Post-release preparation for codeql-cli-2.17.2

Release preparation for version 2.17.2

.github/workflows/go-tests-other-os.yml

@@ -7,6 +7,8 @@ on:
       - .github/workflows/go-tests-other-os.yml
       - .github/actions/**
       - codeql-workspace.yml
+env:
+  GO_VERSION: '~1.22.0'
 
 permissions:
   contents: read
@@ -16,17 +18,72 @@ jobs:
     name: Test MacOS
     runs-on: macos-latest
     steps:
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: false
+        id: go
+
       - name: Check out code
         uses: actions/checkout@v4
-      - name: Run tests
-        uses: ./go/actions/test
+
+      - name: Set up CodeQL CLI
+        uses: ./.github/actions/fetch-codeql
+
+      - name: Enable problem matchers in repository
+        shell: bash
+        run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
+
+      - name: Build
+        run: |
+          cd go
+          make
+
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: go-qltest
+      - name: Test
+        run: |
+          cd go
+          make test cache="${{ steps.query-cache.outputs.cache-dir }}"
 
   test-win:
     if: github.repository_owner == 'github'
     name: Test Windows
     runs-on: windows-latest-xl
     steps:
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: false
+        id: go
+
       - name: Check out code
         uses: actions/checkout@v4
-      - name: Run tests
-        uses: ./go/actions/test
+
+      - name: Set up CodeQL CLI
+        uses: ./.github/actions/fetch-codeql
+
+      - name: Enable problem matchers in repository
+        shell: bash
+        run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
+
+      - name: Build
+        run: |
+          cd go
+          make
+
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: go-qltest
+
+      - name: Test
+        run: |
+          cd go
+          make test cache="${{ steps.query-cache.outputs.cache-dir }}"

.github/workflows/go-tests.yml

@@ -16,6 +16,9 @@ on:
       - .github/actions/**
       - codeql-workspace.yml
 
+env:
+  GO_VERSION: '~1.22.0'
+
 permissions:
   contents: read
 
@@ -25,9 +28,51 @@ jobs:
     name: Test Linux (Ubuntu)
     runs-on: ubuntu-latest-xl
     steps:
+      - name: Set up Go ${{ env.GO_VERSION }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: false
+        id: go
+
       - name: Check out code
         uses: actions/checkout@v4
-      - name: Run tests
-        uses: ./go/actions/test
+
+      - name: Set up CodeQL CLI
+        uses: ./.github/actions/fetch-codeql
+
+      - name: Enable problem matchers in repository
+        shell: bash
+        run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
+
+      - name: Build
+        run: |
+          cd go
+          make
+
+      - name: Check that all Go code is autoformatted
+        run: |
+          cd go
+          make check-formatting
+
+      - name: Compile qhelp files to markdown
+        run: |
+          cd go
+          env QHELP_OUT_DIR=qhelp-out make qhelp-to-markdown
+
+      - name: Upload qhelp markdown
+        uses: actions/upload-artifact@v3
         with:
-          run-code-checks: true
+          name: qhelp-markdown
+          path: go/qhelp-out/**/*.md
+
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: go-qltest
+
+      - name: Test
+        run: |
+          cd go
+          make test cache="${{ steps.query-cache.outputs.cache-dir }}"

.pre-commit-config.yaml

@@ -29,13 +29,6 @@ repos:
         entry: bazel run //:buildifier
         pass_filenames: false
 
-      - id: go-gen
-        name: Check checked in generated files in go
-        files: go/.*
-        language: system
-        entry: bazel run //go:gen
-        pass_filenames: false
-
       - id: codeql-format
         name: Fix QL file formatting
         files: \.qll?$

MODULE.bazel

@@ -13,9 +13,7 @@ local_path_override(
 
 # see https://registry.bazel.build/ for a list of available packages
 
-bazel_dep(name = "apple_support", version = "1.15.1-codeql.1")
-bazel_dep(name = "platforms", version = "0.0.9")
-bazel_dep(name = "rules_go", version = "0.47.0")
+bazel_dep(name = "platforms", version = "0.0.8")
 bazel_dep(name = "rules_pkg", version = "0.10.1")
 bazel_dep(name = "rules_nodejs", version = "6.0.3")
 bazel_dep(name = "rules_python", version = "0.31.0")
@@ -23,7 +21,6 @@ bazel_dep(name = "bazel_skylib", version = "1.5.0")
 bazel_dep(name = "abseil-cpp", version = "20240116.0", repo_name = "absl")
 bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
 bazel_dep(name = "fmt", version = "10.0.0")
-bazel_dep(name = "gazelle", version = "0.36.0")
 
 bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True)
 
@@ -55,13 +52,6 @@ node.toolchain(
 )
 use_repo(node, "nodejs", "nodejs_toolchains")
 
-go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
-go_sdk.download(version = "1.22.2")  # default
-
-# following is needed for gazelle on macOS
-# see https://github.com/bazelbuild/bazel-gazelle/issues/1793
-go_sdk.download(version = "1.21.9")
-
 register_toolchains(
     "@nodejs_toolchains//:all",
 )

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,20 @@
+## 0.13.0
+
+### Breaking Changes
+
+* Deleted the deprecated `GlobalValueNumberingImpl.qll` implementation.
+
+### New Features
+
+* Models-as-Data support has been added for C/C++. This feature allows flow sources, sinks and summaries to be expressed in compact strings as an alternative to modelling each source / sink / summary with explicit QL. See `dataflow/ExternalFlow.qll` for documentation and specification of the model format, and `models/implementations/ZMQ.qll` for a simple example of models. Importing models from `.yml` is not yet supported.
+
+### Minor Analysis Improvements
+
+* Source models have been added for the standard library function `getc` (and variations).
+* Source, sink and flow models for the ZeroMQ (ZMQ) networking library have been added.
+* Parameters of functions without definitions now have `ParameterNode`s.
+* The alias analysis used internally by various libraries has been improved to answer alias questions more conservatively. As a result, some queries may report fewer false positives.
+
 ## 0.12.11
 
 No user-facing changes.

cpp/ql/lib/change-notes/2024-04-05-sound-ir.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* The alias analysis used internally by various libraries has been improved to answer alias questions more conservatively. As a result, some queries may report fewer false positives.

cpp/ql/lib/change-notes/2024-04-18-param-nodes.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Parameters of functions without definitions now have `ParameterNode`s.

cpp/ql/lib/change-notes/2024-04-26-outdated-deprecations.md

@@ -1,4 +0,0 @@
----
-category: breaking
----
-* Deleted the deprecated `GlobalValueNumberingImpl.qll` implementation.

cpp/ql/lib/change-notes/2024-10-04-getc.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Source models have been added for the standard library function `getc` (and variations).

cpp/ql/lib/change-notes/2024-10-04-models-as-data.md

@@ -1,4 +0,0 @@
----
-category: feature
----
-* Models-as-Data support has been added for C/C++. This feature allows flow sources, sinks and summaries to be expressed in compact strings as an alternative to modelling each source / sink / summary with explicit QL. See `dataflow/ExternalFlow.qll` for documentation and specification of the model format, and `models/implementations/ZMQ.qll` for a simple example of models. Importing models from `.yml` is not yet supported.

cpp/ql/lib/change-notes/2024-10-04-zmq.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Source, sink and flow models for the ZeroMQ (ZMQ) networking library have been added.

cpp/ql/lib/change-notes/released/0.13.0.md

@@ -0,0 +1,16 @@
+## 0.13.0
+
+### Breaking Changes
+
+* Deleted the deprecated `GlobalValueNumberingImpl.qll` implementation.
+
+### New Features
+
+* Models-as-Data support has been added for C/C++. This feature allows flow sources, sinks and summaries to be expressed in compact strings as an alternative to modelling each source / sink / summary with explicit QL. See `dataflow/ExternalFlow.qll` for documentation and specification of the model format, and `models/implementations/ZMQ.qll` for a simple example of models. Importing models from `.yml` is not yet supported.
+
+### Minor Analysis Improvements
+
+* Source models have been added for the standard library function `getc` (and variations).
+* Source, sink and flow models for the ZeroMQ (ZMQ) networking library have been added.
+* Parameters of functions without definitions now have `ParameterNode`s.
+* The alias analysis used internally by various libraries has been improved to answer alias questions more conservatively. As a result, some queries may report fewer false positives.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.12.11
+lastReleaseVersion: 0.13.0

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.12.12-dev
+version: 0.13.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.9.11
+
+### Minor Analysis Improvements
+
+* The "Uncontrolled data used in path expression" query (`cpp/path-injection`) query produces fewer near-duplicate results.
+* The "Global variable may be used before initialization" query (`cpp/global-use-before-init`) no longer raises an alert on global variables that are initialized when they are declared.
+* The "Inconsistent null check of pointer" query (`cpp/inconsistent-nullness-testing`) query no longer raises an alert when the guarded check is in a macro expansion.
+
 ## 0.9.10
 
 No user-facing changes.

cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql

@@ -88,6 +88,11 @@ module TaintedPathConfig implements DataFlow::ConfigSig {
       hasUpperBoundsCheck(checkedVar)
     )
   }
+
+  predicate isBarrierOut(DataFlow::Node node) {
+    // make sinks barriers so that we only report the closest instance
+    isSink(node)
+  }
 }
 
 module TaintedPath = TaintTracking::Global<TaintedPathConfig>;

cpp/ql/src/change-notes/released/0.9.11.md

@@ -1,5 +1,7 @@
----
-category: minorAnalysis
----
+## 0.9.11
+
+### Minor Analysis Improvements
+
+* The "Uncontrolled data used in path expression" query (`cpp/path-injection`) query produces fewer near-duplicate results.
 * The "Global variable may be used before initialization" query (`cpp/global-use-before-init`) no longer raises an alert on global variables that are initialized when they are declared.
-* The "Inconsistent null check of pointer" query (`cpp/inconsistent-nullness-testing`) query no longer raises an alert when the guarded check is in a macro expansion.
+* The "Inconsistent null check of pointer" query (`cpp/inconsistent-nullness-testing`) query no longer raises an alert when the guarded check is in a macro expansion.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.10
+lastReleaseVersion: 0.9.11

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.9.11-dev
+version: 0.9.12-dev
 groups:
   - cpp
   - queries

cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected

@@ -1,11 +1,16 @@
 edges
 | test.c:8:27:8:30 | **argv | test.c:9:23:9:29 | *access to array | provenance |  |
 | test.c:8:27:8:30 | **argv | test.c:31:22:31:28 | *access to array | provenance |  |
-| test.c:8:27:8:30 | **argv | test.c:57:10:57:16 | *access to array | provenance |  |
+| test.c:8:27:8:30 | **argv | test.c:69:14:69:20 | *access to array | provenance |  |
 | test.c:9:23:9:29 | *access to array | test.c:17:11:17:18 | *fileName | provenance | TaintFunction |
 | test.c:31:22:31:28 | *access to array | test.c:32:11:32:18 | *fileName | provenance |  |
 | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | *fileName | provenance |  |
 | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | *fileName | provenance |  |
+| test.c:48:21:48:26 | *call to getenv | test.c:48:21:48:26 | *call to getenv | provenance |  |
+| test.c:48:21:48:26 | *call to getenv | test.c:49:11:49:17 | *tainted | provenance |  |
+| test.c:54:21:54:26 | *call to getenv | test.c:55:11:55:16 | *buffer | provenance | TaintFunction |
+| test.c:74:13:74:18 | read output argument | test.c:76:11:76:16 | *buffer | provenance |  |
+| test.c:75:13:75:18 | read output argument | test.c:76:11:76:16 | *buffer | provenance |  |
 nodes
 | test.c:8:27:8:30 | **argv | semmle.label | **argv |
 | test.c:9:23:9:29 | *access to array | semmle.label | *access to array |
@@ -16,11 +21,23 @@ nodes
 | test.c:38:11:38:18 | *fileName | semmle.label | *fileName |
 | test.c:43:17:43:24 | scanf output argument | semmle.label | scanf output argument |
 | test.c:44:11:44:18 | *fileName | semmle.label | *fileName |
-| test.c:57:10:57:16 | *access to array | semmle.label | *access to array |
+| test.c:48:21:48:26 | *call to getenv | semmle.label | *call to getenv |
+| test.c:48:21:48:26 | *call to getenv | semmle.label | *call to getenv |
+| test.c:49:11:49:17 | *tainted | semmle.label | *tainted |
+| test.c:54:21:54:26 | *call to getenv | semmle.label | *call to getenv |
+| test.c:55:11:55:16 | *buffer | semmle.label | *buffer |
+| test.c:69:14:69:20 | *access to array | semmle.label | *access to array |
+| test.c:74:13:74:18 | read output argument | semmle.label | read output argument |
+| test.c:75:13:75:18 | read output argument | semmle.label | read output argument |
+| test.c:76:11:76:16 | *buffer | semmle.label | *buffer |
 subpaths
 #select
 | test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | **argv | test.c:17:11:17:18 | *fileName | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | **argv | user input (a command-line argument) |
 | test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | **argv | test.c:32:11:32:18 | *fileName | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | **argv | user input (a command-line argument) |
 | test.c:38:11:38:18 | fileName | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | *fileName | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:37:17:37:24 | scanf output argument | user input (value read by scanf) |
 | test.c:44:11:44:18 | fileName | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | *fileName | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:43:17:43:24 | scanf output argument | user input (value read by scanf) |
-| test.c:57:10:57:16 | access to array | test.c:8:27:8:30 | **argv | test.c:57:10:57:16 | *access to array | This argument to a file access function is derived from $@ and then passed to read(fileName), which calls fopen(filename). | test.c:8:27:8:30 | **argv | user input (a command-line argument) |
+| test.c:49:11:49:17 | tainted | test.c:48:21:48:26 | *call to getenv | test.c:49:11:49:17 | *tainted | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:48:21:48:26 | *call to getenv | user input (an environment variable) |
+| test.c:55:11:55:16 | buffer | test.c:54:21:54:26 | *call to getenv | test.c:55:11:55:16 | *buffer | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:54:21:54:26 | *call to getenv | user input (an environment variable) |
+| test.c:69:14:69:20 | access to array | test.c:8:27:8:30 | **argv | test.c:69:14:69:20 | *access to array | This argument to a file access function is derived from $@ and then passed to readFile(fileName), which calls fopen(filename). | test.c:8:27:8:30 | **argv | user input (a command-line argument) |
+| test.c:76:11:76:16 | buffer | test.c:74:13:74:18 | read output argument | test.c:76:11:76:16 | *buffer | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:74:13:74:18 | read output argument | user input (buffer read by read) |
+| test.c:76:11:76:16 | buffer | test.c:75:13:75:18 | read output argument | test.c:76:11:76:16 | *buffer | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:75:13:75:18 | read output argument | user input (buffer read by read) |

cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/stdlib.h

@@ -6,6 +6,7 @@
 typedef struct {} FILE;
 #define FILENAME_MAX 1000
 typedef unsigned long size_t;
+typedef signed long ssize_t;
 
 FILE *fopen(const char *filename, const char *mode);
 int sprintf(char *s, const char *format, ...);
@@ -15,3 +16,4 @@ int scanf(const char *format, ...);
 void *malloc(size_t size);
 double strtod(const char *ptr, char **endptr);
 char *getenv(const char *name);
+ssize_t read(int fd, void *buffer, size_t count);

cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/test.c

@@ -7,7 +7,7 @@
 
 int main(int argc, char** argv) {
   char *userAndFile = argv[2];
-  
+
   {
     char fileBuffer[FILENAME_MAX] = "/home/";
     char *fileName = fileBuffer;
@@ -44,6 +44,18 @@ int main(int argc, char** argv) {
     fopen(fileName, "wb+"); // BAD
   }
 
+  {
+    char *tainted = getenv("A_STRING");
+    fopen(tainted, "wb+"); // BAD
+  }
+
+  {
+    char buffer[1024];
+    strncpy(buffer, getenv("A_STRING"), 1024);
+    fopen(buffer, "wb+"); // BAD
+    fopen(buffer, "wb+"); // (we don't want a duplicate result here)
+  }
+
   {
     char *aNumber = getenv("A_NUMBER");
     double number = strtod(aNumber, 0);
@@ -53,11 +65,18 @@ int main(int argc, char** argv) {
   }
 
   {
-    void read(const char *fileName);
-    read(argv[1]); // BAD
+    void readFile(const char *fileName);
+    readFile(argv[1]); // BAD
+  }
+
+  {
+    char buffer[1024];
+    read(0, buffer, 1024);
+    read(0, buffer, 1024);
+    fopen(buffer, "wb+"); // BAD [duplicated with both sources]
   }
 }
 
-void read(char *fileName) {
+void readFile(char *fileName) {
   fopen(fileName, "wb+");
 }

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.15
+
+No user-facing changes.
+
 ## 1.7.14
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.15.md

@@ -0,0 +1,3 @@
+## 1.7.15
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.14
+lastReleaseVersion: 1.7.15

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.15-dev
+version: 1.7.16-dev
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.15
+
+No user-facing changes.
+
 ## 1.7.14
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.15.md

@@ -0,0 +1,3 @@
+## 1.7.15
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.14
+lastReleaseVersion: 1.7.15

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.15-dev
+version: 1.7.16-dev
 groups:
   - csharp
   - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,15 @@
+## 0.10.0
+
+### Breaking Changes
+
+* Deleted the deprecated `getAssemblyName` predicate from the `Operator` class. Use `getFunctionName` instead.
+* Deleted the deprecated `LShiftOperator`, `RShiftOperator`, `AssignLShiftExpr`, `AssignRShiftExpr`, `LShiftExpr`, and `RShiftExpr` aliases.
+* Deleted the deprecated `getCallableDescription` predicate from the `ExternalApiDataNode` class. Use `hasQualifiedName` instead.
+
+### Minor Analysis Improvements
+
+* Generated .NET Runtime models for properties with both getters and setters have been removed as this is now handled by the data flow library.
+
 ## 0.9.1
 
 ### Minor Analysis Improvements

csharp/ql/lib/change-notes/2024-04-05-dotnet-runtime-property-models.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Generated .NET Runtime models for properties with both getters and setters have been removed as this is now handled by the data flow library.

csharp/ql/lib/change-notes/released/0.10.0.md

@@ -1,6 +1,11 @@
----
-category: breaking
----
+## 0.10.0
+
+### Breaking Changes
+
 * Deleted the deprecated `getAssemblyName` predicate from the `Operator` class. Use `getFunctionName` instead.
 * Deleted the deprecated `LShiftOperator`, `RShiftOperator`, `AssignLShiftExpr`, `AssignRShiftExpr`, `LShiftExpr`, and `RShiftExpr` aliases.
-* Deleted the deprecated `getCallableDescription` predicate from the `ExternalApiDataNode` class. Use `hasQualifiedName` instead.
+* Deleted the deprecated `getCallableDescription` predicate from the `ExternalApiDataNode` class. Use `hasQualifiedName` instead.
+
+### Minor Analysis Improvements
+
+* Generated .NET Runtime models for properties with both getters and setters have been removed as this is now handled by the data flow library.

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.1
+lastReleaseVersion: 0.10.0

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.9.2-dev
+version: 0.10.1-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.8.15
+
+No user-facing changes.
+
 ## 0.8.14
 
 No user-facing changes.

csharp/ql/src/change-notes/released/0.8.15.md

@@ -0,0 +1,3 @@
+## 0.8.15
+
+No user-facing changes.

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.14
+lastReleaseVersion: 0.8.15

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.15-dev
+version: 0.8.16-dev
 groups:
   - csharp
   - queries

go/BUILD.bazel

@@ -1,132 +0,0 @@
-load("@bazel_skylib//rules:native_binary.bzl", "native_binary")
-load("@gazelle//:def.bzl", "gazelle")
-load("@rules_go//go:def.bzl", "go_cross_binary")
-load("@rules_pkg//pkg:install.bzl", "pkg_install")
-load("@rules_pkg//pkg:mappings.bzl", "pkg_attributes", "pkg_filegroup", "pkg_files")
-load("@rules_pkg//pkg:zip.bzl", "pkg_zip")
-load("//:defs.bzl", "codeql_platform")
-
-# following is needed for running gazelle on macOS
-# see https://github.com/bazelbuild/bazel-gazelle/issues/1793
-go_cross_binary(
-    name = "gazelle-1.21.9",
-    sdk_version = "1.21.9",
-    target = "@gazelle//cmd/gazelle",
-)
-
-gazelle(
-    name = "gazelle",
-    extra_args = ["go/extractor"],
-    gazelle = select({
-        "@platforms//os:macos": ":gazelle-1.21.9",
-        "//conditions:default": "@gazelle//cmd/gazelle",
-    }),
-)
-
-_gen_binaries = [
-    "@rules_go//go",
-    ":gazelle",
-    "//go/extractor/cli/go-gen-dbscheme",
-]
-
-py_binary(
-    name = "gen",
-    srcs = ["gen.py"],
-    args = ["$(rlocationpath %s)" % bin for bin in _gen_binaries],
-    data = _gen_binaries,
-    deps = ["@rules_python//python/runfiles"],
-)
-
-# this is an internal copy of the dbscheme to be used by extractor-pack
-# this allows the extractor-pack target to be independent and up-to-date with respect to
-# having run //go:gen to update the checked in files
-genrule(
-    name = "dbscheme",
-    outs = ["go.dbscheme"],
-    cmd = "$(execpath //go/extractor/cli/go-gen-dbscheme) $@",
-    tools = ["//go/extractor/cli/go-gen-dbscheme"],
-)
-
-pkg_files(
-    name = "resources",
-    srcs = [
-        "LICENSE",
-        "codeql-extractor.yml",
-        "ql/lib/go.dbscheme.stats",
-        ":dbscheme",
-    ],
-)
-
-pkg_filegroup(
-    name = "extractor-pack-generic",
-    srcs = [
-        ":resources",
-        "//go/codeql-tools",
-        "//go/downgrades",
-        "//go/extractor:tokenizer",
-    ],
-    visibility = ["//visibility:public"],
-)
-
-pkg_files(
-    name = "extractor-pack-arch",
-    srcs = [
-        "//go/extractor/cli/go-autobuilder",
-        "//go/extractor/cli/go-bootstrap",
-        "//go/extractor/cli/go-build-runner",
-        "//go/extractor/cli/go-extractor",
-        "//go/extractor/cli/go-gen-dbscheme",
-        "//go/extractor/cli/go-tokenizer",
-    ],
-    attributes = pkg_attributes(mode = "0755"),
-    prefix = "tools/" + codeql_platform,
-    visibility = ["//visibility:public"],
-)
-
-pkg_filegroup(
-    name = "extractor-pack",
-    srcs = [
-        ":extractor-pack-arch",
-        ":extractor-pack-generic",
-    ],
-    visibility = ["//visibility:public"],
-)
-
-pkg_install(
-    name = "_extractor-pack-installer",
-    srcs = [":extractor-pack"],
-)
-
-# rules_pkg installer is currently broken on Windows
-# see https://github.com/bazelbuild/rules_pkg/issues/387
-# for now, work around it using an archive
-pkg_zip(
-    name = "_extractor-pack-zip",
-    srcs = [":extractor-pack"],
-)
-
-alias(
-    name = "_create-extractor-pack-arg",
-    actual = select({
-        "@platforms//os:windows": ":_extractor-pack-zip",
-        "//conditions:default": ":_extractor-pack-installer",
-    }),
-)
-
-py_binary(
-    name = "create-extractor-pack",
-    srcs = ["create_extractor_pack.py"],
-    args = ["$(rlocationpath :_create-extractor-pack-arg)"],
-    data = [":_create-extractor-pack-arg"],
-    main = "create_extractor_pack.py",
-    deps = ["@rules_python//python/runfiles"],
-)
-
-native_binary(
-    name = "gen-dbscheme",
-    src = "//go/extractor/cli/go-gen-dbscheme",
-    out = "go-gen-dbscheme",
-    args = [
-        "$$BUILD_WORKSPACE_DIRECTORY/go/ql/lib/go.dbscheme",
-    ],
-)

go/Makefile

@@ -1,10 +1,30 @@
-all: gen extractor
+all: extractor ql/lib/go.dbscheme
+
+ifeq ($(OS),Windows_NT)
+EXE = .exe
+CODEQL_PLATFORM = win64
+else
+EXE =
+UNAME_S := $(shell uname -s)
+ifeq ($(UNAME_S),Linux)
+CODEQL_PLATFORM = linux64
+endif
+ifeq ($(UNAME_S),Darwin)
+CODEQL_PLATFORM = osx64
+endif
+endif
+
+CODEQL_TOOLS = $(addprefix codeql-tools/,autobuild.cmd autobuild.sh baseline-config-empty.json baseline-config-vendor.json configure-baseline.cmd configure-baseline.sh identify-environment.cmd identify-environment.sh index.cmd index.sh pre-finalize.cmd pre-finalize.sh tracing-config.lua)
 
 EXTRACTOR_PACK_OUT = build/codeql-extractor-go
 
-.PHONY: extractor gen clean autoformat check-formatting
+BINARIES = go-extractor go-tokenizer go-autobuilder go-build-runner go-bootstrap go-gen-dbscheme
+
+.PHONY: tools tools-codeql tools-codeql-full clean autoformat \
+	tools-linux64 tools-osx64 tools-win64 check-formatting
 
 clean:
+	rm -rf tools/bin tools/linux64 tools/osx64 tools/win64 tools/net tools/opencsv
 	rm -rf $(EXTRACTOR_PACK_OUT) build/stats build/testdb
 
 autoformat:
@@ -27,11 +47,66 @@ endif
 qhelp-to-markdown:
 	scripts/qhelp-to-markdown.sh ql/src "$(QHELP_OUT_DIR)"
 
-extractor:
-	bazel run :create-extractor-pack
+tools: tools-codeql tools/tokenizer.jar
 
-gen:
-	bazel run :gen
+.PHONY: $(addsuffix $(EXE),$(addprefix tools/bin/,$(BINARIES)))
+$(addsuffix $(EXE),$(addprefix tools/bin/,$(BINARIES))):
+	go build -C extractor -mod=vendor -o ../$@ ./cli/$(basename $(@F))
+
+tools-codeql: tools-$(CODEQL_PLATFORM)
+
+tools-codeql-full: tools-linux64 tools-osx64 tools-win64
+
+tools-linux64: $(addprefix tools/linux64/,$(BINARIES))
+
+.PHONY: $(addprefix tools/linux64/,$(BINARIES))
+$(addprefix tools/linux64/,$(BINARIES)):
+	GOOS=linux GOARCH=amd64 go build -C extractor -mod=vendor -o ../$@ ./cli/$(@F)
+
+tools-osx64: $(addprefix tools/osx64/,$(BINARIES))
+
+.PHONY: $(addprefix tools/osx64/,$(BINARIES))
+$(addprefix tools/osx64/,$(BINARIES)):
+	GOOS=darwin GOARCH=amd64 go build -C extractor -mod=vendor -o ../$@.amd64 ./cli/$(@F)
+	GOOS=darwin GOARCH=arm64 go build -C extractor -mod=vendor -o ../$@.arm64 ./cli/$(@F)
+	lipo -create $@.amd64 $@.arm64 -output $@
+	rm $@.amd64 $@.arm64
+
+tools-win64: $(addsuffix .exe,$(addprefix tools/win64/,$(BINARIES)))
+
+.PHONY: $(addsuffix .exe,$(addprefix tools/win64/,$(BINARIES)))
+$(addsuffix .exe,$(addprefix tools/win64/,$(BINARIES))):
+	env GOOS=windows GOARCH=amd64 go build -C extractor -mod=vendor -o ../$@ ./cli/$(basename $(@F))
+
+.PHONY: extractor-common extractor extractor-full
+extractor-common: codeql-extractor.yml LICENSE ql/lib/go.dbscheme \
+	tools/tokenizer.jar $(CODEQL_TOOLS)
+	rm -rf $(EXTRACTOR_PACK_OUT)
+	mkdir -p $(EXTRACTOR_PACK_OUT)
+	cp codeql-extractor.yml LICENSE ql/lib/go.dbscheme ql/lib/go.dbscheme.stats $(EXTRACTOR_PACK_OUT)
+	mkdir $(EXTRACTOR_PACK_OUT)/tools
+	cp -r tools/tokenizer.jar $(CODEQL_TOOLS) $(EXTRACTOR_PACK_OUT)/tools
+	cp -r downgrades $(EXTRACTOR_PACK_OUT)
+
+extractor: extractor-common tools-codeql
+	cp -r tools/$(CODEQL_PLATFORM) $(EXTRACTOR_PACK_OUT)/tools
+
+extractor-full: extractor-common tools-codeql-full
+	cp -r $(addprefix tools/,linux64 osx64 win64) $(EXTRACTOR_PACK_OUT)/tools
+
+tools/tokenizer.jar: tools/net/sourceforge/pmd/cpd/GoLanguage.class
+	jar cf $@ -C tools net
+	jar uf $@ -C tools opencsv
+
+tools/net/sourceforge/pmd/cpd/GoLanguage.class: extractor/net/sourceforge/pmd/cpd/GoLanguage.java
+	javac -cp extractor -d tools $<
+	rm tools/net/sourceforge/pmd/cpd/AbstractLanguage.class
+	rm tools/net/sourceforge/pmd/cpd/SourceCode.class
+	rm tools/net/sourceforge/pmd/cpd/TokenEntry.class
+	rm tools/net/sourceforge/pmd/cpd/Tokenizer.class
+
+ql/lib/go.dbscheme: tools/$(CODEQL_PLATFORM)/go-gen-dbscheme$(EXE)
+	$< $@
 
 build/stats/src.stamp:
 	mkdir -p $(@D)/src
@@ -48,7 +123,7 @@ test: all build/testdb/check-upgrade-path
 	codeql test run -j0 ql/test --search-path build/codeql-extractor-go --consistency-queries ql/test/consistency --compilation-cache=$(cache)
 #	use GOOS=linux because GOOS=darwin GOARCH=386 is no longer supported
 	env GOOS=linux GOARCH=386 codeql$(EXE) test run -j0 ql/test/query-tests/Security/CWE-681 --search-path build/codeql-extractor-go --consistency-queries ql/test/consistency --compilation-cache=$(cache)
-	cd extractor; bazel test ...
+	cd extractor; go test -mod=vendor ./...
 	bash extractor-smoke-test/test.sh || (echo "Extractor smoke test FAILED"; exit 1)
 
 .PHONY: build/testdb/check-upgrade-path

go/actions/test/action.yml

@@ -1,80 +0,0 @@
-name: Test go extractor
-description: Run build, QL tests and optionally basic code sanity checks (formatting and generation)
-inputs:
-  run-code-checks:
-    description: Whether to run formatting, code and qhelp generation checks
-    required: false
-    default: false
-runs:
-  using: composite
-  steps:
-    - name: Get go version
-      shell: bash
-      run: |
-        (
-          echo -n "GO_VERSION="
-          bazel run @rules_go//go -- version | sed 's/go version go\(.*\) .*/\1/'
-        ) | tee -a "$GITHUB_ENV"
-
-    - name: Set up Go
-      uses: actions/setup-go@v5
-      with:
-        go-version: ${{ env.GO_VERSION }}
-        cache: false
-      id: go
-
-    - name: Set up CodeQL CLI
-      uses: ./.github/actions/fetch-codeql
-
-    - name: Enable problem matchers in repository
-      shell: bash
-      run: 'find .github/problem-matchers -name \*.json -exec echo "::add-matcher::{}" \;'
-
-    - name: Build
-      shell: bash
-      run: |
-        bazel run go:create-extractor-pack
-
-    - name: Check that all Go code is autoformatted
-      if: inputs.run-code-checks == 'true'
-      shell: bash
-      run: |
-          cd go
-          make check-formatting
-
-    - name: Check checked-in generated code
-      if: inputs.run-code-checks == 'true'
-      shell: bash
-      run: |
-        bazel run go:gen
-        git add .
-        git diff --exit-code HEAD || (
-          echo "please run bazel run //go:gen"
-          exit 1
-        )
-
-    - name: Compile qhelp files to markdown
-      if: inputs.run-code-checks == 'true'
-      shell: bash
-      run: |
-        cd go
-        env QHELP_OUT_DIR=qhelp-out make qhelp-to-markdown
-
-    - name: Upload qhelp markdown
-      if: inputs.run-code-checks == 'true'
-      uses: actions/upload-artifact@v3
-      with:
-        name: qhelp-markdown
-        path: go/qhelp-out/**/*.md
-
-    - name: Cache compilation cache
-      id: query-cache
-      uses: ./.github/actions/cache-query-compilation
-      with:
-        key: go-qltest
-
-    - name: Test
-      shell: bash
-      run: |
-        cd go
-        make test cache="${{ steps.query-cache.outputs.cache-dir }}"

go/codeql-tools/BUILD.bazel

@@ -1,28 +0,0 @@
-load("@rules_pkg//pkg:mappings.bzl", "pkg_attributes", "pkg_filegroup", "pkg_files")
-
-pkg_files(
-    name = "executables",
-    srcs = glob(["*.sh"]),
-    attributes = pkg_attributes(mode = "0755"),
-)
-
-pkg_files(
-    name = "non-executables",
-    srcs = glob(
-        ["*"],
-        exclude = [
-            "*.sh",
-            "BUILD.bazel",
-        ],
-    ),
-)
-
-pkg_filegroup(
-    name = "codeql-tools",
-    srcs = [
-        ":executables",
-        ":non-executables",
-    ],
-    prefix = "tools",
-    visibility = ["//go:__pkg__"],
-)

go/create_extractor_pack.py

@@ -1,26 +0,0 @@
-import os
-import pathlib
-import shutil
-import sys
-import subprocess
-import zipfile
-from python.runfiles import runfiles
-
-try:
-    workspace_dir = pathlib.Path(os.environ['BUILD_WORKSPACE_DIRECTORY'])
-except KeyError:
-    print("this should be run with bazel run", file=sys.stderr)
-    sys.exit(1)
-
-dest_dir = workspace_dir / 'go' / 'build' / 'codeql-extractor-go'
-installer_or_zip = pathlib.Path(runfiles.Create().Rlocation(sys.argv[1]))
-
-shutil.rmtree(dest_dir, ignore_errors=True)
-
-if installer_or_zip.suffix == '.zip':
-    dest_dir.mkdir()
-    with zipfile.ZipFile(installer_or_zip) as pack:
-        pack.extractall(dest_dir)
-else:
-    os.environ['DESTDIR'] = str(dest_dir)
-    subprocess.check_call([installer_or_zip])

go/downgrades/BUILD.bazel

@@ -1,12 +0,0 @@
-load("@rules_pkg//pkg:mappings.bzl", "pkg_files", "strip_prefix")
-
-pkg_files(
-    name = "downgrades",
-    srcs = glob(
-        ["**"],
-        exclude = ["BUILD.bazel"],
-    ),
-    prefix = "downgrades",
-    strip_prefix = strip_prefix.from_pkg(),
-    visibility = ["//go:__pkg__"],
-)

go/extractor/.gitattributes

@@ -1 +0,0 @@
-/*/**/BUILD.bazel linguist-generated=true

go/extractor/BUILD.bazel

@@ -1,55 +0,0 @@
-load("@rules_go//go:def.bzl", "go_library")
-load("@rules_pkg//pkg:mappings.bzl", "pkg_files")
-
-# gazelle:prefix github.com/github/codeql-go/extractor
-# gazelle:map_kind go_binary codeql_go_binary //go:rules.bzl
-
-go_library(
-    name = "extractor",
-    srcs = [
-        "extractor.go",
-        "gomodextractor.go",
-        "semaphore.go",
-    ],
-    importpath = "github.com/github/codeql-go/extractor",
-    visibility = ["//visibility:public"],
-    deps = [
-        "//go/extractor/dbscheme",
-        "//go/extractor/diagnostics",
-        "//go/extractor/srcarchive",
-        "//go/extractor/trap",
-        "//go/extractor/util",
-        "//go/extractor/vendor/golang.org/x/mod/modfile",
-        "//go/extractor/vendor/golang.org/x/tools/go/packages",
-    ],
-)
-
-java_library(
-    name = "tokenizer-deps",
-    srcs = [
-        "net/sourceforge/pmd/cpd/AbstractLanguage.java",
-        "net/sourceforge/pmd/cpd/SourceCode.java",
-        "net/sourceforge/pmd/cpd/TokenEntry.java",
-        "net/sourceforge/pmd/cpd/Tokenizer.java",
-    ],
-)
-
-java_library(
-    name = "tokenizer-jar",
-    srcs = [
-        "net/sourceforge/pmd/cpd/GoLanguage.java",
-        "opencsv/CSVParser.java",
-        "opencsv/CSVReader.java",
-    ],
-    deps = [":tokenizer-deps"],
-)
-
-pkg_files(
-    name = "tokenizer",
-    srcs = [":tokenizer-jar"],
-    prefix = "tools",
-    renames = {
-        ":tokenizer-jar": "tokenizer.jar",
-    },
-    visibility = ["//go:__pkg__"],
-)

go/extractor/autobuilder/BUILD.bazel

@@ -1,26 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "autobuilder",
-    srcs = [
-        "autobuilder.go",
-        "build-environment.go",
-    ],
-    importpath = "github.com/github/codeql-go/extractor/autobuilder",
-    visibility = ["//visibility:public"],
-    deps = [
-        "//go/extractor/diagnostics",
-        "//go/extractor/project",
-        "//go/extractor/toolchain",
-        "//go/extractor/util",
-        "//go/extractor/vendor/golang.org/x/mod/semver",
-    ],
-)
-
-go_test(
-    name = "autobuilder_test",
-    srcs = ["build-environment_test.go"],
-    embed = [":autobuilder"],
-)

go/extractor/cli/go-autobuilder/BUILD.bazel

@@ -1,25 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-load("//go:rules.bzl", "codeql_go_binary")
-
-go_library(
-    name = "go-autobuilder_lib",
-    srcs = ["go-autobuilder.go"],
-    importpath = "github.com/github/codeql-go/extractor/cli/go-autobuilder",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//go/extractor/autobuilder",
-        "//go/extractor/diagnostics",
-        "//go/extractor/project",
-        "//go/extractor/toolchain",
-        "//go/extractor/util",
-        "//go/extractor/vendor/golang.org/x/mod/semver",
-    ],
-)
-
-codeql_go_binary(
-    name = "go-autobuilder",
-    embed = [":go-autobuilder_lib"],
-    visibility = ["//visibility:public"],
-)

go/extractor/cli/go-bootstrap/BUILD.bazel

@@ -1,17 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-load("//go:rules.bzl", "codeql_go_binary")
-
-go_library(
-    name = "go-bootstrap_lib",
-    srcs = ["go-bootstrap.go"],
-    importpath = "github.com/github/codeql-go/extractor/cli/go-bootstrap",
-    visibility = ["//visibility:private"],
-)
-
-codeql_go_binary(
-    name = "go-bootstrap",
-    embed = [":go-bootstrap_lib"],
-    visibility = ["//visibility:public"],
-)

go/extractor/cli/go-build-runner/BUILD.bazel

@@ -1,21 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-load("//go:rules.bzl", "codeql_go_binary")
-
-go_library(
-    name = "go-build-runner_lib",
-    srcs = ["go-build-runner.go"],
-    importpath = "github.com/github/codeql-go/extractor/cli/go-build-runner",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//go/extractor/autobuilder",
-        "//go/extractor/util",
-    ],
-)
-
-codeql_go_binary(
-    name = "go-build-runner",
-    embed = [":go-build-runner_lib"],
-    visibility = ["//visibility:public"],
-)

go/extractor/cli/go-extractor/BUILD.bazel

@@ -1,21 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-load("//go:rules.bzl", "codeql_go_binary")
-
-go_library(
-    name = "go-extractor_lib",
-    srcs = ["go-extractor.go"],
-    importpath = "github.com/github/codeql-go/extractor/cli/go-extractor",
-    visibility = ["//visibility:private"],
-    deps = [
-        "//go/extractor",
-        "//go/extractor/diagnostics",
-    ],
-)
-
-codeql_go_binary(
-    name = "go-extractor",
-    embed = [":go-extractor_lib"],
-    visibility = ["//visibility:public"],
-)

go/extractor/cli/go-gen-dbscheme/BUILD.bazel

@@ -1,18 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-load("//go:rules.bzl", "codeql_go_binary")
-
-go_library(
-    name = "go-gen-dbscheme_lib",
-    srcs = ["go-gen-dbscheme.go"],
-    importpath = "github.com/github/codeql-go/extractor/cli/go-gen-dbscheme",
-    visibility = ["//visibility:private"],
-    deps = ["//go/extractor/dbscheme"],
-)
-
-codeql_go_binary(
-    name = "go-gen-dbscheme",
-    embed = [":go-gen-dbscheme_lib"],
-    visibility = ["//visibility:public"],
-)

go/extractor/cli/go-tokenizer/BUILD.bazel

@@ -1,17 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-load("//go:rules.bzl", "codeql_go_binary")
-
-go_library(
-    name = "go-tokenizer_lib",
-    srcs = ["go-tokenizer.go"],
-    importpath = "github.com/github/codeql-go/extractor/cli/go-tokenizer",
-    visibility = ["//visibility:private"],
-)
-
-codeql_go_binary(
-    name = "go-tokenizer",
-    embed = [":go-tokenizer_lib"],
-    visibility = ["//visibility:public"],
-)

go/extractor/dbscheme/BUILD.bazel

@@ -1,17 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "dbscheme",
-    srcs = [
-        "dbscheme.go",
-        "tables.go",
-    ],
-    importpath = "github.com/github/codeql-go/extractor/dbscheme",
-    visibility = ["//visibility:public"],
-    deps = [
-        "//go/extractor/trap",
-        "//go/extractor/vendor/golang.org/x/tools/go/packages",
-    ],
-)

go/extractor/diagnostics/BUILD.bazel

@@ -1,10 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "diagnostics",
-    srcs = ["diagnostics.go"],
-    importpath = "github.com/github/codeql-go/extractor/diagnostics",
-    visibility = ["//visibility:public"],
-)

go/extractor/project/BUILD.bazel

@@ -1,24 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "project",
-    srcs = ["project.go"],
-    importpath = "github.com/github/codeql-go/extractor/project",
-    visibility = ["//visibility:public"],
-    deps = [
-        "//go/extractor/diagnostics",
-        "//go/extractor/toolchain",
-        "//go/extractor/util",
-        "//go/extractor/vendor/golang.org/x/mod/modfile",
-        "//go/extractor/vendor/golang.org/x/mod/semver",
-    ],
-)
-
-go_test(
-    name = "project_test",
-    srcs = ["project_test.go"],
-    embed = [":project"],
-    deps = ["//go/extractor/vendor/golang.org/x/mod/modfile"],
-)

go/extractor/srcarchive/BUILD.bazel

@@ -1,19 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "srcarchive",
-    srcs = [
-        "projectlayout.go",
-        "srcarchive.go",
-    ],
-    importpath = "github.com/github/codeql-go/extractor/srcarchive",
-    visibility = ["//visibility:public"],
-)
-
-go_test(
-    name = "srcarchive_test",
-    srcs = ["projectlayout_test.go"],
-    embed = [":srcarchive"],
-)

go/extractor/toolchain/BUILD.bazel

@@ -1,20 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "toolchain",
-    srcs = ["toolchain.go"],
-    importpath = "github.com/github/codeql-go/extractor/toolchain",
-    visibility = ["//visibility:public"],
-    deps = [
-        "//go/extractor/util",
-        "//go/extractor/vendor/golang.org/x/mod/semver",
-    ],
-)
-
-go_test(
-    name = "toolchain_test",
-    srcs = ["toolchain_test.go"],
-    embed = [":toolchain"],
-)

go/extractor/trap/BUILD.bazel

@@ -1,25 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "trap",
-    srcs = [
-        "labels.go",
-        "trapwriter.go",
-        "util.go",
-    ],
-    importpath = "github.com/github/codeql-go/extractor/trap",
-    visibility = ["//visibility:public"],
-    deps = [
-        "//go/extractor/srcarchive",
-        "//go/extractor/util",
-        "//go/extractor/vendor/golang.org/x/tools/go/packages",
-    ],
-)
-
-go_test(
-    name = "trap_test",
-    srcs = ["trapwriter_test.go"],
-    embed = [":trap"],
-)

go/extractor/util/BUILD.bazel

@@ -1,16 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library", "go_test")
-
-go_library(
-    name = "util",
-    srcs = ["util.go"],
-    importpath = "github.com/github/codeql-go/extractor/util",
-    visibility = ["//visibility:public"],
-)
-
-go_test(
-    name = "util_test",
-    srcs = ["util_test.go"],
-    embed = [":util"],
-)

go/extractor/vendor/golang.org/x/mod/internal/lazyregexp/BUILD.bazel

@@ -1,11 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "lazyregexp",
-    srcs = ["lazyre.go"],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/mod/internal/lazyregexp",
-    importpath = "golang.org/x/mod/internal/lazyregexp",
-    visibility = ["//go/extractor/vendor/golang.org/x/mod:__subpackages__"],
-)

go/extractor/vendor/golang.org/x/mod/modfile/BUILD.bazel

@@ -1,21 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "modfile",
-    srcs = [
-        "print.go",
-        "read.go",
-        "rule.go",
-        "work.go",
-    ],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/mod/modfile",
-    importpath = "golang.org/x/mod/modfile",
-    visibility = ["//visibility:public"],
-    deps = [
-        "//go/extractor/vendor/golang.org/x/mod/internal/lazyregexp",
-        "//go/extractor/vendor/golang.org/x/mod/module",
-        "//go/extractor/vendor/golang.org/x/mod/semver",
-    ],
-)

go/extractor/vendor/golang.org/x/mod/module/BUILD.bazel

@@ -1,18 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "module",
-    srcs = [
-        "module.go",
-        "pseudo.go",
-    ],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/mod/module",
-    importpath = "golang.org/x/mod/module",
-    visibility = ["//visibility:public"],
-    deps = [
-        "//go/extractor/vendor/golang.org/x/mod/internal/lazyregexp",
-        "//go/extractor/vendor/golang.org/x/mod/semver",
-    ],
-)

go/extractor/vendor/golang.org/x/mod/semver/BUILD.bazel

@@ -1,11 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "semver",
-    srcs = ["semver.go"],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/mod/semver",
-    importpath = "golang.org/x/mod/semver",
-    visibility = ["//visibility:public"],
-)

go/extractor/vendor/golang.org/x/tools/go/gcexportdata/BUILD.bazel

@@ -1,15 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "gcexportdata",
-    srcs = [
-        "gcexportdata.go",
-        "importer.go",
-    ],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/go/gcexportdata",
-    importpath = "golang.org/x/tools/go/gcexportdata",
-    visibility = ["//visibility:public"],
-    deps = ["//go/extractor/vendor/golang.org/x/tools/internal/gcimporter"],
-)

go/extractor/vendor/golang.org/x/tools/go/internal/packagesdriver/BUILD.bazel

@@ -1,12 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "packagesdriver",
-    srcs = ["sizes.go"],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/go/internal/packagesdriver",
-    importpath = "golang.org/x/tools/go/internal/packagesdriver",
-    visibility = ["//go/extractor/vendor/golang.org/x/tools/go:__subpackages__"],
-    deps = ["//go/extractor/vendor/golang.org/x/tools/internal/gocommand"],
-)

go/extractor/vendor/golang.org/x/tools/go/packages/BUILD.bazel

@@ -1,27 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "packages",
-    srcs = [
-        "doc.go",
-        "external.go",
-        "golist.go",
-        "golist_overlay.go",
-        "loadmode_string.go",
-        "packages.go",
-        "visit.go",
-    ],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/go/packages",
-    importpath = "golang.org/x/tools/go/packages",
-    visibility = ["//visibility:public"],
-    deps = [
-        "//go/extractor/vendor/golang.org/x/tools/go/gcexportdata",
-        "//go/extractor/vendor/golang.org/x/tools/go/internal/packagesdriver",
-        "//go/extractor/vendor/golang.org/x/tools/internal/gocommand",
-        "//go/extractor/vendor/golang.org/x/tools/internal/packagesinternal",
-        "//go/extractor/vendor/golang.org/x/tools/internal/typesinternal",
-        "//go/extractor/vendor/golang.org/x/tools/internal/versions",
-    ],
-)

go/extractor/vendor/golang.org/x/tools/go/types/objectpath/BUILD.bazel

@@ -1,12 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "objectpath",
-    srcs = ["objectpath.go"],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/go/types/objectpath",
-    importpath = "golang.org/x/tools/go/types/objectpath",
-    visibility = ["//visibility:public"],
-    deps = ["//go/extractor/vendor/golang.org/x/tools/internal/typeparams"],
-)

go/extractor/vendor/golang.org/x/tools/internal/event/BUILD.bazel

@@ -1,19 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "event",
-    srcs = [
-        "doc.go",
-        "event.go",
-    ],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/internal/event",
-    importpath = "golang.org/x/tools/internal/event",
-    visibility = ["//go/extractor/vendor/golang.org/x/tools:__subpackages__"],
-    deps = [
-        "//go/extractor/vendor/golang.org/x/tools/internal/event/core",
-        "//go/extractor/vendor/golang.org/x/tools/internal/event/keys",
-        "//go/extractor/vendor/golang.org/x/tools/internal/event/label",
-    ],
-)

go/extractor/vendor/golang.org/x/tools/internal/event/core/BUILD.bazel

@@ -1,19 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "core",
-    srcs = [
-        "event.go",
-        "export.go",
-        "fast.go",
-    ],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/internal/event/core",
-    importpath = "golang.org/x/tools/internal/event/core",
-    visibility = ["//go/extractor/vendor/golang.org/x/tools:__subpackages__"],
-    deps = [
-        "//go/extractor/vendor/golang.org/x/tools/internal/event/keys",
-        "//go/extractor/vendor/golang.org/x/tools/internal/event/label",
-    ],
-)

go/extractor/vendor/golang.org/x/tools/internal/event/keys/BUILD.bazel

@@ -1,16 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "keys",
-    srcs = [
-        "keys.go",
-        "standard.go",
-        "util.go",
-    ],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/internal/event/keys",
-    importpath = "golang.org/x/tools/internal/event/keys",
-    visibility = ["//go/extractor/vendor/golang.org/x/tools:__subpackages__"],
-    deps = ["//go/extractor/vendor/golang.org/x/tools/internal/event/label"],
-)

go/extractor/vendor/golang.org/x/tools/internal/event/label/BUILD.bazel

@@ -1,11 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "label",
-    srcs = ["label.go"],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/internal/event/label",
-    importpath = "golang.org/x/tools/internal/event/label",
-    visibility = ["//go/extractor/vendor/golang.org/x/tools:__subpackages__"],
-)

go/extractor/vendor/golang.org/x/tools/internal/event/tag/BUILD.bazel

@@ -1,12 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "tag",
-    srcs = ["tag.go"],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/internal/event/tag",
-    importpath = "golang.org/x/tools/internal/event/tag",
-    visibility = ["//go/extractor/vendor/golang.org/x/tools:__subpackages__"],
-    deps = ["//go/extractor/vendor/golang.org/x/tools/internal/event/keys"],
-)

go/extractor/vendor/golang.org/x/tools/internal/gcimporter/BUILD.bazel

@@ -1,29 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "gcimporter",
-    srcs = [
-        "bimport.go",
-        "exportdata.go",
-        "gcimporter.go",
-        "iexport.go",
-        "iimport.go",
-        "newInterface10.go",
-        "newInterface11.go",
-        "support_go117.go",
-        "support_go118.go",
-        "unified_no.go",
-        "ureader_no.go",
-        "ureader_yes.go",
-    ],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/internal/gcimporter",
-    importpath = "golang.org/x/tools/internal/gcimporter",
-    visibility = ["//go/extractor/vendor/golang.org/x/tools:__subpackages__"],
-    deps = [
-        "//go/extractor/vendor/golang.org/x/tools/go/types/objectpath",
-        "//go/extractor/vendor/golang.org/x/tools/internal/pkgbits",
-        "//go/extractor/vendor/golang.org/x/tools/internal/tokeninternal",
-    ],
-)

go/extractor/vendor/golang.org/x/tools/internal/gocommand/BUILD.bazel

@@ -1,22 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "gocommand",
-    srcs = [
-        "invoke.go",
-        "vendor.go",
-        "version.go",
-    ],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/internal/gocommand",
-    importpath = "golang.org/x/tools/internal/gocommand",
-    visibility = ["//go/extractor/vendor/golang.org/x/tools:__subpackages__"],
-    deps = [
-        "//go/extractor/vendor/golang.org/x/mod/semver",
-        "//go/extractor/vendor/golang.org/x/tools/internal/event",
-        "//go/extractor/vendor/golang.org/x/tools/internal/event/keys",
-        "//go/extractor/vendor/golang.org/x/tools/internal/event/label",
-        "//go/extractor/vendor/golang.org/x/tools/internal/event/tag",
-    ],
-)

go/extractor/vendor/golang.org/x/tools/internal/packagesinternal/BUILD.bazel

@@ -1,11 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "packagesinternal",
-    srcs = ["packages.go"],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/internal/packagesinternal",
-    importpath = "golang.org/x/tools/internal/packagesinternal",
-    visibility = ["//go/extractor/vendor/golang.org/x/tools:__subpackages__"],
-)

go/extractor/vendor/golang.org/x/tools/internal/pkgbits/BUILD.bazel

@@ -1,23 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "pkgbits",
-    srcs = [
-        "codes.go",
-        "decoder.go",
-        "doc.go",
-        "encoder.go",
-        "flags.go",
-        "frames_go1.go",
-        "frames_go17.go",
-        "reloc.go",
-        "support.go",
-        "sync.go",
-        "syncmarker_string.go",
-    ],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/internal/pkgbits",
-    importpath = "golang.org/x/tools/internal/pkgbits",
-    visibility = ["//go/extractor/vendor/golang.org/x/tools:__subpackages__"],
-)

go/extractor/vendor/golang.org/x/tools/internal/tokeninternal/BUILD.bazel

@@ -1,11 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "tokeninternal",
-    srcs = ["tokeninternal.go"],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/internal/tokeninternal",
-    importpath = "golang.org/x/tools/internal/tokeninternal",
-    visibility = ["//go/extractor/vendor/golang.org/x/tools:__subpackages__"],
-)

go/extractor/vendor/golang.org/x/tools/internal/typeparams/BUILD.bazel

@@ -1,17 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "typeparams",
-    srcs = [
-        "common.go",
-        "coretype.go",
-        "normalize.go",
-        "termlist.go",
-        "typeterm.go",
-    ],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/internal/typeparams",
-    importpath = "golang.org/x/tools/internal/typeparams",
-    visibility = ["//go/extractor/vendor/golang.org/x/tools:__subpackages__"],
-)

go/extractor/vendor/golang.org/x/tools/internal/typesinternal/BUILD.bazel

@@ -1,16 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "typesinternal",
-    srcs = [
-        "errorcode.go",
-        "errorcode_string.go",
-        "types.go",
-        "types_118.go",
-    ],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/internal/typesinternal",
-    importpath = "golang.org/x/tools/internal/typesinternal",
-    visibility = ["//go/extractor/vendor/golang.org/x/tools:__subpackages__"],
-)

go/extractor/vendor/golang.org/x/tools/internal/versions/BUILD.bazel

@@ -1,17 +0,0 @@
-# generated running `bazel run //go/gazelle`, do not edit
-
-load("@rules_go//go:def.bzl", "go_library")
-
-go_library(
-    name = "versions",
-    srcs = [
-        "gover.go",
-        "types.go",
-        "types_go121.go",
-        "types_go122.go",
-        "versions.go",
-    ],
-    importmap = "github.com/github/codeql-go/extractor/vendor/golang.org/x/tools/internal/versions",
-    importpath = "golang.org/x/tools/internal/versions",
-    visibility = ["//go/extractor/vendor/golang.org/x/tools:__subpackages__"],
-)

go/extractor/vendor/modules.txt

@@ -1,4 +1,3 @@
-## workspace
 # golang.org/x/mod v0.15.0
 ## explicit; go 1.18
 golang.org/x/mod/internal/lazyregexp

go/gen.py

@@ -1,33 +0,0 @@
-import sys
-import pathlib
-import subprocess
-import os
-from python.runfiles import runfiles
-
-try:
-    workspace_dir = pathlib.Path(os.environ['BUILD_WORKSPACE_DIRECTORY'])
-except KeyError:
-    print("this should be run with bazel run", file=sys.stderr)
-    sys.exit(1)
-
-go_extractor_dir = workspace_dir / "go" / "extractor"
-go_dbscheme = workspace_dir / "go" / "ql" / "lib" / "go.dbscheme"
-r = runfiles.Create()
-go, gazelle, go_gen_dbscheme = map(r.Rlocation, sys.argv[1:])
-
-print("updating vendor")
-subprocess.check_call([go, "-C", go_extractor_dir, "work", "vendor"])
-
-print("clearing generated BUILD files")
-for build_file in go_extractor_dir.glob("*/**/BUILD.bazel"):
-    build_file.unlink()
-
-print("running gazelle")
-subprocess.check_call([gazelle])
-
-print("adding header to generated BUILD files")
-for build_file in go_extractor_dir.glob("*/**/BUILD.bazel"):
-    contents = build_file.read_text()
-    build_file.write_text(f"# generated running `bazel run //go/gazelle`, do not edit\n\n{contents}")
-
-subprocess.check_call([go_gen_dbscheme, go_dbscheme])

go/ql/consistency-queries/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.0.14
+
+No user-facing changes.
+
 ## 0.0.13
 
 No user-facing changes.

go/ql/consistency-queries/change-notes/released/0.0.14.md

@@ -0,0 +1,3 @@
+## 0.0.14
+
+No user-facing changes.

go/ql/consistency-queries/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.13
+lastReleaseVersion: 0.0.14

go/ql/consistency-queries/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 0.0.14-dev
+version: 0.0.15-dev
 groups:
   - go
   - queries

go/ql/lib/CHANGELOG.md

@@ -1,3 +1,14 @@
+## 0.8.0
+
+### Breaking Changes
+
+* Deleted the deprecated `CsvRemoteSource` alias. Use `MaDRemoteSource` instead.
+
+### Deprecated APIs
+
+* To make Go consistent with other language libraries, the `UntrustedFlowSource` name has been deprecated throughout. Use `RemoteFlowSource` instead, which replaces it. 
+* Where modules have classes named `UntrustedFlowAsSource`, these are also deprecated and the `Source` class in the same module or the `RemoteFlowSource` class should be used instead.
+
 ## 0.7.14
 
 ### Minor Analysis Improvements

go/ql/lib/change-notes/2024-04-26-outdated-deprecations.md

@@ -1,4 +0,0 @@
----
-category: breaking
----
-* Deleted the deprecated `CsvRemoteSource` alias. Use `MaDRemoteSource` instead.

go/ql/lib/change-notes/released/0.8.0.md

@@ -1,5 +1,10 @@
----
-category: deprecated
----
+## 0.8.0
+
+### Breaking Changes
+
+* Deleted the deprecated `CsvRemoteSource` alias. Use `MaDRemoteSource` instead.
+
+### Deprecated APIs
+
 * To make Go consistent with other language libraries, the `UntrustedFlowSource` name has been deprecated throughout. Use `RemoteFlowSource` instead, which replaces it. 
 * Where modules have classes named `UntrustedFlowAsSource`, these are also deprecated and the `Source` class in the same module or the `RemoteFlowSource` class should be used instead.

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.14
+lastReleaseVersion: 0.8.0

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.15-dev
+version: 0.8.1-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/src/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 0.7.15
+
+### Minor Analysis Improvements
+
+* The query `go/incomplete-hostname-regexp` now recognizes more sources involving concatenation of string literals and also follows flow through string concatenation. This may lead to more alerts.
+* Added some more barriers to flow for `go/incorrect-integer-conversion` to reduce false positives, especially around type switches.
+
 ## 0.7.14
 
 No user-facing changes.

go/ql/src/change-notes/2024-04-17-incorrect-integer-conversion-barriers.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added some more barriers to flow for `go/incorrect-integer-conversion` to reduce false positives, especially around type switches.

go/ql/src/change-notes/released/0.7.15.md

@@ -1,4 +1,6 @@
----
-category: minorAnalysis
----
+## 0.7.15
+
+### Minor Analysis Improvements
+
 * The query `go/incomplete-hostname-regexp` now recognizes more sources involving concatenation of string literals and also follows flow through string concatenation. This may lead to more alerts.
+* Added some more barriers to flow for `go/incorrect-integer-conversion` to reduce false positives, especially around type switches.

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.14
+lastReleaseVersion: 0.7.15

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.15-dev
+version: 0.7.16-dev
 groups:
   - go
   - queries

go/rules.bzl

@@ -1,5 +0,0 @@
-load("@rules_go//go:def.bzl", "go_binary")
-load("//misc/bazel:universal_binary.bzl", "wrap_as_universal_binary")
-
-def codeql_go_binary(**kwargs):
-    wrap_as_universal_binary(go_binary, **kwargs)

java/ql/automodel/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.0.22
+
+No user-facing changes.
+
 ## 0.0.21
 
 No user-facing changes.