override string toString() { result = "ShiftRightUnsigned" }
-  }
-
-  class BitAnd extends Opcode, TBitAnd {
-    override string toString() { result = "BitAnd" }
-  }
-
-  class BitOr extends Opcode, TBitOr {
-    override string toString() { result = "BitOr" }
-  }
-
-  class BitXor extends Opcode, TBitXor {
-    override string toString() { result = "BitXor" }
-  }
-
-  class BitComplement extends Opcode, TBitComplement {
-    override string toString() { result = "BitComplement" }
-  }
-
-  class LogicalNot extends Opcode, TLogicalNot {
-    override string toString() { result = "LogicalNot" }
-  }
-
-  class CompareEQ extends Opcode, TCompareEQ {
-    override string toString() { result = "CompareEQ" }
-  }
-
-  class CompareNE extends Opcode, TCompareNE {
-    override string toString() { result = "CompareNE" }
-  }
-
-  class CompareLT extends Opcode, TCompareLT {
-    override string toString() { result = "CompareLT" }
-  }
-
-  class CompareLE extends Opcode, TCompareLE {
-    override string toString() { result = "CompareLE" }
-  }
-
-  class CompareGT extends Opcode, TCompareGT {
-    override string toString() { result = "CompareGT" }
-  }
-
-  class CompareGE extends Opcode, TCompareGE {
-    override string toString() { result = "CompareGE" }
-  }
-
-  class Convert extends Opcode, TConvert {
-    override string toString() { result = "Convert" }
-  }
-
-  class AddOne extends Opcode, TAddOne {
-    override string toString() { result = "AddOne" }
-  }
-
-  class SubOne extends Opcode, TSubOne {
-    override string toString() { result = "SubOne" }
-  }
-
-  class Conditional extends Opcode, TConditional {
-    override string toString() { result = "Conditional" }
-  }
-
-  class Constant extends Opcode, TConstant {
-    override string toString() { result = "Constant" }
-  }
-
-  class StringConstant extends Opcode, TStringConstant {
-    override string toString() { result = "StringConstant" }
-  }
-
-  class Box extends Opcode, TBox {
-    override string toString() { result = "Box" }
-  }
-
-  class Unbox extends Opcode, TUnbox {
-    override string toString() { result = "Unbox" }
-  }
-
-  class Unknown extends Opcode, TUnknown {
-    override string toString() { result = "Unknown" }
-  }
-}

cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticSSA.qll

@@ -1,75 +0,0 @@
-/**
- * Semantic interface to the SSA library.
- */
-
-private import Semantic
-private import SemanticExprSpecific::SemanticExprConfig as Specific
-
-class SemSsaVariable instanceof Specific::SsaVariable {
-  final string toString() { result = super.toString() }
-
-  final Specific::Location getLocation() { result = super.getLocation() }
-
-  final SemLoadExpr getAUse() { result = Specific::getAUse(this) }
-
-  final SemType getType() { result = Specific::getSsaVariableType(this) }
-
-  final SemBasicBlock getBasicBlock() { result = Specific::getSsaVariableBasicBlock(this) }
-}
-
-class SemSsaExplicitUpdate extends SemSsaVariable {
-  SemExpr sourceExpr;
-
-  SemSsaExplicitUpdate() { Specific::explicitUpdate(this, sourceExpr) }
-
-  final SemExpr getSourceExpr() { result = sourceExpr }
-}
-
-class SemSsaPhiNode extends SemSsaVariable {
-  SemSsaPhiNode() { Specific::phi(this) }
-
-  final SemSsaVariable getAPhiInput() { result = Specific::getAPhiInput(this) }
-}
-
-class SemSsaReadPosition instanceof Specific::SsaReadPosition {
-  final string toString() { result = super.toString() }
-
-  final Specific::Location getLocation() { result = super.getLocation() }
-
-  final predicate hasReadOfVar(SemSsaVariable var) { Specific::hasReadOfSsaVariable(this, var) }
-}
-
-class SemSsaReadPositionPhiInputEdge extends SemSsaReadPosition {
-  SemBasicBlock origBlock;
-  SemBasicBlock phiBlock;
-
-  SemSsaReadPositionPhiInputEdge() { Specific::phiInputEdge(this, origBlock, phiBlock) }
-
-  predicate phiInput(SemSsaPhiNode phi, SemSsaVariable inp) { Specific::phiInput(this, phi, inp) }
-
-  SemBasicBlock getOrigBlock() { result = origBlock }
-
-  SemBasicBlock getPhiBlock() { result = phiBlock }
-}
-
-class SemSsaReadPositionBlock extends SemSsaReadPosition {
-  SemBasicBlock block;
-
-  SemSsaReadPositionBlock() { Specific::readBlock(this, block) }
-
-  SemBasicBlock getBlock() { result = block }
-
-  SemExpr getAnExpr() { result = getBlock().getAnExpr() }
-}
-
-/**
- * Holds if `inp` is an input to `phi` along a back edge.
- */
-predicate semBackEdge(SemSsaPhiNode phi, SemSsaVariable inp, SemSsaReadPositionPhiInputEdge edge) {
-  edge.phiInput(phi, inp) and
-  // Conservatively assume that every edge is a back edge if we don't have dominance information.
-  (
-    phi.getBasicBlock().bbDominates(edge.getOrigBlock()) or
-    not edge.getOrigBlock().hasDominanceInformation()
-  )
-}

cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticType.qll

@@ -1,301 +0,0 @@
-/**
- * Minimal, language-neutral type system for semantic analysis.
- */
-
-private import SemanticTypeSpecific as Specific
-
-class LanguageType = Specific::Type;
-
-cached
-private newtype TSemType =
-  TSemVoidType() { Specific::voidType(_) } or
-  TSemUnknownType() { Specific::unknownType(_) } or
-  TSemErrorType() { Specific::errorType(_) } or
-  TSemBooleanType(int byteSize) { Specific::booleanType(_, byteSize) } or
-  TSemIntegerType(int byteSize, boolean signed) { Specific::integerType(_, byteSize, signed) } or
-  TSemFloatingPointType(int byteSize) { Specific::floatingPointType(_, byteSize) } or
-  TSemAddressType(int byteSize) { Specific::addressType(_, byteSize) } or
-  TSemFunctionAddressType(int byteSize) { Specific::functionAddressType(_, byteSize) } or
-  TSemOpaqueType(int byteSize, Specific::OpaqueTypeTag tag) {
-    Specific::opaqueType(_, byteSize, tag)
-  }
-
-/**
- * The language-neutral type of a semantic expression,
- * The interface to `SemType` and its subclasses is the same across all languages for which the IR
- * is supported, so analyses that expect to be used for multiple languages should generally use
- * `SemType` rather than a language-specific type.
- *
- * Many types from the language-specific type system will map to a single canonical `SemType`. Two
- * types that map to the same `SemType` are considered equivalent by semantic analysis. As an
- * example, in C++, all pointer types map to the same instance of `SemAddressType`.
- */
-class SemType extends TSemType {
-  /** Gets a textual representation of this type. */
-  string toString() { none() }
-
-  /**
-   * Gets a string that uniquely identifies this `SemType`. This string is often the same as the
-   * result of `SemType.toString()`, but for some types it may be more verbose to ensure uniqueness.
-   */
-  string getIdentityString() { result = toString() }
-
-  /**
-   * Gets the size of the type, in bytes, if known.
-   *
-   * This will hold for all `SemType` objects except `SemUnknownType` and `SemErrorType`.
-   */
-  // This predicate is overridden with `pragma[noinline]` in every leaf subclass.
-  // This allows callers to ask for things like _the_ floating-point type of
-  // size 4 without getting a join that first finds all types of size 4 and
-  // _then_ restricts them to floating-point types.
-  int getByteSize() { none() }
-}
-
-/**
- * An unknown type. Generally used to represent results and operands that access an unknown set of
- * memory locations, such as the side effects of a function call.
- */
-class SemUnknownType extends SemType, TSemUnknownType {
-  final override string toString() { result = "unknown" }
-
-  final override int getByteSize() { none() }
-}
-
-/**
- * A void type, which has no values. Used to represent the result type of an expression that does
- * not produce a result.
- */
-class SemVoidType extends SemType, TSemVoidType {
-  final override string toString() { result = "void" }
-
-  final override int getByteSize() { result = 0 }
-}
-
-/**
- * An error type. Used when an error in the source code prevents the extractor from determining the
- * proper type.
- */
-class SemErrorType extends SemType, TSemErrorType {
-  final override string toString() { result = "error" }
-
-  final override int getByteSize() { result = 0 }
-}
-
-private class SemSizedType extends SemType {
-  int byteSize;
-
-  SemSizedType() {
-    this = TSemBooleanType(byteSize) or
-    this = TSemIntegerType(byteSize, _) or
-    this = TSemFloatingPointType(byteSize) or
-    this = TSemAddressType(byteSize) or
-    this = TSemFunctionAddressType(byteSize) or
-    this = TSemOpaqueType(byteSize, _)
-  }
-  // Don't override `getByteSize()` here. The optimizer seems to generate better code when this is
-  // overridden only in the leaf classes.
-}
-
-/**
- * A Boolean type, which can hold the values `true` (non-zero) or `false` (zero).
- */
-class SemBooleanType extends SemSizedType, TSemBooleanType {
-  final override string toString() { result = "bool" + byteSize.toString() }
-
-  pragma[noinline]
-  final override int getByteSize() { result = byteSize }
-}
-
-/**
- * A numeric type. This includes `SemSignedIntegerType`, `SemUnsignedIntegerType`, and
- * `SemFloatingPointType`.
- */
-class SemNumericType extends SemSizedType {
-  SemNumericType() {
-    this = TSemIntegerType(byteSize, _) or
-    this = TSemFloatingPointType(byteSize)
-  }
-  // Don't override `getByteSize()` here. The optimizer seems to generate better code when this is
-  // overridden only in the leaf classes.
-}
-
-/**
- * An integer type. This includes `SemSignedIntegerType` and `SemUnsignedIntegerType`.
- */
-class SemIntegerType extends SemNumericType {
-  boolean signed;
-
-  SemIntegerType() { this = TSemIntegerType(byteSize, signed) }
-
-  /** Holds if this integer type is signed. */
-  final predicate isSigned() { signed = true }
-
-  /** Holds if this integer type is unsigned. */
-  final predicate isUnsigned() { not isSigned() }
-  // Don't override `getByteSize()` here. The optimizer seems to generate better code when this is
-  // overridden only in the leaf classes.
-}
-
-/**
- * A signed two's-complement integer. Also used to represent enums whose underlying type is a signed
- * integer, as well as character types whose representation is signed.
- */
-class SemSignedIntegerType extends SemIntegerType {
-  SemSignedIntegerType() { signed = true }
-
-  final override string toString() { result = "int" + byteSize.toString() }
-
-  pragma[noinline]
-  final override int getByteSize() { result = byteSize }
-}
-
-/**
- * An unsigned two's-complement integer. Also used to represent enums whose underlying type is an
- * unsigned integer, as well as character types whose representation is unsigned.
- */
-class SemUnsignedIntegerType extends SemIntegerType {
-  SemUnsignedIntegerType() { signed = false }
-
-  final override string toString() { result = "uint" + byteSize.toString() }
-
-  pragma[noinline]
-  final override int getByteSize() { result = byteSize }
-}
-
-/**
- * A floating-point type.
- */
-class SemFloatingPointType extends SemNumericType, TSemFloatingPointType {
-  final override string toString() { result = "float" + byteSize.toString() }
-
-  pragma[noinline]
-  final override int getByteSize() { result = byteSize }
-}
-
-/**
- * An address type, representing the memory address of data. Used to represent pointers, references,
- * and lvalues, include those that are garbage collected.
- *
- * The address of a function is represented by the separate `SemFunctionAddressType`.
- */
-class SemAddressType extends SemSizedType, TSemAddressType {
-  final override string toString() { result = "addr" + byteSize.toString() }
-
-  pragma[noinline]
-  final override int getByteSize() { result = byteSize }
-}
-
-/**
- * An address type, representing the memory address of code. Used to represent function pointers,
- * function references, and the target of a direct function call.
- */
-class SemFunctionAddressType extends SemSizedType, TSemFunctionAddressType {
-  final override string toString() { result = "func" + byteSize.toString() }
-
-  pragma[noinline]
-  final override int getByteSize() { result = byteSize }
-}
-
-/**
- * A type with known size that does not fit any of the other kinds of type. Used to represent
- * classes, structs, unions, fixed-size arrays, pointers-to-member, and more.
- */
-class SemOpaqueType extends SemSizedType, TSemOpaqueType {
-  Specific::OpaqueTypeTag tag;
-
-  SemOpaqueType() { this = TSemOpaqueType(byteSize, tag) }
-
-  final override string toString() {
-    result = "opaque" + byteSize.toString() + "{" + tag.toString() + "}"
-  }
-
-  final override string getIdentityString() {
-    result = "opaque" + byteSize.toString() + "{" + Specific::getOpaqueTagIdentityString(tag) + "}"
-  }
-
-  /**
-   * Gets the "tag" that differentiates this type from other incompatible opaque types that have the
-   * same size.
-   */
-  final Specific::OpaqueTypeTag getTag() { result = tag }
-
-  pragma[noinline]
-  final override int getByteSize() { result = byteSize }
-}
-
-cached
-SemType getSemanticType(Specific::Type type) {
-  exists(int byteSize |
-    Specific::booleanType(type, byteSize) and result = TSemBooleanType(byteSize)
-    or
-    exists(boolean signed |
-      Specific::integerType(type, byteSize, signed) and
-      result = TSemIntegerType(byteSize, signed)
-    )
-    or
-    Specific::floatingPointType(type, byteSize) and result = TSemFloatingPointType(byteSize)
-    or
-    Specific::addressType(type, byteSize) and result = TSemAddressType(byteSize)
-    or
-    Specific::functionAddressType(type, byteSize) and result = TSemFunctionAddressType(byteSize)
-    or
-    exists(Specific::OpaqueTypeTag tag |
-      Specific::opaqueType(type, byteSize, tag) and result = TSemOpaqueType(byteSize, tag)
-    )
-  )
-  or
-  Specific::errorType(type) and result = TSemErrorType()
-  or
-  Specific::unknownType(type) and result = TSemUnknownType()
-}
-
-/**
- * Holds if the conversion from `fromType` to `toType` can never overflow or underflow.
- */
-predicate conversionCannotOverflow(SemNumericType fromType, SemNumericType toType) {
-  // Identity cast
-  fromType = toType
-  or
-  // Treat any cast to an FP type as safe. It can lose precision, but not overflow.
-  toType instanceof SemFloatingPointType and fromType = any(SemNumericType n)
-  or
-  exists(SemIntegerType fromInteger, SemIntegerType toInteger, int fromSize, int toSize |
-    fromInteger = fromType and
-    toInteger = toType and
-    fromSize = fromInteger.getByteSize() and
-    toSize = toInteger.getByteSize()
-  |
-    // Conversion to a larger type. Safe unless converting signed -> unsigned.
-    fromSize < toSize and
-    (
-      toInteger.isSigned()
-      or
-      not fromInteger.isSigned()
-    )
-  )
-}
-
-/**
- * INTERNAL: Do not use.
- * Query predicates used to check invariants that should hold for all `SemType` objects.
- */
-module SemTypeConsistency {
-  /**
-   * Holds if the type has no result for `getSemanticType()`.
-   */
-  query predicate missingSemType(Specific::Type type, string message) {
-    not exists(getSemanticType(type)) and
-    message = "`Type` does not have a corresponding `SemType`."
-  }
-
-  /**
-   * Holds if the type has more than one result for `getSemanticType()`.
-   */
-  query predicate multipleSemTypes(Specific::Type type, string message) {
-    strictcount(getSemanticType(type)) > 1 and
-    message =
-      "`Type` " + type + " has multiple `SemType`s: " +
-        concat(getSemanticType(type).toString(), ", ")
-  }
-}

cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticTypeSpecific.qll

@@ -1,43 +0,0 @@
-/**
- * C++-specific implementation of the semantic type system.
- */
-
-private import semmle.code.cpp.ir.IR as IR
-private import cpp as Cpp
-private import semmle.code.cpp.ir.internal.IRCppLanguage as Language
-
-class Type = IR::IRType;
-
-class OpaqueTypeTag = Language::OpaqueTypeTag;
-
-predicate voidType(Type type) { type instanceof IR::IRVoidType }
-
-predicate errorType(Type type) { type instanceof IR::IRErrorType }
-
-predicate unknownType(Type type) { type instanceof IR::IRUnknownType }
-
-predicate booleanType(Type type, int byteSize) { byteSize = type.(IR::IRBooleanType).getByteSize() }
-
-predicate integerType(Type type, int byteSize, boolean signed) {
-  byteSize = type.(IR::IRSignedIntegerType).getByteSize() and signed = true
-  or
-  byteSize = type.(IR::IRUnsignedIntegerType).getByteSize() and signed = false
-}
-
-predicate floatingPointType(Type type, int byteSize) {
-  byteSize = type.(IR::IRFloatingPointType).getByteSize()
-}
-
-predicate addressType(Type type, int byteSize) { byteSize = type.(IR::IRAddressType).getByteSize() }
-
-predicate functionAddressType(Type type, int byteSize) {
-  byteSize = type.(IR::IRFunctionAddressType).getByteSize()
-}
-
-predicate opaqueType(Type type, int byteSize, OpaqueTypeTag tag) {
-  exists(IR::IROpaqueType opaque | opaque = type |
-    byteSize = opaque.getByteSize() and tag = opaque.getTag()
-  )
-}
-
-predicate getOpaqueTagIdentityString = Language::getOpaqueTagIdentityString/1;

cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/ConstantAnalysis.qll

@@ -1,31 +0,0 @@
-/**
- * Simple constant analysis using the Semantic interface.
- */
-
-private import experimental.semmle.code.cpp.semantic.Semantic
-private import ConstantAnalysisSpecific as Specific
-
-/** An expression that always has the same integer value. */
-pragma[nomagic]
-private predicate constantIntegerExpr(SemExpr e, int val) {
-  // An integer literal
-  e.(SemIntegerLiteralExpr).getIntValue() = val
-  or
-  // Copy of another constant
-  exists(SemSsaExplicitUpdate v, SemExpr src |
-    e = v.getAUse() and
-    src = v.getSourceExpr() and
-    constantIntegerExpr(src, val)
-  )
-  or
-  // Language-specific enhancements
-  val = Specific::getIntConstantValue(e)
-}
-
-/** An expression that always has the same integer value. */
-class SemConstantIntegerExpr extends SemExpr {
-  SemConstantIntegerExpr() { constantIntegerExpr(this, _) }
-
-  /** Gets the integer value of this expression. */
-  int getIntValue() { constantIntegerExpr(this, result) }
-}

cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/ConstantAnalysisSpecific.qll

@@ -1,10 +0,0 @@
-/**
- * C++-specific implementation of constant analysis.
- */
-
-private import experimental.semmle.code.cpp.semantic.Semantic
-
-/**
- * Gets the constant integer value of the specified expression, if any.
- */
-int getIntConstantValue(SemExpr expr) { none() }