Update immutable_actions.yml

Add all of the codeql-action actions.

actions/extractor/BUILD.bazel

@@ -5,8 +5,7 @@ codeql_pkg_files(
     srcs = [
         "codeql-extractor.yml",
         "//:LICENSE",
-    ],
-    exes = glob(["tools/**"]),
+    ] + glob(["tools/**"]),
     strip_prefix = strip_prefix.from_pkg(),
     visibility = ["//actions:__pkg__"],
 )

actions/ql/extensions/immutable-actions-list/ext/immutable_actions.yml

@@ -1,28 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/actions-all
-      extensible: immutableActionsDataModel
-    data:
-      - ["actions/checkout"]
-      - ["actions/cache"]
-      - ["actions/setup-node"]
-      - ["actions/upload-artifact"]
-      - ["actions/setup-python"]
-      - ["actions/download-artifact"]
-      - ["actions/github-script"]
-      - ["actions/setup-java"]
-      - ["actions/setup-go"]
-      - ["actions/upload-pages-artifact"]
-      - ["actions/deploy-pages"]
-      - ["actions/setup-dotnet"]
-      - ["actions/stale"]
-      - ["actions/labeler"]
-      - ["actions/create-github-app-token"]
-      - ["actions/configure-pages"]
-      - ["github/codeql-action/analyze"]
-      - ["github/codeql-action/autobuild"]
-      - ["github/codeql-action/init"]
-      - ["github/codeql-action/resolve-environment"]
-      - ["github/codeql-action/start-proxy"]
-      - ["github/codeql-action/upload-sarif"]
-      - ["octokit/request-action"]

actions/ql/extensions/immutable-actions-list/qlpack.yml

@@ -1,14 +0,0 @@
-# Model pack containing the list of known immutable actions. The Immutable Actions feature is not
-# yet released, so this pack will only be used within GitHub. Once the feature is available to
-# customers, we will move the contents of this pack back into the standard library pack.
-name: codeql/immutable-actions-list
-version: 0.0.1-dev
-library: true
-warnOnImplicitThis: true
-extensionTargets:
-  # We expect to need this model pack even after GA of Actions analysis, so make it compatible with
-  # all future prereleases plus 1.x.x. We should be able to remove this back before we need to
-  # bump the major version to 2.
-  codeql/actions-all: ">=0.4.3 <2.0.0"
-dataExtensions:
-- ext/**/*.yml

actions/ql/lib/ext/config/immutable_actions.yml

@@ -2,9 +2,27 @@ extensions:
   - addsTo:
       pack: codeql/actions-all
       extensible: immutableActionsDataModel
-    # Since the Immutable Actions feature is not yet available to customers, we won't alert about
-    # any unversioned immutable action references for now. Within GitHub, we'll include the
-    # `codeql/immutable-actions-list` model pack, which will provide the necessary list of actions
-    # for internal use. Once the feature is available to customers, we'll move that list back into
-    # this file.
-    data: []
+    data:
+      - ["actions/checkout"]
+      - ["actions/cache"]
+      - ["actions/setup-node"]
+      - ["actions/upload-artifact"]
+      - ["actions/setup-python"]
+      - ["actions/download-artifact"]
+      - ["actions/github-script"]
+      - ["actions/setup-java"]
+      - ["actions/setup-go"]
+      - ["actions/upload-pages-artifact"]
+      - ["actions/deploy-pages"]
+      - ["actions/setup-dotnet"]
+      - ["actions/stale"]
+      - ["actions/labeler"]
+      - ["actions/create-github-app-token"]
+      - ["actions/configure-pages"]
+      - ["github/codeql-action/analyze"]
+      - ["github/codeql-action/autobuild"]
+      - ["github/codeql-action/init"]
+      - ["github/codeql-action/resolve-environment"]
+      - ["github/codeql-action/start-proxy"]
+      - ["github/codeql-action/upload-sarif"]
+      - ["octokit/request-action"]

actions/ql/lib/ext/config/trusted_actions_owner.yml

@@ -5,4 +5,4 @@ extensions:
     data:      
       - ["actions"]
       - ["github"]
-      - ["advanced-security"]
+      - ["advanced-security"]

actions/ql/src/change-notes/2025-02-27-immutable-actions-list.md

@@ -1,7 +0,0 @@
----
-category: fix
----
-* The `actions/unversioned-immutable-action` query will no longer report any alerts, since the
-  Immutable Actions feature is not yet available for customer use. The query remains in the
-  default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is
-  available, the query will be updated to report alerts again.

actions/ql/test/qlpack.yml

@@ -3,10 +3,6 @@ groups: [codeql, test]
 dependencies:
   codeql/actions-all: ${workspace}
   codeql/actions-queries: ${workspace}
-  # Use the `immutable-actions-list` model pack so that we have some actual data to test against.
-  # We can remove this dependency when we incorporate the data from that model pack back into the
-  # standard library pack.
-  codeql/immutable-actions-list: ${workspace}
 extractor: actions
 tests: .
 warnOnImplicitThis: true

codeql-workspace.yml

@@ -17,7 +17,7 @@ provide:
   - "misc/legacy-support/*/qlpack.yml"
   - "misc/suite-helpers/qlpack.yml"
   - ".github/codeql/extensions/**/codeql-pack.yml"
-  - "actions/ql/extensions/**/qlpack.yml"
+
 versionPolicies:
   default:
     requireChangeNotes: true

cpp/ql/lib/change-notes/2025-02-20-getbuffersize.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Fixed an issue where the `getBufferSize` predicate in `commons/Buffer.qll` was returning results for references inside `offsetof` expressions, which are not accesses to a buffer.

cpp/ql/lib/change-notes/2025-02-25-getbuffersize.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Modified the `getBufferSize` predicate in `commons/Buffer.qll` to be more tolerant in some cases involving member variables in a larger struct or class.

cpp/ql/lib/semmle/code/cpp/commons/Buffer.qll

@@ -71,7 +71,7 @@ private int getSize(VariableAccess va) {
       result = t.getSize()
     )
     or
-    exists(Class c, int trueSize |
+    exists(Class c |
       // Otherwise, we find the "outermost" object and compute the size
       // as the difference between the size of the type of the "outermost
       // object" and the offset of the field relative to that type.
@@ -91,9 +91,7 @@ private int getSize(VariableAccess va) {
       // of `y` relative to the type `S2` (i.e., `4`). So the size of the
       // buffer is `12 - 4 = 8`.
       c = getRootType(va) and
-      // we calculate the size based on the last field, to avoid including any padding after it
-      trueSize = max(Field f | | f.getOffsetInClass(c) + f.getUnspecifiedType().getSize()) and
-      result = trueSize - v.(Field).getOffsetInClass(c)
+      result = c.getSize() - v.(Field).getOffsetInClass(c)
     )
   )
 }
@@ -107,16 +105,9 @@ private int getSize(VariableAccess va) {
 private int isSource(Expr bufferExpr, Element why) {
   exists(Variable bufferVar | bufferVar = bufferExpr.(VariableAccess).getTarget() |
     // buffer is a fixed size array
-    exists(bufferVar.getUnspecifiedType().(ArrayType).getSize()) and
-    result =
-      unique(int size | // more generous than .getSize() itself, when the array is a class field or similar.
-        size = getSize(bufferExpr)
-      |
-        size
-      ) and
+    result = bufferVar.getUnspecifiedType().(ArrayType).getSize() and
     why = bufferVar and
     not memberMayBeVarSize(_, bufferVar) and
-    not exists(BuiltInOperationBuiltInOffsetOf offsetof | offsetof.getAChild*() = bufferExpr) and
     // zero sized arrays are likely to have special usage, for example
     // behaving a bit like a 'union' overlapping other fields.
     not result = 0

cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql

@@ -5,9 +5,8 @@
  *              buffer.
  * @kind problem
  * @id cpp/overflow-buffer
- * @problem.severity warning
+ * @problem.severity recommendation
  * @security-severity 9.3
- * @precision medium
  * @tags security
  *       external/cwe/cwe-119
  *       external/cwe/cwe-121

cpp/ql/src/change-notes/2025-02-20-overflow-buffer.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* The query "Call to memory access function may overflow buffer" (`cpp/overflow-buffer`) has been added to the security-extended query suite. The query detects a range of buffer overflow and underflow issues.

cpp/ql/src/change-notes/2025-02-27-static-buffer-overflow.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Due to changes in libraries the query "Static array access may cause overflow" (`cpp/static-buffer-overflow`) will no longer report cases where multiple fields of a struct or class are written with a single `memset` or similar operation.

cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverflowBuffer.expected

@@ -1,3 +1,5 @@
+| tests.cpp:45:9:45:14 | call to memcpy | This 'memcpy' operation accesses 32 bytes but the $@ is only 16 bytes. | tests.cpp:32:10:32:18 | charFirst | destination buffer |
+| tests.cpp:60:9:60:14 | call to memcpy | This 'memcpy' operation accesses 32 bytes but the $@ is only 16 bytes. | tests.cpp:32:10:32:18 | charFirst | destination buffer |
 | tests.cpp:171:9:171:14 | call to memcpy | This 'memcpy' operation accesses 100 bytes but the $@ is only 50 bytes. | tests.cpp:164:20:164:25 | call to malloc | destination buffer |
 | tests.cpp:172:9:172:19 | access to array | This array indexing operation accesses byte offset 99 but the $@ is only 50 bytes. | tests.cpp:164:20:164:25 | call to malloc | array |
 | tests.cpp:192:9:192:14 | call to memcpy | This 'memcpy' operation accesses 100 bytes but the $@ is only 50 bytes. | tests.cpp:181:10:181:22 | dataBadBuffer | destination buffer |

cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverflowStatic.expected

@@ -0,0 +1,2 @@
+| tests.cpp:45:51:45:72 | sizeof(<expr>) | Potential buffer-overflow: 'charFirst' has size 16 not 32. |
+| tests.cpp:60:52:60:74 | sizeof(<expr>) | Potential buffer-overflow: 'charFirst' has size 16 not 32. |

cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/tests.cpp

@@ -42,7 +42,7 @@ void CWE121_Stack_Based_Buffer_Overflow__char_type_overrun_memcpy_01_bad()
         /* Print the initial block pointed to by structCharVoid.voidSecond */
         printLine((char *)structCharVoid.voidSecond);
         /* FLAW: Use the sizeof(structCharVoid) which will overwrite the pointer voidSecond */
-        memcpy(structCharVoid.charFirst, SRC_STR, sizeof(structCharVoid)); // [NOT DETECTED]
+        memcpy(structCharVoid.charFirst, SRC_STR, sizeof(structCharVoid));
         structCharVoid.charFirst[(sizeof(structCharVoid.charFirst)/sizeof(char))-1] = '\0'; /* null terminate the string */
         printLine((char *)structCharVoid.charFirst);
         printLine((char *)structCharVoid.voidSecond);
@@ -57,7 +57,7 @@ void CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_01_bad()
         /* Print the initial block pointed to by structCharVoid->voidSecond */
         printLine((char *)structCharVoid->voidSecond);
         /* FLAW: Use the sizeof(*structCharVoid) which will overwrite the pointer y */
-        memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); // [NOT DETECTED]
+        memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid));
         structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; /* null terminate the string */
         printLine((char *)structCharVoid->charFirst);
         printLine((char *)structCharVoid->voidSecond);
@@ -292,7 +292,7 @@ namespace CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_01
             delete [] data;
         }
     }
-
+    
     static void goodG2B()
 	{
 		wchar_t * data;
@@ -459,7 +459,7 @@ void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_01_bad()
 #ifdef _WIN32
 int _snwprintf(wchar_t *buffer, size_t count, const wchar_t *format, ...);
 #define SNPRINTF _snwprintf
-#else
+#else 
 int snprintf(char *s, size_t n, const char *format, ...);
 int swprintf(wchar_t *wcs, size_t maxlen, const wchar_t *format, ...);
 //#define SNPRINTF snprintf --- original code; using snprintf appears to be a mistake in samate?
@@ -485,14 +485,14 @@ void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_01_bad()
 }
 
 /* classes used in some test cases as a custom type */
-class TwoIntsClass
+class TwoIntsClass 
 {
     public: // Needed to access variables from label files
         int intOne;
         int intTwo;
 };
 
-class OneIntClass
+class OneIntClass 
 {
     public: // Needed to access variables from label files
         int intOne;
@@ -636,7 +636,7 @@ void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_31_bad()
 
 int rand(void);
 
-int globalReturnsTrueOrFalse()
+int globalReturnsTrueOrFalse() 
 {
     return (rand() % 2);
 }

cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/BadlyBoundedWrite.expected

@@ -1,4 +1,2 @@
-| tests.cpp:1055:2:1055:8 | call to strncpy | This 'call to strncpy' operation is limited to 131 bytes but the destination is only 128 bytes. |
-| tests.cpp:1057:2:1057:8 | call to strncpy | This 'call to strncpy' operation is limited to 131 bytes but the destination is only 64 bytes. |
 | var_size_struct.cpp:73:3:73:9 | call to strncpy | This 'call to strncpy' operation is limited to 1025 bytes but the destination is only 1024 bytes. |
 | var_size_struct.cpp:103:3:103:9 | call to strncpy | This 'call to strncpy' operation is limited to 129 bytes but the destination is only 128 bytes. |

cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowBuffer.expected

@@ -17,81 +17,69 @@
 | tests.cpp:285:3:285:8 | call to memset | This 'memset' operation accesses 128 bytes but the $@ is only 64 bytes. | tests.cpp:283:12:283:23 | new[] | destination buffer |
 | tests.cpp:292:3:292:8 | call to memset | This 'memset' operation accesses 11 bytes but the $@ is only 10 bytes. | tests.cpp:289:8:289:12 | array | destination buffer |
 | tests.cpp:310:2:310:7 | call to memset | This 'memset' operation accesses 21 bytes but the $@ is only 20 bytes. | tests.cpp:301:10:301:14 | myVar | destination buffer |
+| tests.cpp:312:2:312:7 | call to memset | This 'memset' operation accesses 17 bytes but the $@ is only 16 bytes. | tests.cpp:298:7:298:12 | buffer | destination buffer |
 | tests.cpp:314:2:314:7 | call to memset | This 'memset' operation accesses 8 bytes but the $@ is only 4 bytes. | tests.cpp:299:6:299:10 | field | destination buffer |
-| tests.cpp:348:2:348:14 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:342:7:342:15 | charArray | array |
-| tests.cpp:351:2:351:14 | access to array | This array indexing operation accesses byte offset 10 but the $@ is only 10 bytes. | tests.cpp:342:7:342:15 | charArray | array |
-| tests.cpp:352:17:352:29 | access to array | This array indexing operation accesses byte offset 10 but the $@ is only 10 bytes. | tests.cpp:342:7:342:15 | charArray | array |
-| tests.cpp:354:2:354:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:343:6:343:13 | intArray | array |
-| tests.cpp:357:2:357:13 | access to array | This array indexing operation accesses byte offset 43 but the $@ is only 40 bytes. | tests.cpp:343:6:343:13 | intArray | array |
-| tests.cpp:358:16:358:27 | access to array | This array indexing operation accesses byte offset 43 but the $@ is only 40 bytes. | tests.cpp:343:6:343:13 | intArray | array |
-| tests.cpp:360:2:360:16 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:344:11:344:21 | structArray | array |
-| tests.cpp:363:2:363:16 | access to array | This array indexing operation accesses byte offset 219 but the $@ is only 200 bytes. | tests.cpp:344:11:344:21 | structArray | array |
-| tests.cpp:364:25:364:39 | access to array | This array indexing operation accesses byte offset 219 but the $@ is only 200 bytes. | tests.cpp:344:11:344:21 | structArray | array |
-| tests.cpp:367:23:367:34 | access to array | This array indexing operation accesses byte offset 43 but the $@ is only 40 bytes. | tests.cpp:343:6:343:13 | intArray | array |
-| tests.cpp:369:2:369:13 | access to array | This array indexing operation accesses a negative index -2 on the $@. | tests.cpp:342:7:342:15 | charArray | array |
-| tests.cpp:370:2:370:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:342:7:342:15 | charArray | array |
-| tests.cpp:374:2:374:13 | access to array | This array indexing operation accesses byte offset 10 but the $@ is only 10 bytes. | tests.cpp:342:7:342:15 | charArray | array |
-| tests.cpp:394:3:394:13 | access to array | This array indexing operation accesses byte offset 101 but the $@ is only 100 bytes. | tests.cpp:389:47:389:52 | call to malloc | array |
-| tests.cpp:397:3:397:13 | access to array | This array indexing operation accesses byte offset 101 but the $@ is only 101 bytes. | tests.cpp:390:47:390:52 | call to malloc | array |
-| tests.cpp:467:3:467:24 | access to array | This array indexing operation accesses a negative index -3 on the $@. | tests.cpp:465:7:465:14 | intArray | array |
-| tests.cpp:475:3:475:11 | access to array | This array indexing operation accesses a negative index -21 on the $@. | tests.cpp:471:7:471:11 | multi | array |
-| tests.cpp:477:3:477:11 | access to array | This array indexing operation accesses a negative index -21 on the $@. | tests.cpp:471:7:471:11 | multi | array |
-| tests.cpp:480:3:480:11 | access to array | This array indexing operation accesses byte offset 639 but the $@ is only 400 bytes. | tests.cpp:471:7:471:11 | multi | array |
-| tests.cpp:482:3:482:11 | access to array | This array indexing operation accesses byte offset 639 but the $@ is only 400 bytes. | tests.cpp:471:7:471:11 | multi | array |
-| tests.cpp:497:2:497:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:490:7:490:12 | buffer | array |
-| tests.cpp:498:2:498:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:490:7:490:12 | buffer | array |
-| tests.cpp:502:2:502:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:490:7:490:12 | buffer | array |
-| tests.cpp:508:2:508:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:494:21:494:26 | call to malloc | array |
-| tests.cpp:512:2:512:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:495:21:495:26 | call to malloc | array |
-| tests.cpp:540:3:540:8 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 10 bytes. | tests.cpp:523:15:523:20 | call to malloc | destination buffer |
-| tests.cpp:540:3:540:8 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 10 bytes. | tests.cpp:531:16:531:21 | call to malloc | destination buffer |
-| tests.cpp:562:6:562:10 | call to fread | This 'fread' operation may access 101 bytes but the $@ is only 100 bytes. | tests.cpp:553:7:553:16 | charBuffer | destination buffer |
-| tests.cpp:567:6:567:10 | call to fread | This 'fread' operation may access 400 bytes but the $@ is only 100 bytes. | tests.cpp:553:7:553:16 | charBuffer | destination buffer |
-| tests.cpp:590:6:590:15 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:586:7:586:12 | buffer | array |
-| tests.cpp:598:7:598:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:586:7:586:12 | buffer | array |
-| tests.cpp:658:6:658:15 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:654:7:654:12 | buffer | array |
-| tests.cpp:666:7:666:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:654:7:654:12 | buffer | array |
-| tests.cpp:729:3:729:8 | call to memset | This 'memset' operation accesses 24 bytes but the $@ is only 8 bytes. | tests.cpp:714:16:714:16 | c | destination buffer |
-| tests.cpp:733:3:733:8 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:714:16:714:16 | c | destination buffer |
-| tests.cpp:737:3:737:8 | call to memset | This 'memset' operation accesses 24 bytes but the $@ is only 16 bytes. | tests.cpp:713:16:713:16 | b | destination buffer |
-| tests.cpp:748:2:748:7 | call to memset | This 'memset' operation accesses 24 bytes but the $@ is only 8 bytes. | tests.cpp:714:16:714:16 | c | destination buffer |
-| tests.cpp:774:5:774:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:756:20:756:22 | b_1 | destination buffer |
-| tests.cpp:777:5:777:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:756:20:756:22 | b_1 | destination buffer |
-| tests.cpp:781:5:781:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:757:20:757:22 | c_1 | destination buffer |
-| tests.cpp:782:5:782:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 8 bytes. | tests.cpp:757:20:757:22 | c_1 | destination buffer |
-| tests.cpp:784:5:784:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:757:20:757:22 | c_1 | destination buffer |
-| tests.cpp:785:5:785:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 8 bytes. | tests.cpp:757:20:757:22 | c_1 | destination buffer |
-| tests.cpp:795:5:795:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:761:20:761:22 | b_2 | destination buffer |
-| tests.cpp:798:5:798:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:761:20:761:22 | b_2 | destination buffer |
-| tests.cpp:816:5:816:10 | call to memset | This 'memset' operation accesses 8 bytes but the $@ is only 4 bytes. | tests.cpp:811:16:811:16 | b | destination buffer |
-| tests.cpp:843:5:843:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 16 bytes. | tests.cpp:822:16:822:16 | b | destination buffer |
-| tests.cpp:846:5:846:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 16 bytes. | tests.cpp:822:16:822:16 | b | destination buffer |
-| tests.cpp:848:5:848:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 16 bytes. | tests.cpp:822:16:822:16 | b | destination buffer |
-| tests.cpp:851:5:851:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 12 bytes. | tests.cpp:823:16:823:16 | c | destination buffer |
-| tests.cpp:852:5:852:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:823:16:823:16 | c | destination buffer |
-| tests.cpp:854:5:854:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 12 bytes. | tests.cpp:823:16:823:16 | c | destination buffer |
-| tests.cpp:856:5:856:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 12 bytes. | tests.cpp:823:16:823:16 | c | destination buffer |
-| tests.cpp:867:5:867:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 8 bytes. | tests.cpp:828:16:828:16 | x | destination buffer |
-| tests.cpp:868:5:868:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:828:16:828:16 | x | destination buffer |
-| tests.cpp:869:5:869:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 8 bytes. | tests.cpp:828:16:828:16 | x | destination buffer |
-| tests.cpp:870:5:870:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 8 bytes. | tests.cpp:828:16:828:16 | x | destination buffer |
-| tests.cpp:872:5:872:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 8 bytes. | tests.cpp:828:16:828:16 | x | destination buffer |
-| tests.cpp:883:5:883:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 4 bytes. | tests.cpp:833:12:833:12 | u | destination buffer |
-| tests.cpp:884:5:884:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 4 bytes. | tests.cpp:833:12:833:12 | u | destination buffer |
-| tests.cpp:885:5:885:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 4 bytes. | tests.cpp:833:12:833:12 | u | destination buffer |
-| tests.cpp:886:5:886:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 4 bytes. | tests.cpp:833:12:833:12 | u | destination buffer |
-| tests.cpp:887:5:887:10 | call to memset | This 'memset' operation accesses 8 bytes but the $@ is only 4 bytes. | tests.cpp:833:12:833:12 | u | destination buffer |
-| tests.cpp:888:5:888:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 4 bytes. | tests.cpp:833:12:833:12 | u | destination buffer |
-| tests.cpp:984:2:984:9 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:981:6:981:8 | arr | array |
-| tests.cpp:989:2:989:9 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:981:6:981:8 | arr | array |
-| tests.cpp:994:2:994:9 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:981:6:981:8 | arr | array |
-| tests.cpp:1001:2:1001:9 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:981:6:981:8 | arr | array |
-| tests.cpp:1009:2:1009:9 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:981:6:981:8 | arr | array |
-| tests.cpp:1031:2:1031:7 | call to memset | This 'memset' operation accesses 130 bytes but the $@ is only 120 bytes. | tests.cpp:1020:12:1020:15 | arr1 | destination buffer |
-| tests.cpp:1050:2:1050:7 | call to memset | This 'memset' operation accesses 132 bytes but the $@ is only 128 bytes. | tests.cpp:1037:8:1037:14 | buffer1 | destination buffer |
-| tests.cpp:1052:2:1052:7 | call to memset | This 'memset' operation accesses 132 bytes but the $@ is only 64 bytes. | tests.cpp:1041:8:1041:14 | buffer2 | destination buffer |
-| tests.cpp:1055:2:1055:8 | call to strncpy | This 'strncpy' operation may access 131 bytes but the $@ is only 128 bytes. | tests.cpp:1037:8:1037:14 | buffer1 | destination buffer |
-| tests.cpp:1057:2:1057:8 | call to strncpy | This 'strncpy' operation may access 131 bytes but the $@ is only 64 bytes. | tests.cpp:1041:8:1041:14 | buffer2 | destination buffer |
+| tests.cpp:346:2:346:14 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:342:7:342:15 | charArray | array |
+| tests.cpp:349:2:349:14 | access to array | This array indexing operation accesses byte offset 10 but the $@ is only 10 bytes. | tests.cpp:342:7:342:15 | charArray | array |
+| tests.cpp:350:17:350:29 | access to array | This array indexing operation accesses byte offset 10 but the $@ is only 10 bytes. | tests.cpp:342:7:342:15 | charArray | array |
+| tests.cpp:352:2:352:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:343:6:343:13 | intArray | array |
+| tests.cpp:355:2:355:13 | access to array | This array indexing operation accesses byte offset 43 but the $@ is only 40 bytes. | tests.cpp:343:6:343:13 | intArray | array |
+| tests.cpp:356:16:356:27 | access to array | This array indexing operation accesses byte offset 43 but the $@ is only 40 bytes. | tests.cpp:343:6:343:13 | intArray | array |
+| tests.cpp:358:2:358:16 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:344:11:344:21 | structArray | array |
+| tests.cpp:361:2:361:16 | access to array | This array indexing operation accesses byte offset 219 but the $@ is only 200 bytes. | tests.cpp:344:11:344:21 | structArray | array |
+| tests.cpp:362:25:362:39 | access to array | This array indexing operation accesses byte offset 219 but the $@ is only 200 bytes. | tests.cpp:344:11:344:21 | structArray | array |
+| tests.cpp:365:23:365:34 | access to array | This array indexing operation accesses byte offset 43 but the $@ is only 40 bytes. | tests.cpp:343:6:343:13 | intArray | array |
+| tests.cpp:373:3:373:13 | access to array | This array indexing operation accesses byte offset 101 but the $@ is only 100 bytes. | tests.cpp:368:47:368:52 | call to malloc | array |
+| tests.cpp:376:3:376:13 | access to array | This array indexing operation accesses byte offset 101 but the $@ is only 101 bytes. | tests.cpp:369:47:369:52 | call to malloc | array |
+| tests.cpp:446:3:446:24 | access to array | This array indexing operation accesses a negative index -3 on the $@. | tests.cpp:444:7:444:14 | intArray | array |
+| tests.cpp:454:3:454:11 | access to array | This array indexing operation accesses a negative index -21 on the $@. | tests.cpp:450:7:450:11 | multi | array |
+| tests.cpp:456:3:456:11 | access to array | This array indexing operation accesses a negative index -21 on the $@. | tests.cpp:450:7:450:11 | multi | array |
+| tests.cpp:459:3:459:11 | access to array | This array indexing operation accesses byte offset 639 but the $@ is only 400 bytes. | tests.cpp:450:7:450:11 | multi | array |
+| tests.cpp:461:3:461:11 | access to array | This array indexing operation accesses byte offset 639 but the $@ is only 400 bytes. | tests.cpp:450:7:450:11 | multi | array |
+| tests.cpp:476:2:476:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:469:7:469:12 | buffer | array |
+| tests.cpp:477:2:477:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:469:7:469:12 | buffer | array |
+| tests.cpp:481:2:481:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:469:7:469:12 | buffer | array |
+| tests.cpp:487:2:487:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:473:21:473:26 | call to malloc | array |
+| tests.cpp:491:2:491:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:474:21:474:26 | call to malloc | array |
+| tests.cpp:519:3:519:8 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 10 bytes. | tests.cpp:502:15:502:20 | call to malloc | destination buffer |
+| tests.cpp:519:3:519:8 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 10 bytes. | tests.cpp:510:16:510:21 | call to malloc | destination buffer |
+| tests.cpp:541:6:541:10 | call to fread | This 'fread' operation may access 101 bytes but the $@ is only 100 bytes. | tests.cpp:532:7:532:16 | charBuffer | destination buffer |
+| tests.cpp:546:6:546:10 | call to fread | This 'fread' operation may access 400 bytes but the $@ is only 100 bytes. | tests.cpp:532:7:532:16 | charBuffer | destination buffer |
+| tests.cpp:569:6:569:15 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array |
+| tests.cpp:577:7:577:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array |
+| tests.cpp:637:6:637:15 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:633:7:633:12 | buffer | array |
+| tests.cpp:645:7:645:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:633:7:633:12 | buffer | array |
+| tests.cpp:708:3:708:8 | call to memset | This 'memset' operation accesses 24 bytes but the $@ is only 8 bytes. | tests.cpp:693:16:693:16 | c | destination buffer |
+| tests.cpp:712:3:712:8 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:693:16:693:16 | c | destination buffer |
+| tests.cpp:716:3:716:8 | call to memset | This 'memset' operation accesses 24 bytes but the $@ is only 16 bytes. | tests.cpp:692:16:692:16 | b | destination buffer |
+| tests.cpp:727:2:727:7 | call to memset | This 'memset' operation accesses 24 bytes but the $@ is only 8 bytes. | tests.cpp:693:16:693:16 | c | destination buffer |
+| tests.cpp:753:5:753:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:735:20:735:22 | b_1 | destination buffer |
+| tests.cpp:756:5:756:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:735:20:735:22 | b_1 | destination buffer |
+| tests.cpp:760:5:760:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:736:20:736:22 | c_1 | destination buffer |
+| tests.cpp:761:5:761:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 8 bytes. | tests.cpp:736:20:736:22 | c_1 | destination buffer |
+| tests.cpp:763:5:763:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:736:20:736:22 | c_1 | destination buffer |
+| tests.cpp:764:5:764:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 8 bytes. | tests.cpp:736:20:736:22 | c_1 | destination buffer |
+| tests.cpp:774:5:774:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:740:20:740:22 | b_2 | destination buffer |
+| tests.cpp:777:5:777:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:740:20:740:22 | b_2 | destination buffer |
+| tests.cpp:795:5:795:10 | call to memset | This 'memset' operation accesses 8 bytes but the $@ is only 4 bytes. | tests.cpp:790:16:790:16 | b | destination buffer |
+| tests.cpp:822:5:822:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 16 bytes. | tests.cpp:801:16:801:16 | b | destination buffer |
+| tests.cpp:825:5:825:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 16 bytes. | tests.cpp:801:16:801:16 | b | destination buffer |
+| tests.cpp:827:5:827:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 16 bytes. | tests.cpp:801:16:801:16 | b | destination buffer |
+| tests.cpp:830:5:830:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 12 bytes. | tests.cpp:802:16:802:16 | c | destination buffer |
+| tests.cpp:831:5:831:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 12 bytes. | tests.cpp:802:16:802:16 | c | destination buffer |
+| tests.cpp:833:5:833:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 12 bytes. | tests.cpp:802:16:802:16 | c | destination buffer |
+| tests.cpp:835:5:835:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 12 bytes. | tests.cpp:802:16:802:16 | c | destination buffer |
+| tests.cpp:846:5:846:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 8 bytes. | tests.cpp:807:16:807:16 | x | destination buffer |
+| tests.cpp:847:5:847:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 8 bytes. | tests.cpp:807:16:807:16 | x | destination buffer |
+| tests.cpp:848:5:848:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 8 bytes. | tests.cpp:807:16:807:16 | x | destination buffer |
+| tests.cpp:849:5:849:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 8 bytes. | tests.cpp:807:16:807:16 | x | destination buffer |
+| tests.cpp:851:5:851:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 8 bytes. | tests.cpp:807:16:807:16 | x | destination buffer |
+| tests.cpp:862:5:862:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 4 bytes. | tests.cpp:812:12:812:12 | u | destination buffer |
+| tests.cpp:863:5:863:10 | call to memset | This 'memset' operation accesses 16 bytes but the $@ is only 4 bytes. | tests.cpp:812:12:812:12 | u | destination buffer |
+| tests.cpp:864:5:864:10 | call to memset | This 'memset' operation accesses 12 bytes but the $@ is only 4 bytes. | tests.cpp:812:12:812:12 | u | destination buffer |
+| tests.cpp:865:5:865:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 4 bytes. | tests.cpp:812:12:812:12 | u | destination buffer |
+| tests.cpp:866:5:866:10 | call to memset | This 'memset' operation accesses 8 bytes but the $@ is only 4 bytes. | tests.cpp:812:12:812:12 | u | destination buffer |
+| tests.cpp:867:5:867:10 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 4 bytes. | tests.cpp:812:12:812:12 | u | destination buffer |
 | tests_restrict.c:12:2:12:7 | call to memcpy | This 'memcpy' operation accesses 2 bytes but the $@ is only 1 byte. | tests_restrict.c:7:6:7:13 | smallbuf | source buffer |
 | unions.cpp:26:2:26:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 100 bytes. | unions.cpp:21:10:21:11 | mu | destination buffer |
 | unions.cpp:30:2:30:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 100 bytes. | unions.cpp:15:7:15:11 | small | destination buffer |
@@ -100,4 +88,5 @@
 | var_size_struct.cpp:73:3:73:9 | call to strncpy | This 'strncpy' operation may access 1025 bytes but the $@ is only 1024 bytes. | var_size_struct.cpp:63:8:63:11 | data | destination buffer |
 | var_size_struct.cpp:87:3:87:19 | access to array | This array indexing operation accesses byte offset 67 but the $@ is only 64 bytes. | var_size_struct.cpp:78:7:78:14 | elements | array |
 | var_size_struct.cpp:99:3:99:8 | call to memset | This 'memset' operation accesses 129 bytes but the $@ is only 128 bytes. | var_size_struct.cpp:92:8:92:10 | str | destination buffer |
+| var_size_struct.cpp:101:3:101:8 | call to memset | This 'memset' operation accesses 129 bytes but the $@ is only 128 bytes. | var_size_struct.cpp:92:8:92:10 | str | destination buffer |
 | var_size_struct.cpp:103:3:103:9 | call to strncpy | This 'strncpy' operation may access 129 bytes but the $@ is only 128 bytes. | var_size_struct.cpp:92:8:92:10 | str | destination buffer |

cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowStatic.expected

@@ -3,8 +3,6 @@
 | tests.cpp:163:3:163:11 | access to array | Potential buffer-overflow: counter 'k' <= 100 but 'buffer' has 100 elements. |
 | tests.cpp:164:8:164:16 | access to array | Potential buffer-overflow: counter 'k' <= 100 but 'buffer' has 100 elements. |
 | tests.cpp:245:42:245:42 | 6 | Potential buffer-overflow: 'global_array_5' has size 5 not 6. |
-| tests.cpp:351:2:351:14 | access to array | Potential buffer-overflow: 'charArray' has size 10 but 'charArray[10]' may be accessed here. |
-| tests.cpp:352:17:352:29 | access to array | Potential buffer-overflow: 'charArray' has size 10 but 'charArray[10]' may be accessed here. |
-| tests.cpp:1055:26:1055:39 | ... - ... | Potential buffer-overflow: 'buffer1' has size 128 not 131. |
-| tests.cpp:1057:26:1057:39 | ... - ... | Potential buffer-overflow: 'buffer2' has size 64 not 131. |
+| tests.cpp:349:2:349:14 | access to array | Potential buffer-overflow: 'charArray' has size 10 but 'charArray[10]' may be accessed here. |
+| tests.cpp:350:17:350:29 | access to array | Potential buffer-overflow: 'charArray' has size 10 but 'charArray[10]' may be accessed here. |
 | var_size_struct.cpp:103:39:103:41 | 129 | Potential buffer-overflow: 'str' has size 128 not 129. |

cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/UnboundedWrite.expected

@@ -27,26 +27,26 @@ edges
 | main.cpp:9:29:9:32 | *argv | tests_restrict.c:15:41:15:44 | *argv | provenance |  |
 | main.cpp:9:29:9:32 | tests_restrict_main output argument | main.cpp:10:20:10:23 | **argv | provenance |  |
 | main.cpp:9:29:9:32 | tests_restrict_main output argument | main.cpp:10:20:10:23 | *argv | provenance |  |
-| main.cpp:10:20:10:23 | **argv | tests.cpp:1060:32:1060:35 | **argv | provenance |  |
-| main.cpp:10:20:10:23 | *argv | tests.cpp:1060:32:1060:35 | *argv | provenance |  |
+| main.cpp:10:20:10:23 | **argv | tests.cpp:872:32:872:35 | **argv | provenance |  |
+| main.cpp:10:20:10:23 | *argv | tests.cpp:872:32:872:35 | *argv | provenance |  |
 | overflowdestination.cpp:23:45:23:48 | **argv | overflowdestination.cpp:23:45:23:48 | **argv | provenance |  |
 | overflowdestination.cpp:23:45:23:48 | **argv | overflowdestination.cpp:23:45:23:48 | *argv | provenance |  |
 | test_buffer_overrun.cpp:32:46:32:49 | **argv | test_buffer_overrun.cpp:32:46:32:49 | **argv | provenance |  |
 | test_buffer_overrun.cpp:32:46:32:49 | **argv | test_buffer_overrun.cpp:32:46:32:49 | *argv | provenance |  |
 | test_buffer_overrun.cpp:32:46:32:49 | *argv | test_buffer_overrun.cpp:32:46:32:49 | *argv | provenance |  |
-| tests.cpp:634:19:634:24 | *source | tests.cpp:636:17:636:22 | *source | provenance |  |
-| tests.cpp:643:19:643:24 | *source | tests.cpp:646:2:646:16 | *... = ... | provenance |  |
-| tests.cpp:646:2:646:2 | *s [post update] [*home] | tests.cpp:649:14:649:14 | *s [*home] | provenance |  |
-| tests.cpp:646:2:646:16 | *... = ... | tests.cpp:646:2:646:2 | *s [post update] [*home] | provenance |  |
-| tests.cpp:649:14:649:14 | *s [*home] | tests.cpp:649:14:649:19 | *home | provenance |  |
-| tests.cpp:649:14:649:14 | *s [*home] | tests.cpp:649:16:649:19 | *home | provenance |  |
-| tests.cpp:649:16:649:19 | *home | tests.cpp:649:14:649:19 | *home | provenance |  |
-| tests.cpp:1060:32:1060:35 | **argv | tests.cpp:1085:9:1085:15 | *access to array | provenance |  |
-| tests.cpp:1060:32:1060:35 | **argv | tests.cpp:1086:9:1086:15 | *access to array | provenance |  |
-| tests.cpp:1060:32:1060:35 | *argv | tests.cpp:1085:9:1085:15 | *access to array | provenance |  |
-| tests.cpp:1060:32:1060:35 | *argv | tests.cpp:1086:9:1086:15 | *access to array | provenance |  |
-| tests.cpp:1085:9:1085:15 | *access to array | tests.cpp:634:19:634:24 | *source | provenance |  |
-| tests.cpp:1086:9:1086:15 | *access to array | tests.cpp:643:19:643:24 | *source | provenance |  |
+| tests.cpp:613:19:613:24 | *source | tests.cpp:615:17:615:22 | *source | provenance |  |
+| tests.cpp:622:19:622:24 | *source | tests.cpp:625:2:625:16 | *... = ... | provenance |  |
+| tests.cpp:625:2:625:2 | *s [post update] [*home] | tests.cpp:628:14:628:14 | *s [*home] | provenance |  |
+| tests.cpp:625:2:625:16 | *... = ... | tests.cpp:625:2:625:2 | *s [post update] [*home] | provenance |  |
+| tests.cpp:628:14:628:14 | *s [*home] | tests.cpp:628:14:628:19 | *home | provenance |  |
+| tests.cpp:628:14:628:14 | *s [*home] | tests.cpp:628:16:628:19 | *home | provenance |  |
+| tests.cpp:628:16:628:19 | *home | tests.cpp:628:14:628:19 | *home | provenance |  |
+| tests.cpp:872:32:872:35 | **argv | tests.cpp:897:9:897:15 | *access to array | provenance |  |
+| tests.cpp:872:32:872:35 | **argv | tests.cpp:898:9:898:15 | *access to array | provenance |  |
+| tests.cpp:872:32:872:35 | *argv | tests.cpp:897:9:897:15 | *access to array | provenance |  |
+| tests.cpp:872:32:872:35 | *argv | tests.cpp:898:9:898:15 | *access to array | provenance |  |
+| tests.cpp:897:9:897:15 | *access to array | tests.cpp:613:19:613:24 | *source | provenance |  |
+| tests.cpp:898:9:898:15 | *access to array | tests.cpp:622:19:622:24 | *source | provenance |  |
 | tests_restrict.c:15:41:15:44 | **argv | tests_restrict.c:15:41:15:44 | **argv | provenance |  |
 | tests_restrict.c:15:41:15:44 | *argv | tests_restrict.c:15:41:15:44 | *argv | provenance |  |
 nodes
@@ -72,18 +72,18 @@ nodes
 | test_buffer_overrun.cpp:32:46:32:49 | *argv | semmle.label | *argv |
 | test_buffer_overrun.cpp:32:46:32:49 | *argv | semmle.label | *argv |
 | test_buffer_overrun.cpp:32:46:32:49 | *argv | semmle.label | *argv |
-| tests.cpp:634:19:634:24 | *source | semmle.label | *source |
-| tests.cpp:636:17:636:22 | *source | semmle.label | *source |
-| tests.cpp:643:19:643:24 | *source | semmle.label | *source |
-| tests.cpp:646:2:646:2 | *s [post update] [*home] | semmle.label | *s [post update] [*home] |
-| tests.cpp:646:2:646:16 | *... = ... | semmle.label | *... = ... |
-| tests.cpp:649:14:649:14 | *s [*home] | semmle.label | *s [*home] |
-| tests.cpp:649:14:649:19 | *home | semmle.label | *home |
-| tests.cpp:649:16:649:19 | *home | semmle.label | *home |
-| tests.cpp:1060:32:1060:35 | **argv | semmle.label | **argv |
-| tests.cpp:1060:32:1060:35 | *argv | semmle.label | *argv |
-| tests.cpp:1085:9:1085:15 | *access to array | semmle.label | *access to array |
-| tests.cpp:1086:9:1086:15 | *access to array | semmle.label | *access to array |
+| tests.cpp:613:19:613:24 | *source | semmle.label | *source |
+| tests.cpp:615:17:615:22 | *source | semmle.label | *source |
+| tests.cpp:622:19:622:24 | *source | semmle.label | *source |
+| tests.cpp:625:2:625:2 | *s [post update] [*home] | semmle.label | *s [post update] [*home] |
+| tests.cpp:625:2:625:16 | *... = ... | semmle.label | *... = ... |
+| tests.cpp:628:14:628:14 | *s [*home] | semmle.label | *s [*home] |
+| tests.cpp:628:14:628:19 | *home | semmle.label | *home |
+| tests.cpp:628:16:628:19 | *home | semmle.label | *home |
+| tests.cpp:872:32:872:35 | **argv | semmle.label | **argv |
+| tests.cpp:872:32:872:35 | *argv | semmle.label | *argv |
+| tests.cpp:897:9:897:15 | *access to array | semmle.label | *access to array |
+| tests.cpp:898:9:898:15 | *access to array | semmle.label | *access to array |
 | tests_restrict.c:15:41:15:44 | **argv | semmle.label | **argv |
 | tests_restrict.c:15:41:15:44 | **argv | semmle.label | **argv |
 | tests_restrict.c:15:41:15:44 | *argv | semmle.label | *argv |
@@ -97,5 +97,5 @@ subpaths
 | main.cpp:9:29:9:32 | **argv | tests_restrict.c:15:41:15:44 | **argv | tests_restrict.c:15:41:15:44 | **argv | main.cpp:9:29:9:32 | tests_restrict_main output argument |
 | main.cpp:9:29:9:32 | *argv | tests_restrict.c:15:41:15:44 | *argv | tests_restrict.c:15:41:15:44 | *argv | main.cpp:9:29:9:32 | tests_restrict_main output argument |
 #select
-| tests.cpp:636:2:636:7 | call to strcpy | main.cpp:6:27:6:30 | **argv | tests.cpp:636:17:636:22 | *source | This 'call to strcpy' with input from $@ may overflow the destination. | main.cpp:6:27:6:30 | **argv | a command-line argument |
-| tests.cpp:649:2:649:7 | call to strcpy | main.cpp:6:27:6:30 | **argv | tests.cpp:649:14:649:19 | *home | This 'call to strcpy' with input from $@ may overflow the destination. | main.cpp:6:27:6:30 | **argv | a command-line argument |
+| tests.cpp:615:2:615:7 | call to strcpy | main.cpp:6:27:6:30 | **argv | tests.cpp:615:17:615:22 | *source | This 'call to strcpy' with input from $@ may overflow the destination. | main.cpp:6:27:6:30 | **argv | a command-line argument |
+| tests.cpp:628:2:628:7 | call to strcpy | main.cpp:6:27:6:30 | **argv | tests.cpp:628:14:628:19 | *home | This 'call to strcpy' with input from $@ may overflow the destination. | main.cpp:6:27:6:30 | **argv | a command-line argument |

cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp

@@ -18,7 +18,7 @@ void test1()
 {
 	char smallbuffer[10];
 	char bigbuffer[20];
-
+	
 	memcpy(bigbuffer, smallbuffer, sizeof(smallbuffer)); // GOOD
 	memcpy(bigbuffer, smallbuffer, sizeof(bigbuffer)); // BAD: over-read
 	memcpy(smallbuffer, bigbuffer, sizeof(smallbuffer)); // GOOD
@@ -29,7 +29,7 @@ void test2()
 {
 	char *smallbuffer = (char *)malloc(sizeof(char) * 10);
 	char *bigbuffer = (char *)malloc(sizeof(char) * 20);
-
+	
 	memcpy(bigbuffer, smallbuffer, sizeof(smallbuffer)); // GOOD
 	memcpy(bigbuffer, smallbuffer, sizeof(bigbuffer)); // BAD: over-read [NOT DETECTED]
 	memcpy(smallbuffer, bigbuffer, sizeof(smallbuffer)); // GOOD
@@ -59,7 +59,7 @@ void test4(int unbounded)
 {
 	int bounded = 100;
 	char buffer1[100], buffer2[100];
-
+	
 	memmove(buffer1, buffer2, bounded); // GOOD
 	memmove(buffer1, buffer2, unbounded); // BAD: may over-write [NOT DETECTED]
 }
@@ -107,11 +107,11 @@ void test6(bool cond)
 	a = -1;
 	buffer[a] = 'x'; // BAD: under-write [NOT DETECTED]
 	ch = buffer[a]; // BAD: under-read [NOT DETECTED]
-
+	
 	b = 0;
 	buffer[b] = 'x'; // GOOD
 	ch = buffer[b]; // GOOD
-
+	
 	c = 100;
 	buffer[c] = 'x'; // BAD: over-write [NOT DETECTED]
 	ch = buffer[c]; // BAD: over-read [NOT DETECTED]
@@ -120,7 +120,7 @@ void test6(bool cond)
 	d = 1000;
 	buffer[d] = 'x'; // BAD: over-write [NOT DETECTED]
 	ch = buffer[d]; // BAD: over-read [NOT DETECTED]
-
+	
 	e = 1000;
 	e = 0;
 	buffer[e] = 'x'; // GOOD
@@ -130,12 +130,12 @@ void test6(bool cond)
 	if (cond) {f = 1000;}
 	buffer[f] = 'x'; // BAD: may over-write [NOT DETECTED]
 	ch = buffer[f]; // BAD: may over-read [NOT DETECTED]
-
+	
 	g = 1000;
 	if (cond) {g = 0;}
 	buffer[g] = 'x'; // BAD: may over-write [NOT DETECTED]
 	ch = buffer[g]; // BAD: may over-read [NOT DETECTED]
-
+	
 	h = 1000;
 	if (cond)
 	{
@@ -151,13 +151,13 @@ void test6(bool cond)
 		buffer[i] = 'x'; // GOOD
 		ch = buffer[i]; // GOOD
 	}
-
+	
 	for (j = -1; j < 100; j++)
 	{
 		buffer[j] = 'x'; // BAD: under-write [NOT DETECTED]
 		ch = buffer[j]; // BAD: under-read [NOT DETECTED]
 	}
-
+	
 	for (k = 0; k <= 100; k++)
 	{
 		buffer[k] = 'x'; // BAD: over-write
@@ -187,7 +187,7 @@ void test8(int unbounded)
 	{
 		buffer[i] = 0; // GOOD
 	}
-
+	
 	for (i = 0; i < v2; i++)
 	{
 		buffer[i] = 0; // BAD: over-write [NOT DETECTED]
@@ -226,7 +226,7 @@ void test9(int param)
 		memset(buffer3, 0, 33); // BAD: overrun write of buffer3
 		memset(buffer4, 0, 32); // GOOD
 		memset(buffer4, 0, 33); // BAD: overrun write of buffer4 (buffer3)
-
+		
 		memcmp(buffer1, buffer2, 32); // GOOD
 		memcmp(buffer1, buffer2, 33); // BAD: overrun read of buffer1, buffer2
 	}
@@ -274,7 +274,7 @@ void test11()
 		memset(string, 0, 14); // GOOD
 		memset(string, 0, 15); // BAD: overrun write of string
 	}
-
+	
 	{
 		char *buffer = new char[128];
 
@@ -284,7 +284,7 @@ void test11()
 
 		memset(buffer, 0, 128); // BAD: overrun write of buffer
 	}
-
+	
 	{
 		char array[10] = "123";
 
@@ -309,7 +309,7 @@ void test12()
 	memset(&myVar, 0, sizeof(myVar)); // GOOD
 	memset(&myVar, 0, sizeof(myVar) + 1); // BAD: overrun write of myVar
 	memset(myVar.buffer, 0, 16); // GOOD
-	memset(myVar.buffer, 0, 17); // DUBIOUS: overrun write of myVar.buffer, but not out of myVar itself [NOT DETECTED]
+	memset(myVar.buffer, 0, 17); // BAD: overrun write of myVar.buffer
 	memset(&(myVar.field), 0, sizeof(int)); // GOOD
 	memset(&(myVar.field), 0, sizeof(int) * 2); // BAD: overrun write of myVar.field
 
@@ -317,7 +317,7 @@ void test12()
 	memset(buf + 8, 0, 9); // BAD: overrun write of buf [NOT DETECTED]
 	memset(dbuf + 8, 0, 8); // GOOD
 	memset(dbuf + 8, 0, 9); // BAD: overrun write of dbuf [NOT DETECTED]
-
+	
 	{
 		myStruct *myPtr1 = &myVar;
 		myStruct *myPtr2;
@@ -331,19 +331,17 @@ void test12()
 
 	{
 		void *myPtr3 = (void *)(&myVar);
-
+		
 		memset(myPtr3, 0, sizeof(myStruct)); // GOOD
 		memset(myPtr3, 0, sizeof(myStruct) + 1); // BAD: overrun write of myVar
 	}
 }
 
-void test13(char *argArray)
+void test13()
 {
 	char charArray[10];
 	int intArray[10];
 	myStruct structArray[10];
-	char *ptrArray = charArray;
-	char *ptrArrayOffset = charArray + 1;
 
 	charArray[-1] = 1; // BAD: underrun write
 	charArray[0] = 1; // GOOD
@@ -365,26 +363,7 @@ void test13(char *argArray)
 
 	charArray[9] = (char)intArray[9]; // GOOD
 	charArray[9] = (char)intArray[10]; // BAD: overrun read
-
-	ptrArray[-2] = 1; // BAD: underrun write
-	ptrArray[-1] = 1; // BAD: underrun write
-	ptrArray[0] = 1; // GOOD
-	ptrArray[8] = 1; // GOOD
-	ptrArray[9] = 1; // GOOD
-	ptrArray[10] = 1; // BAD: overrun write
-
-	ptrArrayOffset[-2] = 1; // BAD: underrun write [NOT DETECTED]
-	ptrArrayOffset[-1] = 1; // GOOD (there is room for this)
-	ptrArrayOffset[0] = 1; // GOOD
-	ptrArrayOffset[8] = 1; // GOOD
-	ptrArrayOffset[9] = 1; // BAD: overrun write [NOT DETECTED]
-	ptrArrayOffset[10] = 1; // BAD: overrun write [NOT DETECTED]
-
-	argArray[-1] = 1; // BAD: underrun write [NOT DETECTED]
-	argArray[0] = 1; // GOOD
-	argArray[1] = 1; // GOOD (we can't tell the length of this array)
-	argArray[999] = 1; // GOOD (we can't tell the length of this array)
-
+	
 	{
 		unsigned short *buffer1 = (unsigned short *)malloc(sizeof(short) * 50);
 		unsigned short *buffer2 = (unsigned short *)malloc(101); // 50.5 shorts
@@ -463,13 +442,13 @@ void test17(long long *longArray)
 
 	{
 		int intArray[5];
-
+	
 		((char *)intArray)[-3] = 0; // BAD: underrun write
 	}
 
 	{
 		int multi[10][10];
-
+	
 		multi[5][5] = 0; // GOOD
 
 		multi[-5][5] = 0; // BAD: underrun write [INCORRECT MESSAGE]
@@ -532,7 +511,7 @@ void test19(bool b)
 		p2 = (char *)malloc(20);
 		p3 = (char *)malloc(20);
 	}
-
+	
 	// ...
 
 	if (b)
@@ -684,7 +663,7 @@ void test27(){
 	char buffer[MAX_SIZE];
 
 	strncpy(dest, src, 8); // GOOD, strncpy will not read past null terminator of source
-
+		
 	if(IND < MAX_SIZE){
 		buffer[IND] = 0; // GOOD: out of bounds, but inaccessible code
 	}
@@ -760,7 +739,7 @@ struct AnonUnionInStruct
       unsigned int a_2;
       unsigned int b_2;
     };
-  };
+  };  
   unsigned int d;
 
   void test37() {
@@ -890,173 +869,6 @@ struct S2 {
   }
 };
 
-typedef int MyArray[10];
-
-typedef struct _MyArrayArray {
-	struct {
-		int as[10];
-	} bs[10];
-
-	union {
-		int i;
-		char cs[4];
-	} ds[10];
-
-	struct {
-		MyArray xs;
-	} ys[10];
-} MyArrayArray;
-
-void test26() {
-	MyArrayArray maa;
-
-	maa.bs[0].as[-1] = 0; // BAD: underrun write [NOT DETECTED]
-	maa.bs[0].as[0] = 0; // GOOD
-	maa.bs[0].as[99] = 0; // GOOD (overflows into bs[9])
-	maa.bs[0].as[100] = 0; // BAD: overrun write [NOT DETECTED]
-	maa.bs[1].as[-1] = 0; // GOOD (underflows into bs[0])
-	maa.bs[1].as[0] = 0; // GOOD
-	maa.bs[1].as[99] = 0; // BAD: overrun write [NOT DETECTED]
-	maa.bs[1].as[100] = 0; // BAD: overrun write[ NOT DETECTED]
-
-	maa.ds[0].i = 0; // GOOD
-	maa.ds[9].i = 0; // GOOD
-	maa.ds[10].i = 0; // BAD: overrun write [NOT DETECTED]
-	maa.ds[0].cs[0] = 0; // GOOD
-	maa.ds[0].cs[3] = 0; // GOOD
-	maa.ds[0].cs[4] = 0; // GOOD (overflows into vs[1])
-	maa.ds[0].cs[39] = 0; // GOOD (overflows into vs[9])
-	maa.ds[0].cs[40] = 0; // BAD: overrun write [NOT DETECTED]
-	maa.ds[9].cs[0] = 0; // GOOD
-	maa.ds[9].cs[3] = 0; // GOOD
-	maa.ds[9].cs[4] = 0; // BAD: overrun write [NOT DETECTED]
-
-	maa.ys[0].xs[-1] = 0; // BAD: underrun write [NOT DETECTED]
-	maa.ys[0].xs[0] = 0; // GOOD
-	maa.ys[0].xs[99] = 0; // GOOD (overflows into bs[9])
-	maa.ys[0].xs[100] = 0; // BAD: overrun write [NOT DETECTED]
-	maa.ys[1].xs[-1] = 0; // GOOD (underflows into ys[0])
-	maa.ys[1].xs[0] = 0; // GOOD
-	maa.ys[1].xs[99] = 0; // BAD: overrun write [NOT DETECTED]
-	maa.ys[1].xs[100] = 0; // BAD: overrun write [NOT DETECTED]
-
-	char zs[2][2];
-	zs[0][-1] = 0; // BAD: underrun write [NOT DETECTED]
-	zs[0][0] = 0; // GOOD
-	zs[0][1] = 0; // GOOD
-	zs[0][2] = 0; // GOOD
-	zs[0][3] = 0; // GOOD
-	zs[0][4] = 0; // BAD: overrun write [NOT DETECTED]
-	zs[1][-3] = 0; // BAD: underrun write [NOT DETECTED]
-	zs[1][-2] = 0; // GOOD
-	zs[1][-1] = 0; // GOOD
-	zs[1][0] = 0; // GOOD
-	zs[1][1] = 0; // GOOD
-	zs[1][2] = 0; // BAD: overrun write [NOT DETECTED]
-}
-
-struct Array10 {
-	int values[10];
-};
-
-void test27(size_t s) {
-	Array10 arr;
-
-	if (s < sizeof(arr.values[10])) { // GOOD (harmless)
-		// ...
-	}
-
-	if (s < offsetof(Array10, values[10])) { // GOOD (harmless)
-		// ...
-	}
-
-	if (s < &(arr.values[10]) - &(arr.values[0])) { // GOOD (harmless)
-		// ...
-	}
-}
-
-bool cond();
-
-void test28() {
-	int arr[10];
-
-	int *ptr1 = arr;
-	ptr1[-1] = 0; // BAD: underrun write
-	ptr1++;
-	ptr1[-1] = 0; // GOOD
-
-	int *ptr2 = arr;
-	ptr2[-1] = 0; // BAD: underrun write
-	*ptr2++;
-	ptr2[-1] = 0; // GOOD
-
-	int *ptr3 = arr;
-	ptr3[-1] = 0; // BAD: underrun write
-	if (cond()) {
-		ptr3++;
-	}
-	ptr3[-1] = 0; // GOOD (depending what cond() does)
-
-	int *ptr4 = arr;
-	ptr4[-1] = 0; // BAD: underrun write
-	while (true) {
-		ptr4++;
-		if (cond()) break;
-	}
-	ptr4[-1] = 0; // GOOD
-
-	int *ptr5 = arr;
-	ptr5[-1] = 0; // BAD: underrun write
-	while (true) {
-		if (cond()) ptr5++;
-		if (cond()) break;
-	}
-	ptr5[-1] = 0; // GOOD (depending what cond() does)
-}
-
-typedef int myInt29;
-typedef myInt29 myArray29[10];
-struct _myStruct29 {
-	myArray29 arr1;
-	myInt29 arr2[20];
-};
-typedef _myStruct29 myStruct29;
-
-void test29() {
-	myStruct29 *ptr;
-
-	memset(ptr->arr1, 0, sizeof(ptr->arr1) + sizeof(ptr->arr2)); // GOOD (overwrites arr1, arr2)
-	memset(&(ptr->arr1[0]), 0, sizeof(ptr->arr1) + sizeof(ptr->arr2)); // GOOD (overwrites arr1, arr2)
-
-	memset(ptr->arr1, 0, sizeof(ptr->arr1) + sizeof(ptr->arr2) + 10); // BAD
-}
-
-struct UnionStruct {
-	int a;
-	union {
-		char buffer1[64];
-		int b;
-	};
-	union {
-		char buffer2[64];
-		int c;
-	};
-};
-
-void test30() {
-	UnionStruct us;
-
-	memset(us.buffer1, 0, sizeof(us.buffer1)); // GOOD
-	memset(us.buffer1, 0, sizeof(us)); // BAD
-	memset(us.buffer2, 0, sizeof(us.buffer2)); // GOOD
-	memset(us.buffer2, 0, sizeof(us)); // BAD
-
-	strncpy(us.buffer1, "", sizeof(us.buffer1) - 1); // GOOD
-	strncpy(us.buffer1, "", sizeof(us) - 1); // BAD
-	strncpy(us.buffer2, "", sizeof(us.buffer2) - 1); // GOOD
-	strncpy(us.buffer2, "", sizeof(us) - 1); // BAD
-}
-
 int tests_main(int argc, char *argv[])
 {
 	long long arr17[19];
@@ -1084,11 +896,6 @@ int tests_main(int argc, char *argv[])
 	test23();
 	test24(argv[0]);
 	test25(argv[0]);
-	test26();
-	test27(argc);
-	test28();
-	test29();
-	test30();
 
 	return 0;
 }

cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/var_size_struct.cpp

@@ -96,9 +96,9 @@ void testNotVarStruct1() {
   notVarStruct1 *nvs1 = (notVarStruct1 *)malloc(sizeof(notVarStruct1) * 2);
 
   memset(nvs1->str, 0, 128); // GOOD
-  memset(nvs1->str, 0, 129); // DUBIOUS: buffer overflow (overflows nvs1->str but not nvs1 overall)
+  memset(nvs1->str, 0, 129); // BAD: buffer overflow
   memset(nvs1[1].str, 0, 128); // GOOD
-  memset(nvs1[1].str, 0, 129); // BAD: buffer overflow [NOT DETECTED]
+  memset(nvs1[1].str, 0, 129); // BAD: buffer overflow
   strncpy(nvs1->str, "Hello, world!", 128); // GOOD
   strncpy(nvs1->str, "Hello, world!", 129); // BAD
 }

cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/VeryLikelyOverrunWrite.expected

@@ -16,17 +16,6 @@
 | tests.c:136:2:136:8 | call to sprintf | This 'call to sprintf' operation requires 11 bytes but the destination is only 10 bytes. |
 | tests.c:186:3:186:9 | call to sprintf | This 'call to sprintf' operation requires 9 bytes but the destination is only 2 bytes. |
 | tests.c:189:3:189:9 | call to sprintf | This 'call to sprintf' operation requires 3 bytes but the destination is only 2 bytes. |
-| unions.c:26:2:26:7 | call to strcpy | This 'call to strcpy' operation requires 21 bytes but the destination is only 15 bytes. |
-| unions.c:27:2:27:7 | call to strcpy | This 'call to strcpy' operation requires 21 bytes but the destination is only 15 bytes. |
+| unions.c:26:2:26:7 | call to strcpy | This 'call to strcpy' operation requires 21 bytes but the destination is only 16 bytes. |
+| unions.c:27:2:27:7 | call to strcpy | This 'call to strcpy' operation requires 21 bytes but the destination is only 16 bytes. |
 | var_size_struct.cpp:22:3:22:8 | call to strcpy | This 'call to strcpy' operation requires 10 bytes but the destination is only 9 bytes. |
-| varbuffer.c:15:5:15:10 | call to strcpy | This 'call to strcpy' operation requires 2 bytes but the destination is only 1 bytes. |
-| varbuffer.c:16:5:16:10 | call to strcpy | This 'call to strcpy' operation requires 10 bytes but the destination is only 1 bytes. |
-| varbuffer.c:23:5:23:10 | call to strcpy | This 'call to strcpy' operation requires 12 bytes but the destination is only 11 bytes. |
-| varbuffer.c:24:5:24:10 | call to strcpy | This 'call to strcpy' operation requires 17 bytes but the destination is only 11 bytes. |
-| varbuffer.c:39:5:39:10 | call to strcpy | This 'call to strcpy' operation requires 3 bytes but the destination is only 2 bytes. |
-| varbuffer.c:40:5:40:10 | call to strcpy | This 'call to strcpy' operation requires 10 bytes but the destination is only 2 bytes. |
-| varbuffer.c:45:5:45:10 | call to strcpy | This 'call to strcpy' operation requires 10 bytes but the destination is only 2 bytes. |
-| varbuffer.c:46:5:46:10 | call to strcpy | This 'call to strcpy' operation requires 17 bytes but the destination is only 2 bytes. |
-| varbuffer.c:60:5:60:10 | call to strcpy | This 'call to strcpy' operation requires 2 bytes but the destination is only 1 bytes. |
-| varbuffer.c:61:5:61:10 | call to strcpy | This 'call to strcpy' operation requires 10 bytes but the destination is only 1 bytes. |
-| varbuffer.c:67:5:67:10 | call to strcpy | This 'call to strcpy' operation requires 17 bytes but the destination is only 11 bytes. |

cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/varbuffer.c

@@ -1,69 +0,0 @@
-// Further test cases for CWE-120.
-
-typedef unsigned long size_t;
-
-typedef struct _MyVarStruct {
-    size_t len;
-    char buffer[1]; // variable size buffer
-} MyVarStruct;
-
-void testMyVarStruct()
-{
-    MyVarStruct *ptr1 = (MyVarStruct*)malloc(sizeof(MyVarStruct));
-    ptr1->len = 0;
-    strcpy(ptr1->buffer, ""); // GOOD
-    strcpy(ptr1->buffer, "1"); // BAD: length 2, but destination only has length 1
-    strcpy(ptr1->buffer, "123456789"); // BAD: length 10, but destination only has length 1
-    // ...
-
-    MyVarStruct *ptr2 = (MyVarStruct*)malloc(sizeof(MyVarStruct) + (sizeof(char) * 10));
-    ptr2->len = 10;
-    strcpy(ptr2->buffer, "123456789"); // GOOD
-    strcpy(ptr2->buffer, "1234567890"); // GOOD
-    strcpy(ptr2->buffer, "1234567890a"); // BAD: length 12, but destination only has length 11
-    strcpy(ptr2->buffer, "1234567890abcdef"); // BAD: length 17, but destination only has length 11
-    // ...
-}
-
-typedef struct MyFixedStruct1 {
-    int len;
-    char buffer[2]; // assumed to be a fixed size buffer
-} MyFixedStruct1;
-
-void testMyFixedStruct()
-{
-    MyFixedStruct1 *ptr1 = (MyFixedStruct1 *)malloc(sizeof(MyFixedStruct1));
-    ptr1->len = 1;
-    strcpy(ptr1->buffer, ""); // GOOD
-    strcpy(ptr1->buffer, "1"); // GOOD
-    strcpy(ptr1->buffer, "12"); // BAD: length 3, but destination only has length 2
-    strcpy(ptr1->buffer, "123456789"); // BAD: length 10, but destination only has length 2
-    // ...
-
-    MyFixedStruct1 *ptr2 = (MyFixedStruct1*)malloc(sizeof(MyFixedStruct1) + (sizeof(char) * 10));
-    ptr2->len = 11;
-    strcpy(ptr2->buffer, "123456789"); // BAD / DUBIOUS: length 10, but destination only has length 2
-    strcpy(ptr2->buffer, "1234567890abcdef"); // BAD: length 17, but destination only has length 2
-    // ...
-}
-
-typedef struct _MyFixedStruct2 {
-    char buffer[1]; // fixed size buffer
-    size_t len;
-} MyFixedStruct2;
-
-void testMyFixedStruct2()
-{
-    MyFixedStruct2 *ptr1 = (MyFixedStruct2 *)malloc(sizeof(MyFixedStruct2));
-    ptr1->len = 1;
-    strcpy(ptr1->buffer, ""); // GOOD
-    strcpy(ptr1->buffer, "1"); // BAD: length 2, but destination only has length 1
-    strcpy(ptr1->buffer, "123456789"); // BAD: length 10, but destination only has length 1
-    // ...
-
-    MyFixedStruct2 *ptr2 = (MyFixedStruct2*)malloc(sizeof(MyFixedStruct2) + (sizeof(char) * 10));
-    ptr2->len = 11;
-    strcpy(ptr2->buffer, "123456789"); // BAD: length 10, but destination only has length 1 [NOT DETECTED]
-    strcpy(ptr2->buffer, "1234567890abcdef"); // BAD: length 17, but destination only has length 1
-    // ...
-}

csharp/ql/integration-tests/posix/standalone_dependencies_nuget_config_error/global.json

@@ -1,5 +0,0 @@
-{
-    "sdk": {
-        "version": "9.0.100"
-    }
-}

csharp/ql/src/Bad Practices/PathCombine.qhelp

@@ -1,18 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-<overview>
-<p><code>Path.Combine</code> may silently drop its earlier arguments if its later arguments are absolute paths. E.g. <code>Path.Combine("C:\\Users\\Me\\Documents", "C:\\Program Files\\") == "C:\\Program Files"</code>.</p>
-
-</overview>
-<recommendation>
-<p>Use <code>Path.Join</code> instead.</p>
-</recommendation>
-<references>
-
-  <li>Microsoft Learn, .NET API browser, <a href="https://learn.microsoft.com/en-us/dotnet/api/system.io.path.combine?view=net-9.0">Path.Combine</a>.</li>
-  <li>Microsoft Learn, .NET API browser, <a href="https://learn.microsoft.com/en-us/dotnet/api/system.io.path.join?view=net-9.0">Path.Join</a>.</li>
-
-</references>
-</qhelp>

csharp/ql/src/Bad Practices/PathCombine.ql

@@ -1,16 +0,0 @@
-/**
- * @name Call to System.IO.Path.Combine
- * @description Finds calls to System.IO.Path's Combine method
- * @kind problem
- * @problem.severity recommendation
- * @precision very-high
- * @id cs/path-combine
- * @tags reliability
- */
-
-import csharp
-import semmle.code.csharp.frameworks.System
-
-from MethodCall call
-where call.getTarget().hasFullyQualifiedName("System.IO", "Path", "Combine")
-select call, "Call to 'System.IO.Path.Combine'."

csharp/ql/src/change-notes/2025-02-26-path-combine.md

@@ -1,4 +0,0 @@
----
-category: newQuery
----
-* Added a new query, `csharp/path-combine`, to recommend against the `Path.Combine` method due to it silently discarding its earlier parameters if later parameters are rooted.

csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.cs

@@ -1,14 +0,0 @@
-using System.IO;
-
-class PathCombine
-{
-    void bad()
-    {
-        Path.Combine(@"C:\Users", @"C:\Program Files");
-    }
-
-    void good()
-    {
-        Path.Join(@"C:\Users", @"C:\Program Files");
-    }
-}

csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.expected

@@ -1 +0,0 @@
-| PathCombine.cs:7:9:7:54 | call to method Combine | Call to 'System.IO.Path.Combine'. |

csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.qlref

@@ -1 +0,0 @@
-Bad Practices/PathCombine.ql

csharp/ql/test/query-tests/Bad Practices/Path Combine/options

@@ -1,2 +0,0 @@
-semmle-extractor-options: /nostdlib /noconfig
-semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj

docs/codeql/reusables/supported-versions-compilers.rst

@@ -17,7 +17,7 @@
 
    .NET 5, .NET 6, .NET 7, .NET 8, .NET 9","``.sln``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``"
    Go (aka Golang), "Go up to 1.24", "Go 1.11 or more recent", ``.go``
-   Java,"Java 7 to 24 [5]_","javac (OpenJDK and Oracle JDK),
+   Java,"Java 7 to 22 [5]_","javac (OpenJDK and Oracle JDK),
 
    Eclipse compiler for Java (ECJ) [6]_",``.java``
    Kotlin,"Kotlin 1.5.0 to 2.1.2\ *x*","kotlinc",``.kt``
@@ -33,7 +33,7 @@
     .. [2] Objective-C, Objective-C++, C++/CLI, and C++/CX are not supported.
     .. [3] Support for the clang-cl compiler is preliminary.
     .. [4] Support for the Arm Compiler (armcc) is preliminary.
-    .. [5] Builds that execute on Java 7 to 24 can be analyzed. The analysis understands standard language features in Java 8 to 24; "preview" and "incubator" features are not supported. Source code using Java language versions older than Java 8 are analyzed as Java 8 code.
+    .. [5] Builds that execute on Java 7 to 22 can be analyzed. The analysis understands standard language features in Java 8 to 22; "preview" and "incubator" features are not supported. Source code using Java language versions older than Java 8 are analyzed as Java 8 code.
     .. [6] ECJ is supported when the build invokes it via the Maven Compiler plugin or the Takari Lifecycle plugin.
     .. [7] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files.
     .. [8] The extractor requires Python 3 to run. To analyze Python 2.7 you should install both versions of Python.

go/.gitignore

@@ -1,4 +0,0 @@
-# artifacts of running `make test`
-data/
-lock
-size

go/documentation/library-coverage/coverage.csv

@@ -70,7 +70,6 @@ github.com/jinzhu/gorm,13,15,1,,,,,,,,,,,,13,,,,,,15,,,,,1,
 github.com/jmoiron/sqlx,12,49,11,,,,,,,,,,,,12,,,,,,49,,,,,11,
 github.com/joho/godotenv,,4,,,,,,,,,,,,,,,,,,,,4,,,,,
 github.com/json-iterator/go,,,4,,,,,,,,,,,,,,,,,,,,,,,4,
-github.com/kanikanema/gorqlite,24,8,2,,,,,,,,,,,,24,,,,,,8,,,,,2,
 github.com/kataras/iris/context,6,,,,,,,,6,,,,,,,,,,,,,,,,,,
 github.com/kataras/iris/middleware/jwt,2,,,,2,,,,,,,,,,,,,,,,,,,,,,
 github.com/kataras/iris/server/web/context,6,,,,,,,,6,,,,,,,,,,,,,,,,,,
@@ -85,10 +84,10 @@ github.com/masterzen/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,,
 github.com/moovweb/gokogiri/xml,4,,,,,,,,,,,,,,,,,,4,,,,,,,,
 github.com/moovweb/gokogiri/xpath,1,,,,,,,,,,,,,,,,,,1,,,,,,,,
 github.com/ory/fosite/token/jwt,2,,,,2,,,,,,,,,,,,,,,,,,,,,,
-github.com/raindog308/gorqlite,24,8,2,,,,,,,,,,,,24,,,,,,8,,,,,2,
+github.com/raindog308/gorqlite,24,,,,,,,,,,,,,,24,,,,,,,,,,,,
 github.com/revel/revel,2,23,10,,,,,,1,,,,,,,1,,,,,,,,23,,10,
 github.com/robfig/revel,2,23,10,,,,,,1,,,,,,,1,,,,,,,,23,,10,
-github.com/rqlite/gorqlite,24,8,2,,,,,,,,,,,,24,,,,,,8,,,,,2,
+github.com/rqlite/gorqlite,24,,,,,,,,,,,,,,24,,,,,,,,,,,,
 github.com/santhosh-tekuri/xpathparser,2,,,,,,,,,,,,,,,,,,2,,,,,,,,
 github.com/sendgrid/sendgrid-go/helpers/mail,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
 github.com/sirupsen/logrus,145,,,,,,145,,,,,,,,,,,,,,,,,,,,

go/documentation/library-coverage/coverage.rst

@@ -53,7 +53,7 @@ Go framework & library support
    `goproxy <https://github.com/elazarl/goproxy>`_,``github.com/elazarl/goproxy*``,2,2,2
    `gorilla/mux <https://github.com/gorilla/mux>`_,``github.com/gorilla/mux*``,1,,
    `gorilla/websocket <https://github.com/gorilla/websocket>`_,``github.com/gorilla/websocket*``,3,,
-   `gorqlite <https://github.com/rqlite/gorqlite>`_,"``github.com/raindog308/gorqlite*``, ``github.com/rqlite/gorqlite*``",16,4,48
+   `gorqlite <https://github.com/rqlite/gorqlite>`_,"``github.com/raindog308/gorqlite*``, ``github.com/rqlite/gorqlite*``",,,48
    `goxpath <https://github.com/ChrisTrenkamp/goxpath/wiki>`_,``github.com/ChrisTrenkamp/goxpath*``,,,3
    `htmlquery <https://github.com/antchfx/htmlquery>`_,``github.com/antchfx/htmlquery*``,,,4
    `json-iterator <https://github.com/json-iterator/go>`_,``github.com/json-iterator/go*``,,4,
@@ -73,6 +73,5 @@ Go framework & library support
    `xpathparser <https://github.com/santhosh-tekuri/xpathparser>`_,``github.com/santhosh-tekuri/xpathparser*``,,,2
    `yaml <https://gopkg.in/yaml.v3>`_,``gopkg.in/yaml*``,,9,
    `zap <https://go.uber.org/zap>`_,``go.uber.org/zap*``,,11,33
-   Others,``github.com/kanikanema/gorqlite``,8,2,24
-   Totals,,494,958,1556
+   Totals,,470,952,1532
 

go/ql/lib/change-notes/2025-02-25-go-database-rqlite-sources.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added `database` source models for the `github.com/rqlite/gorqlite` package.

go/ql/lib/change-notes/2025-02-27-go-version-1-24.md

@@ -1,4 +0,0 @@
----
-category: majorAnalysis
----
-* Go 1.24 is now supported. This includes the new language feature of generic type aliases.

go/ql/lib/change-notes/2025-02-27-haslocationinfo-deprecated.md

@@ -1,4 +0,0 @@
----
-category: deprecated
----
-* The member predicate `hasLocationInfo` has been deprecated on the following classes: `BasicBlock`, `Callable`, `Content`, `ContentSet`, `ControlFlow::Node`, `DataFlowCallable`, `DataFlow::Node`, `Entity`, `GVN`, `HtmlTemplate::TemplateStmt`, `IR:WriteTarget`, `SourceSinkInterpretationInput::SourceOrSinkElement`, `SourceSinkInterpretationInput::InterpretNode`, `SsaVariable`, `SsaDefinition`, `SsaWithFields`, `StringOps::ConcatenationElement`, `Type`, and `VariableWithFields`. Use `getLocation()` instead.

go/ql/lib/ext/github.com.rqlite.gorqlite.model.yml

@@ -3,21 +3,8 @@ extensions:
       pack: codeql/go-all
       extensible: packageGrouping
     data:
-      - ["gorqlite", "github.com/kanikanema/gorqlite"]
       - ["gorqlite", "github.com/rqlite/gorqlite"]
       - ["gorqlite", "github.com/raindog308/gorqlite"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sourceModel
-    data:
-      - ["group:gorqlite", "Connection", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueryOne", "", "", "ReturnValue[0]", "database", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueryOneContext", "", "", "ReturnValue[0]", "database", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueryOneParameterized", "", "", "ReturnValue[0]", "database", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueryOneParameterizedContext", "", "", "ReturnValue[0]", "database", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueryParameterized", "", "", "ReturnValue[0]", "database", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueryParameterizedContext", "", "", "ReturnValue[0]", "database", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: sinkModel
@@ -46,9 +33,3 @@ extensions:
       - ["group:gorqlite", "Connection", True, "WriteOneParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]
       - ["group:gorqlite", "Connection", True, "WriteParameterized", "", "", "Argument[0]", "sql-injection", "manual"]
       - ["group:gorqlite", "Connection", True, "WriteParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: summaryModel
-    data:
-      - ["group:gorqlite", "QueryResult", True, "Map", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
-      - ["group:gorqlite", "QueryResult", True, "Slice", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]

go/ql/lib/semmle/go/DiagnosticsReporting.qll

@@ -1,6 +1,7 @@
 /** Provides classes for working with errors and warnings recorded during extraction. */
 
 import go
+private import semmle.go.internal.Locations
 
 /** Gets the SARIF severity level that indicates an error. */
 private int getErrorSeverity() { result = 2 }
@@ -19,10 +20,18 @@ private class Diagnostic extends @diagnostic {
   string getMessage() { diagnostics(this, _, _, result, _, _) }
 
   /** Gets the file that this error is associated with, if any. */
-  File getFile() { result = this.getLocation().getFile() }
+  File getFile() { this.hasLocationInfo(result.getAbsolutePath(), _, _, _, _) }
 
-  /** Gets the location for this error. */
-  Location getLocation() { diagnostics(this, _, _, _, _, result) }
+  /**
+   * Holds if this element is at the specified location.
+   * The location spans column `startcolumn` of line `startline` to
+   * column `endcolumn` of line `endline` in file `filepath`.
+   * For more information, see
+   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+   */
+  predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
+    getDiagnosticLocation(this).hasLocationInfo(path, sl, sc, el, ec)
+  }
 
   string toString() { result = this.getMessage() }
 }
@@ -59,7 +68,7 @@ predicate reportableDiagnostics(Diagnostic d, string msg, int sev) {
     exists(File f | f = d.getFile() |
       exists(f.getAChild()) and
       msg =
-        "Extraction failed in " + f.getRelativePath() + " with error " +
+        "Extraction failed in " + d.getFile().getRelativePath() + " with error " +
           removeAbsolutePaths(d.getMessage())
     )
     or

go/ql/lib/semmle/go/Locations.qll

@@ -1,6 +1,7 @@
 /** Provides classes for working with locations and program elements that have locations. */
 
 import go
+private import internal.Locations
 
 /**
  * A location as given by a file, a start line, a start column,
@@ -10,21 +11,21 @@ import go
  *
  * For more information about locations see [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
  */
-class Location extends @location {
+class DbLocation extends TDbLocation {
   /** Gets the file for this location. */
-  File getFile() { locations_default(this, result, _, _, _, _) }
+  File getFile() { dbLocationInfo(this, result, _, _, _, _) }
 
   /** Gets the 1-based line number (inclusive) where this location starts. */
-  int getStartLine() { locations_default(this, _, result, _, _, _) }
+  int getStartLine() { dbLocationInfo(this, _, result, _, _, _) }
 
   /** Gets the 1-based column number (inclusive) where this location starts. */
-  int getStartColumn() { locations_default(this, _, _, result, _, _) }
+  int getStartColumn() { dbLocationInfo(this, _, _, result, _, _) }
 
   /** Gets the 1-based line number (inclusive) where this location ends. */
-  int getEndLine() { locations_default(this, _, _, _, result, _) }
+  int getEndLine() { dbLocationInfo(this, _, _, _, result, _) }
 
   /** Gets the 1-based column number (inclusive) where this location ends. */
-  int getEndColumn() { locations_default(this, _, _, _, _, result) }
+  int getEndColumn() { dbLocationInfo(this, _, _, _, _, result) }
 
   /** Gets the number of lines covered by this location. */
   int getNumLines() { result = this.getEndLine() - this.getStartLine() + 1 }
@@ -47,22 +48,22 @@ class Location extends @location {
   predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    exists(File f | locations_default(this, f, startline, startcolumn, endline, endcolumn) |
+    exists(File f |
+      dbLocationInfo(this, f, startline, startcolumn, endline, endcolumn) and
       filepath = f.getAbsolutePath()
     )
   }
 }
 
+final class Location = LocationImpl;
+
 /** A program element with a location. */
 class Locatable extends @locatable {
   /** Gets the file this program element comes from. */
   File getFile() { result = this.getLocation().getFile() }
 
   /** Gets this element's location. */
-  final Location getLocation() {
-    has_location(this, result) or
-    xmllocations(this, result)
-  }
+  final DbLocation getLocation() { result = getLocatableLocation(this) }
 
   /** Gets the number of lines covered by this element. */
   int getNumLines() { result = this.getLocation().getNumLines() }

go/ql/lib/semmle/go/Scopes.qll

@@ -144,34 +144,36 @@ class Entity extends @object {
   /** Gets a textual representation of this entity. */
   string toString() { result = this.getName() }
 
-  /** Gets the location of this entity. */
-  Location getLocation() {
-    result = this.getDeclaration().getLocation()
-    or
-    result = any(CaseClause cc | this = cc.getImplicitlyDeclaredVariable()).getLocation()
+  private predicate hasRealLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    // take the location of the declaration if there is one
+    this.getDeclaration().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) or
+    any(CaseClause cc | this = cc.getImplicitlyDeclaredVariable())
+        .hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
 
   /**
-   * DEPRECATED: Use `getLocation()` instead.
-   *
    * Holds if this element is at the specified location.
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
-  deprecated predicate hasLocationInfo(
+  predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-    or
-    // otherwise fall back on dummy location
-    not exists(this.getLocation()) and
-    filepath = "" and
-    startline = 0 and
-    startcolumn = 0 and
-    endline = 0 and
-    endcolumn = 0
+    // take the location of the declaration if there is one
+    if this.hasRealLocationInfo(_, _, _, _, _)
+    then this.hasRealLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    else (
+      // otherwise fall back on dummy location
+      filepath = "" and
+      startline = 0 and
+      startcolumn = 0 and
+      endline = 0 and
+      endcolumn = 0
+    )
   }
 }
 
@@ -678,22 +680,16 @@ class Callable extends TCallable {
     result = this.asFuncLit().getName()
   }
 
-  /** Gets the location of this callable. */
-  Location getLocation() {
-    result = this.asFunction().getLocation() or result = this.asFuncLit().getLocation()
-  }
-
   /**
-   * DEPRECATED: Use `getLocation()` instead.
-   *
    * Holds if this element is at the specified location.
    * The location spans column `sc` of line `sl` to
    * column `ec` of line `el` in file `fp`.
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
-  deprecated predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
-    this.getLocation().hasLocationInfo(fp, sl, sc, el, ec)
+  predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
+    this.asFunction().hasLocationInfo(fp, sl, sc, el, ec) or
+    this.asFuncLit().hasLocationInfo(fp, sl, sc, el, ec)
   }
 }
 

go/ql/lib/semmle/go/StringOps.qll

@@ -548,25 +548,20 @@ module StringOps {
         else result = "concatenation element"
     }
 
-    /** Gets the location of this element. */
-    Location getLocation() { result = this.asNode().getLocation() }
-
     /**
-     * DEPRECATED: Use `getLocation()` instead.
-     *
      * Holds if this element is at the specified location.
      * The location spans column `startcolumn` of line `startline` to
      * column `endcolumn` of line `endline` in file `filepath`.
      * For more information, see
      * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
      */
-    deprecated predicate hasLocationInfo(
+    predicate hasLocationInfo(
       string filepath, int startline, int startcolumn, int endline, int endcolumn
     ) {
-      this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+      this.asNode().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
       or
       // use dummy location for elements that don't have a corresponding node
-      not exists(this.getLocation()) and
+      not exists(this.asNode()) and
       filepath = "" and
       startline = 0 and
       startcolumn = 0 and

go/ql/lib/semmle/go/Types.qll

@@ -144,24 +144,19 @@ class Type extends @type {
    */
   string toString() { result = this.getName() }
 
-  /** Gets the location of this type. */
-  Location getLocation() { result = this.getEntity().getLocation() }
-
   /**
-   * DEPRECATED: Use `getLocation()` instead.
-   *
    * Holds if this element is at the specified location.
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
-  deprecated predicate hasLocationInfo(
+  predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    this.getEntity().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
     or
-    not exists(this.getLocation()) and
+    not exists(this.getEntity()) and
     filepath = "" and
     startline = 0 and
     startcolumn = 0 and

go/ql/lib/semmle/go/VariableWithFields.qll

@@ -183,21 +183,16 @@ class VariableWithFields extends TVariableWithFields {
    */
   string getElement() { this = TVariableElementStep(_, result) }
 
-  /** Gets the location of this variable with fields. */
-  Location getLocation() { result = this.getBaseVariable().getLocation() }
-
   /**
-   * DEPRECATED: Use `getLocation()` instead.
-   *
    * Holds if this element is at the specified location.
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
-  deprecated predicate hasLocationInfo(
+  predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    this.getBaseVariable().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
 }

go/ql/lib/semmle/go/controlflow/BasicBlocks.qll

@@ -114,22 +114,17 @@ class BasicBlock extends TControlFlowNode {
   /** Gets a textual representation of this basic block. */
   string toString() { result = "basic block" }
 
-  /** Gets the source location for this element. */
-  Location getLocation() { result = this.getFirstNode().getLocation() }
-
   /**
-   * DEPRECATED: Use `getLocation()` instead.
-   *
    * Holds if this basic block is at the specified location.
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
-  deprecated predicate hasLocationInfo(
+  predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    this.getFirstNode().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
 }
 

go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll

@@ -77,31 +77,23 @@ module ControlFlow {
     Root getRoot() { none() }
 
     /** Gets the file to which this node belongs. */
-    File getFile() { result = this.getLocation().getFile() }
+    File getFile() { this.hasLocationInfo(result.getAbsolutePath(), _, _, _, _) }
 
     /**
      * Gets a textual representation of this control flow node.
      */
     string toString() { result = "control-flow node" }
 
-    /** Gets the source location for this element. */
-    Location getLocation() { none() }
-
     /**
-     * DEPRECATED: Use `getLocation()` instead.
-     *
      * Holds if this element is at the specified location.
      * The location spans column `startcolumn` of line `startline` to
      * column `endcolumn` of line `endline` in file `filepath`.
      * For more information, see
      * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
      */
-    deprecated predicate hasLocationInfo(
+    predicate hasLocationInfo(
       string filepath, int startline, int startcolumn, int endline, int endcolumn
     ) {
-      this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-      or
-      not exists(this.getLocation()) and
       filepath = "" and
       startline = 0 and
       startcolumn = 0 and
@@ -252,7 +244,11 @@ module ControlFlow {
 
     override string toString() { result = cond + " is " + outcome }
 
-    override Location getLocation() { result = cond.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      cond.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**

go/ql/lib/semmle/go/controlflow/ControlFlowGraphImpl.qll

@@ -418,7 +418,11 @@ class SkipNode extends ControlFlow::Node, MkSkipNode {
 
   override string toString() { result = "skip" }
 
-  override Location getLocation() { result = skip.getLocation() }
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    skip.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
 }
 
 /**
@@ -433,7 +437,11 @@ class EntryNode extends ControlFlow::Node, MkEntryNode {
 
   override string toString() { result = "entry" }
 
-  override Location getLocation() { result = root.getLocation() }
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    root.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
 }
 
 /**
@@ -448,7 +456,11 @@ class ExitNode extends ControlFlow::Node, MkExitNode {
 
   override string toString() { result = "exit" }
 
-  override Location getLocation() { result = root.getLocation() }
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    root.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
 }
 
 /**

go/ql/lib/semmle/go/controlflow/IR.qll

@@ -218,7 +218,11 @@ module IR {
 
     override string toString() { result = e.toString() }
 
-    override Location getLocation() { result = e.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      e.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -360,7 +364,11 @@ module IR {
 
     override string toString() { result = "implicit read of field " + field.toString() }
 
-    override Location getLocation() { result = e.getBase().getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      e.getBase().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -475,7 +483,11 @@ module IR {
 
     override string toString() { result = "init of " + elt }
 
-    override Location getLocation() { result = elt.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      elt.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -632,7 +644,11 @@ module IR {
 
     override string toString() { result = "element index" }
 
-    override Location getLocation() { result = elt.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      elt.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -666,7 +682,11 @@ module IR {
 
     override string toString() { result = "assignment to " + this.getLhs() }
 
-    override Location getLocation() { result = this.getLhs().getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      this.getLhs().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /** An instruction computing the value of the right-hand side of a compound assignment. */
@@ -684,7 +704,11 @@ module IR {
 
     override string toString() { result = assgn.toString() }
 
-    override Location getLocation() { result = assgn.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      assgn.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -768,7 +792,11 @@ module IR {
 
     override string toString() { result = s + "[" + i + "]" }
 
-    override Location getLocation() { result = s.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      s.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -812,7 +840,11 @@ module IR {
 
     override string toString() { result = "zero value for " + v }
 
-    override Location getLocation() { result = v.getDeclaration().getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      v.getDeclaration().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -827,7 +859,11 @@ module IR {
 
     override string toString() { result = fd.toString() }
 
-    override Location getLocation() { result = fd.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      fd.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -842,7 +878,11 @@ module IR {
 
     override string toString() { result = defer.toString() }
 
-    override Location getLocation() { result = defer.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      defer.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -857,7 +897,11 @@ module IR {
 
     override string toString() { result = go.toString() }
 
-    override Location getLocation() { result = go.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      go.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -874,7 +918,11 @@ module IR {
 
     override string toString() { result = ids.toString() }
 
-    override Location getLocation() { result = ids.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      ids.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -895,7 +943,11 @@ module IR {
 
     override string toString() { result = "rhs of " + ids }
 
-    override Location getLocation() { result = ids.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      ids.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -923,7 +975,11 @@ module IR {
 
     override string toString() { result = "1" }
 
-    override Location getLocation() { result = ids.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      ids.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -958,7 +1014,11 @@ module IR {
 
     override string toString() { result = ret.toString() }
 
-    override Location getLocation() { result = ret.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      ret.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -988,7 +1048,11 @@ module IR {
 
     override string toString() { result = "implicit write of " + var }
 
-    override Location getLocation() { result = ret.getResult(i).getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      ret.getResult(i).hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1008,7 +1072,11 @@ module IR {
 
     override string toString() { result = "implicit read of " + var }
 
-    override Location getLocation() { result = var.getDeclaration().getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      var.getDeclaration().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1023,7 +1091,11 @@ module IR {
 
     override string toString() { result = sel.toString() }
 
-    override Location getLocation() { result = sel.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      sel.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1038,7 +1110,11 @@ module IR {
 
     override string toString() { result = send.toString() }
 
-    override Location getLocation() { result = send.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      send.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1055,7 +1131,11 @@ module IR {
 
     override string toString() { result = "initialization of " + parm }
 
-    override Location getLocation() { result = parm.getDeclaration().getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      parm.getDeclaration().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1072,7 +1152,11 @@ module IR {
 
     override string toString() { result = "argument corresponding to " + parm }
 
-    override Location getLocation() { result = parm.getDeclaration().getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      parm.getDeclaration().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1089,7 +1173,11 @@ module IR {
 
     override string toString() { result = "initialization of " + res }
 
-    override Location getLocation() { result = res.getDeclaration().getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      res.getDeclaration().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1109,7 +1197,11 @@ module IR {
 
     override string toString() { result = "next key-value pair in range" }
 
-    override Location getLocation() { result = rs.getDomain().getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      rs.getDomain().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1134,7 +1226,11 @@ module IR {
 
     override string toString() { result = "true" }
 
-    override Location getLocation() { result = stmt.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      stmt.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1163,7 +1259,11 @@ module IR {
 
     override string toString() { result = "case " + cc.getExpr(i) }
 
-    override Location getLocation() { result = cc.getExpr(i).getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      cc.getExpr(i).hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1205,7 +1305,11 @@ module IR {
 
     override string toString() { result = "implicit type switch variable declaration" }
 
-    override Location getLocation() { result = cc.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      cc.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1231,7 +1335,11 @@ module IR {
 
     override string toString() { result = "0" }
 
-    override Location getLocation() { result = slice.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      slice.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1249,7 +1357,11 @@ module IR {
 
     override string toString() { result = "len" }
 
-    override Location getLocation() { result = slice.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      slice.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1267,7 +1379,11 @@ module IR {
 
     override string toString() { result = "cap" }
 
-    override Location getLocation() { result = slice.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      slice.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1290,7 +1406,11 @@ module IR {
 
     override string toString() { result = "implicit dereference" }
 
-    override Location getLocation() { result = e.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      e.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /** A representation of the target of a write instruction. */
@@ -1318,29 +1438,17 @@ module IR {
     /** Gets a textual representation of this target. */
     string toString() { result = "write target" }
 
-    /** Gets the source location for this element. */
-    Location getLocation() { none() }
-
     /**
-     * DEPRECATED: Use `getLocation()` instead.
-     *
      * Holds if this element is at the specified location.
      * The location spans column `startcolumn` of line `startline` to
      * column `endcolumn` of line `endline` in file `filepath`.
      * For more information, see
      * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
      */
-    deprecated predicate hasLocationInfo(
+    predicate hasLocationInfo(
       string filepath, int startline, int startcolumn, int endline, int endcolumn
     ) {
-      this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-      or
-      not exists(this.getLocation()) and
-      filepath = "" and
-      startline = 0 and
-      startcolumn = 0 and
-      endline = 0 and
-      endcolumn = 0
+      filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
     }
   }
 
@@ -1393,7 +1501,11 @@ module IR {
 
     override string toString() { result = this.getName() }
 
-    override Location getLocation() { result = loc.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      loc.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /** A reference to a field, used as the target of a write. */
@@ -1433,10 +1545,14 @@ module IR {
       result = "field " + w.(InitLiteralStructFieldInstruction).getFieldName()
     }
 
-    override Location getLocation() {
-      exists(SelectorExpr sel | this = MkLhs(_, sel) | result = sel.getLocation())
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      exists(SelectorExpr sel | this = MkLhs(_, sel) |
+        sel.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+      )
       or
-      result = w.(InitLiteralStructFieldInstruction).getLocation()
+      w.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
     }
   }
 
@@ -1466,10 +1582,14 @@ module IR {
 
     override string toString() { result = "element" }
 
-    override Location getLocation() {
-      exists(IndexExpr idx | this = MkLhs(_, idx) | result = idx.getLocation())
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      exists(IndexExpr idx | this = MkLhs(_, idx) |
+        idx.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+      )
       or
-      result = w.(InitLiteralElementInstruction).getLocation()
+      w.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
     }
   }
 
@@ -1493,7 +1613,11 @@ module IR {
 
     override string toString() { result = lhs.toString() }
 
-    override Location getLocation() { result = lhs.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      lhs.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**

go/ql/lib/semmle/go/dataflow/GlobalValueNumbering.qll

@@ -300,9 +300,7 @@ class GVN extends GvnBase {
     // just an arbitrary way to pick an expression with this `GVN`.
     result =
       min(DataFlow::Node e, string f, int l, int c, string k |
-        e = this.getANode() and
-        e.getLocation().hasLocationInfo(f, l, c, _, _) and
-        k = e.getNodeKind()
+        e = this.getANode() and e.hasLocationInfo(f, l, c, _, _) and k = e.getNodeKind()
       |
         e order by f, l, c, k
       )
@@ -311,22 +309,17 @@ class GVN extends GvnBase {
   /** Gets a textual representation of this element. */
   string toString() { result = this.exampleNode().toString() }
 
-  /** Gets the location of this element. */
-  Location getLocation() { result = this.exampleNode().getLocation() }
-
   /**
-   * DEPRECATED: Use `getLocation()` instead.
-   *
    * Holds if this element is at the specified location.
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
-  deprecated predicate hasLocationInfo(
+  predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    this.exampleNode().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
 }
 

go/ql/lib/semmle/go/dataflow/SSA.qll

@@ -85,22 +85,17 @@ class SsaVariable extends TSsaDefinition {
   /** Gets a textual representation of this element. */
   string toString() { result = this.getDefinition().prettyPrintRef() }
 
-  /** Gets the location of this SSA variable. */
-  Location getLocation() { result = this.getDefinition().getLocation() }
-
   /**
-   * DEPRECATED: Use `getLocation()` instead.
-   *
    * Holds if this element is at the specified location.
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
-  deprecated predicate hasLocationInfo(
+  predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    this.getDefinition().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
 }
 
@@ -149,23 +144,16 @@ class SsaDefinition extends TSsaDefinition {
   /** Gets a textual representation of this element. */
   string toString() { result = this.prettyPrintDef() }
 
-  /** Gets the source location for this element. */
-  abstract Location getLocation();
-
   /**
-   * DEPRECATED: Use `getLocation()` instead.
-   *
    * Holds if this element is at the specified location.
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
-  deprecated predicate hasLocationInfo(
+  abstract predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
-  ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-  }
+  );
 }
 
 /**
@@ -189,14 +177,16 @@ class SsaExplicitDefinition extends SsaDefinition, TExplicitDef {
   override SsaSourceVariable getSourceVariable() { this = TExplicitDef(_, _, result) }
 
   override string prettyPrintRef() {
-    exists(Location loc | loc = this.getLocation() |
-      result = "def@" + loc.getStartLine() + ":" + loc.getStartColumn()
-    )
+    exists(int l, int c | this.hasLocationInfo(_, l, c, _, _) | result = "def@" + l + ":" + c)
   }
 
   override string prettyPrintDef() { result = "definition of " + this.getSourceVariable() }
 
-  override Location getLocation() { result = this.getInstruction().getLocation() }
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    this.getInstruction().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
 }
 
 /** Provides a helper predicate for working with explicit SSA definitions. */
@@ -219,12 +209,16 @@ abstract class SsaImplicitDefinition extends SsaDefinition {
   abstract string getKind();
 
   override string prettyPrintRef() {
-    exists(Location loc | loc = this.getLocation() |
-      result = this.getKind() + "@" + loc.getStartLine() + ":" + loc.getStartColumn()
+    exists(int l, int c | this.hasLocationInfo(_, l, c, _, _) |
+      result = this.getKind() + "@" + l + ":" + c
     )
   }
 
-  override Location getLocation() { result = this.getBasicBlock().getLocation() }
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    this.getBasicBlock().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
 }
 
 /**
@@ -247,9 +241,11 @@ class SsaVariableCapture extends SsaImplicitDefinition, TCapture {
 
   override string prettyPrintDef() { result = "capture variable " + this.getSourceVariable() }
 
-  override Location getLocation() {
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
     exists(ReachableBasicBlock bb, int i | this.definesAt(bb, i, _) |
-      result = bb.getNode(i).getLocation()
+      bb.getNode(i).hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
     )
   }
 }
@@ -295,7 +291,11 @@ class SsaPhiNode extends SsaPseudoDefinition, TPhi {
     result = this.getSourceVariable() + " = phi(" + this.ppInputs() + ")"
   }
 
-  override Location getLocation() { result = this.getBasicBlock().getLocation() }
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    this.getBasicBlock().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
 }
 
 /**
@@ -383,22 +383,17 @@ class SsaWithFields extends TSsaWithFields {
     )
   }
 
-  /** Gets the location of this SSA variable with fields. */
-  Location getLocation() { result = this.getBaseVariable().getLocation() }
-
   /**
-   * DEPRECATED: Use `getLocation()` instead.
-   *
    * Holds if this element is at the specified location.
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
-  deprecated predicate hasLocationInfo(
+  predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    this.getBaseVariable().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
 }
 

go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll

@@ -78,7 +78,9 @@ module Private {
       result = this.getSummaryNode().getSummarizedCallable()
     }
 
-    override Location getLocation() { result = this.getSummarizedCallable().getLocation() }
+    override predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
+      this.getSummarizedCallable().hasLocationInfo(fp, sl, sc, el, ec)
+    }
 
     override string toString() { result = this.getSummaryNode().toString() }
 
@@ -138,38 +140,45 @@ module Public {
     /** Gets a textual representation of this element. */
     string toString() { result = "data-flow node" } // overridden in subclasses
 
-    /** Gets the location of this node. */
-    Location getLocation() { none() }
-
     /**
-     * DEPRECATED: Use `getLocation()` instead.
-     *
      * Holds if this element is at the specified location.
      * The location spans column `startcolumn` of line `startline` to
      * column `endcolumn` of line `endline` in file `filepath`.
      * For more information, see
      * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
      */
-    deprecated predicate hasLocationInfo(
+    predicate hasLocationInfo(
       string filepath, int startline, int startcolumn, int endline, int endcolumn
     ) {
-      this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+      filepath = "" and
+      startline = 0 and
+      startcolumn = 0 and
+      endline = 0 and
+      endcolumn = 0
+    }
+
+    /** Gets the location of this node. */
+    Location getLocation() {
+      exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
+        this.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
+        result.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+      )
     }
 
     /** Gets the file in which this node appears. */
-    File getFile() { result = this.getLocation().getFile() }
+    File getFile() { this.hasLocationInfo(result.getAbsolutePath(), _, _, _, _) }
 
     /** Gets the start line of the location of this node. */
-    int getStartLine() { result = this.getLocation().getStartLine() }
+    int getStartLine() { this.hasLocationInfo(_, result, _, _, _) }
 
     /** Gets the start column of the location of this node. */
-    int getStartColumn() { result = this.getLocation().getStartColumn() }
+    int getStartColumn() { this.hasLocationInfo(_, _, result, _, _) }
 
     /** Gets the end line of the location of this node. */
-    int getEndLine() { result = this.getLocation().getEndLine() }
+    int getEndLine() { this.hasLocationInfo(_, _, _, result, _) }
 
     /** Gets the end column of the location of this node. */
-    int getEndColumn() { result = this.getLocation().getEndColumn() }
+    int getEndColumn() { this.hasLocationInfo(_, _, _, _, result) }
 
     /**
      * Gets an upper bound on the type of this node.
@@ -253,7 +262,11 @@ module Public {
 
     override string toString() { result = insn.toString() }
 
-    override Location getLocation() { result = insn.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      insn.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -299,7 +312,11 @@ module Public {
 
     override string toString() { result = ssa.toString() }
 
-    override Location getLocation() { result = ssa.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      ssa.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   private module FunctionNode {
@@ -391,7 +408,11 @@ module Public {
 
     override string toString() { result = "function " + func.getName() }
 
-    override Location getLocation() { result = func.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      func.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
 
     override ResultNode getAResult() {
       result.getRoot() = this.getFunction().(DeclaredFunction).getFuncDecl()
@@ -443,7 +464,11 @@ module Public {
 
     override string toString() { result = "[]type{args}" }
 
-    override Location getLocation() { result = call.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      call.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 
   /**
@@ -1052,7 +1077,11 @@ module Public {
 
     override string toString() { result = "slice element node" }
 
-    override Location getLocation() { result = si.getLocation() }
+    override predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      si.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
 
     /** Gets the `SliceNode` which this node relates to. */
     SliceNode getSliceNode() { result = DataFlow::instructionNode(si) }

go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll

@@ -301,27 +301,35 @@ class DataFlowCallable extends TDataFlowCallable {
     result = "Summary: " + this.asSummarizedCallable().toString()
   }
 
-  /** Gets the location of this callable. */
-  Location getLocation() {
-    result = this.asCallable().getLocation() or
-    result = this.asFileScope().getLocation() or
-    result = this.asSummarizedCallable().getLocation()
-  }
-
   /**
-   * DEPRECATED: Use `getLocation()` instead.
-   *
    * Holds if this callable is at the specified location.
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
-  deprecated predicate hasLocationInfo(
+  predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    this.asCallable().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) or
+    this.asFileScope().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) or
+    this.asSummarizedCallable()
+        .hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
+
+  /** Gets the location of this callable. */
+  Location getLocation() {
+    result = getCallableLocation(this.asCallable()) or
+    result = this.asFileScope().getLocation() or
+    result = getCallableLocation(this.asSummarizedCallable())
+  }
+}
+
+private Location getCallableLocation(Callable c) {
+  exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
+    c.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
+    result.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  )
 }
 
 /** A function call relevant for data flow. */

go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll

@@ -170,29 +170,17 @@ class Content extends TContent {
   /** Gets a textual representation of this element. */
   abstract string toString();
 
-  /** Gets the location of this element. */
-  Location getLocation() { none() }
-
   /**
-   * DEPRECATED: Use `getLocation()` instead.
-   *
    * Holds if this element is at the specified location.
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
-  deprecated predicate hasLocationInfo(
+  predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-    or
-    not exists(this.getLocation()) and
-    filepath = "" and
-    startline = 0 and
-    startcolumn = 0 and
-    endline = 0 and
-    endcolumn = 0
+    filepath = "" and startline = 0 and startcolumn = 0 and endline = 0 and endcolumn = 0
   }
 
   /**
@@ -214,7 +202,9 @@ class FieldContent extends Content, TFieldContent {
 
   override string toString() { result = f.toString() }
 
-  override Location getLocation() { result = f.getDeclaration().getLocation() }
+  override predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
+    f.getDeclaration().hasLocationInfo(path, sl, sc, el, ec)
+  }
 }
 
 /** A reference through the contents of some collection-like container. */
@@ -287,31 +277,26 @@ class ContentSet instanceof TContentSet {
 
   /** Gets a textual representation of this content set. */
   string toString() {
-    result = this.asOneContent().toString()
+    exists(Content c | this = TOneContent(c) | result = c.toString())
     or
     this = TAllContent() and result = "all content"
   }
 
   /**
-   * Gets the location of this content set, if it contains only one `Content`.
-   */
-  Location getLocation() { result = this.asOneContent().getLocation() }
-
-  /**
-   * DEPRECATED: Use `getLocation()` instead.
-   *
    * Holds if this element is at the specified location.
    * The location spans column `startcolumn` of line `startline` to
    * column `endcolumn` of line `endline` in file `filepath`.
    * For more information, see
    * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
    */
-  deprecated predicate hasLocationInfo(
+  predicate hasLocationInfo(
     string filepath, int startline, int startcolumn, int endline, int endcolumn
   ) {
-    this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    exists(Content c | this = TOneContent(c) |
+      c.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    )
     or
-    not exists(this.getLocation()) and
+    this = TAllContent() and
     filepath = "" and
     startline = 0 and
     startcolumn = 0 and

go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll

@@ -222,17 +222,16 @@ module SourceSinkInterpretationInput implements
 
     /** Gets the location of this element. */
     Location getLocation() {
-      result = this.asEntity().getLocation() or
-      result = this.asAstNode().getLocation()
+      exists(string fp, int sl, int sc, int el, int ec |
+        this.hasLocationInfo(fp, sl, sc, el, ec) and
+        result.hasLocationInfo(fp, sl, sc, el, ec)
+      )
     }
 
-    /**
-     * DEPRECATED: Use `getLocation()` instead.
-     *
-     * Holds if this element is at the specified location.
-     */
-    deprecated predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
-      this.getLocation().hasLocationInfo(fp, sl, sc, el, ec)
+    /** Holds if this element is at the specified location. */
+    predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
+      this.asEntity().hasLocationInfo(fp, sl, sc, el, ec) or
+      this.asAstNode().hasLocationInfo(fp, sl, sc, el, ec)
     }
   }
 
@@ -281,18 +280,17 @@ module SourceSinkInterpretationInput implements
     }
 
     /** Gets the location of this node. */
-    Location getLocation() {
-      result = this.asElement().getLocation() or
-      result = this.asNode().getLocation()
+    predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
+      this.asElement().hasLocationInfo(fp, sl, sc, el, ec)
+      or
+      this.asNode().hasLocationInfo(fp, sl, sc, el, ec)
     }
 
-    /**
-     * DEPRECATED: Use `getLocation()` instead.
-     *
-     * Gets the location of this node.
-     */
-    deprecated predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
-      this.getLocation().hasLocationInfo(fp, sl, sc, el, ec)
+    Location getLocation() {
+      exists(string fp, int sl, int sc, int el, int ec |
+        this.hasLocationInfo(fp, sl, sc, el, ec) and
+        result.hasLocationInfo(fp, sl, sc, el, ec)
+      )
     }
   }
 

go/ql/lib/semmle/go/frameworks/GoMicro.qll

@@ -35,7 +35,7 @@ module GoMicro {
    */
   class ProtocMessageType extends Type {
     ProtocMessageType() {
-      this.getLocation().getFile() instanceof ProtocGeneratedFile and
+      this.hasLocationInfo(any(ProtocGeneratedFile f).getAbsolutePath(), _, _, _, _) and
       exists(MethodDecl md |
         md.getName() = "ProtoMessage" and
         this = md.getReceiverDecl().getTypeExpr().getAChild().(TypeName).getType()
@@ -51,7 +51,7 @@ module GoMicro {
 
     ServiceInterfaceType() {
       this = definedType.getUnderlyingType() and
-      definedType.getLocation().getFile() instanceof ProtocGeneratedFile
+      definedType.hasLocationInfo(any(ProtocGeneratedFile f).getAbsolutePath(), _, _, _, _)
     }
 
     /**
@@ -75,7 +75,7 @@ module GoMicro {
     ServiceServerType() {
       this.implements(any(ServiceInterfaceType i)) and
       this.getName().regexpMatch("(?i).*Handler") and
-      this.getLocation().getFile() instanceof ProtocGeneratedFile
+      this.hasLocationInfo(any(ProtocGeneratedFile f).getAbsolutePath(), _, _, _, _)
     }
   }
 
@@ -86,7 +86,7 @@ module GoMicro {
     ClientServiceType() {
       this.implements(any(ServiceInterfaceType i)) and
       this.getName().regexpMatch("(?i).*Service") and
-      this.getLocation().getFile() instanceof ProtocGeneratedFile
+      this.hasLocationInfo(any(ProtocGeneratedFile f).getAbsolutePath(), _, _, _, _)
     }
   }
 
@@ -97,7 +97,7 @@ module GoMicro {
     ServiceRegisterHandler() {
       this.getName().regexpMatch("(?i)register" + any(ServiceServerType c).getName()) and
       this.getParameterType(0) instanceof GoMicroServerType and
-      this.getLocation().getFile() instanceof ProtocGeneratedFile
+      this.hasLocationInfo(any(ProtocGeneratedFile f).getAbsolutePath(), _, _, _, _)
     }
   }
 
@@ -128,7 +128,7 @@ module GoMicro {
       this.getName().regexpMatch("(?i)new" + any(ClientServiceType c).getName()) and
       this.getParameterType(0) instanceof StringType and
       this.getParameterType(1) instanceof GoMicroClientType and
-      this.getLocation().getFile() instanceof ProtocGeneratedFile
+      this.hasLocationInfo(any(ProtocGeneratedFile f).getAbsolutePath(), _, _, _, _)
     }
   }
 

go/ql/lib/semmle/go/frameworks/Gorqlite.qll

@@ -1,35 +0,0 @@
-/**
- * Provides classes modeling security-relevant aspects of the `gorqlite` package.
- */
-
-import go
-
-/**
- * Provides classes modeling security-relevant aspects of the `gorqlite` package.
- */
-module Gorqlite {
-  private string packagePath() {
-    result =
-      package([
-          "github.com/rqlite/gorqlite", "github.com/raindog308/gorqlite",
-          "github.com/kanikanema/gorqlite"
-        ], "")
-  }
-
-  // These are expressed using TaintTracking::FunctionModel because varargs functions don't work with Models-as-Data summaries yet.
-  private class QueryResultScan extends TaintTracking::FunctionModel, Method {
-    FunctionInput inp;
-    FunctionOutput outp;
-
-    QueryResultScan() {
-      // signature: func (qr *QueryResult) Scan(dest ...interface{}) error
-      this.hasQualifiedName(packagePath(), "QueryResult", "Scan") and
-      inp.isReceiver() and
-      outp.isParameter(_)
-    }
-
-    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
-      input = inp and output = outp
-    }
-  }
-}

go/ql/lib/semmle/go/frameworks/Twirp.qll

@@ -37,7 +37,9 @@ module Twirp {
 
   /** A type representing a protobuf message. */
   class ProtobufMessageType extends Type {
-    ProtobufMessageType() { this.getLocation().getFile() instanceof ProtobufGeneratedFile }
+    ProtobufMessageType() {
+      this.hasLocationInfo(any(ProtobufGeneratedFile f).getAbsolutePath(), _, _, _, _)
+    }
   }
 
   /** An interface type representing a Twirp service. */
@@ -46,7 +48,7 @@ module Twirp {
 
     ServiceInterfaceType() {
       definedType.getUnderlyingType() = this and
-      definedType.getLocation().getFile() instanceof ServicesGeneratedFile
+      definedType.hasLocationInfo(any(ServicesGeneratedFile f).getAbsolutePath(), _, _, _, _)
     }
 
     /** Gets the name of the interface. */
@@ -66,7 +68,7 @@ module Twirp {
         p.implements(i) and
         this = p.getBaseType() and
         this.getName().regexpMatch("(?i)" + i.getName() + "(protobuf|json)client") and
-        this.getLocation().getFile() instanceof ServicesGeneratedFile
+        this.hasLocationInfo(any(ServicesGeneratedFile f).getAbsolutePath(), _, _, _, _)
       )
     }
   }
@@ -77,7 +79,7 @@ module Twirp {
       exists(ServiceInterfaceType i |
         this.implements(i) and
         this.getName().regexpMatch("(?i)" + i.getName() + "server") and
-        this.getLocation().getFile() instanceof ServicesGeneratedFile
+        this.hasLocationInfo(any(ServicesGeneratedFile f).getAbsolutePath(), _, _, _, _)
       )
     }
   }
@@ -88,7 +90,7 @@ module Twirp {
       this.getName().regexpMatch("(?i)new" + any(ServiceClientType c).getName()) and
       this.getParameterType(0) instanceof StringType and
       this.getParameterType(1).getName() = "HTTPClient" and
-      this.getLocation().getFile() instanceof ServicesGeneratedFile
+      this.hasLocationInfo(any(ServicesGeneratedFile f).getAbsolutePath(), _, _, _, _)
     }
   }
 
@@ -101,7 +103,7 @@ module Twirp {
     ServerConstructor() {
       this.getName().regexpMatch("(?i)new" + any(ServiceServerType c).getName()) and
       this.getParameterType(0) = any(ServiceInterfaceType i).getDefinedType() and
-      this.getLocation().getFile() instanceof ServicesGeneratedFile
+      this.hasLocationInfo(any(ServicesGeneratedFile f).getAbsolutePath(), _, _, _, _)
     }
   }
 

go/ql/lib/semmle/go/frameworks/stdlib/HtmlTemplate.qll

@@ -66,7 +66,7 @@ module HtmlTemplate {
     string getBody() { result = text.regexpCapture("(?s)\\{\\{(.*)\\}\\}", 1) } // matches the inside of the curly bracket delimiters
 
     /** Gets the file in which this statement appears. */
-    File getFile() { result = this.getLocation().getFile() }
+    File getFile() { this.hasLocationInfo(result.getAbsolutePath(), _, _, _, _) }
 
     /** Gets a textual representation of this statement. */
     string toString() { result = "HTML template statement" }
@@ -74,22 +74,17 @@ module HtmlTemplate {
     /** Get the HTML element that contains this template statement. */
     HTML::TextNode getEnclosingTextNode() { result = parent }
 
-    /** Gets the location of this template statement. */
-    Location getLocation() { result = parent.getLocation() }
-
     /**
-     * DEPRECATED: Use `getLocation()` instead.
-     *
      * Holds if this element is at the specified location.
      * The location spans column `startcolumn` of line `startline` to
      * column `endcolumn` of line `endline` in file `filepath`.
      * For more information, see
      * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
      */
-    deprecated predicate hasLocationInfo(
+    predicate hasLocationInfo(
       string filepath, int startline, int startcolumn, int endline, int endcolumn
     ) {
-      this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+      parent.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
     }
   }
 
@@ -119,7 +114,7 @@ module HtmlTemplate {
     }
 
     /** Gets the file in which this read appears. */
-    File getFile() { result = this.getLocation().getFile() }
+    File getFile() { this.hasLocationInfo(result.getAbsolutePath(), _, _, _, _) }
 
     /** Gets a textual representation of this statement. */
     string toString() { result = "HTML template read of " + text }
@@ -127,21 +122,17 @@ module HtmlTemplate {
     /** Get the HTML element that contains this template read. */
     HTML::TextNode getEnclosingTextNode() { result = parent.getEnclosingTextNode() }
 
-    /** Gets the location of this template statement. */
-    Location getLocation() { result = parent.getLocation() }
-    // /**
-    //  * DEPRECATED: Use `getLocation()` instead.
-    //  *
-    //  * Holds if this element is at the specified location.
-    //  * The location spans column `startcolumn` of line `startline` to
-    //  * column `endcolumn` of line `endline` in file `filepath`.
-    //  * For more information, see
-    //  * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
-    //  */
-    // predicate hasLocationInfo(
-    //   string filepath, int startline, int startcolumn, int endline, int endcolumn
-    // ) {
-    //   this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
-    // }
+    /**
+     * Holds if this element is at the specified location.
+     * The location spans column `startcolumn` of line `startline` to
+     * column `endcolumn` of line `endline` in file `filepath`.
+     * For more information, see
+     * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+     */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      parent.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
   }
 }

go/ql/lib/semmle/go/internal/Locations.qll

@@ -0,0 +1,150 @@
+/** Provides classes for working with locations and program elements that have locations. */
+
+import go
+
+// Should _not_ be cached, as that would require the data flow stage to be evaluated
+// in order to evaluate the AST stage. Ideally, we would cache each injector separately,
+// but that's not possible. Instead, we cache all predicates that need the injectors
+// to be tuple numbered.
+newtype TLocation =
+  TDbLocation(@location loc) or
+  TSynthLocation(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
+    any(DataFlow::Node n).hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
+    // avoid overlap with existing DB locations
+    not existingDBLocation(filepath, startline, startcolumn, endline, endcolumn)
+  }
+
+pragma[nomagic]
+private predicate existingDBLocation(
+  string filepath, int startline, int startcolumn, int endline, int endcolumn
+) {
+  exists(File f |
+    locations_default(_, f, startline, startcolumn, endline, endcolumn) and
+    f.getAbsolutePath() = filepath
+  )
+}
+
+/**
+ * A location as given by a file, a start line, a start column,
+ * an end line, and an end column.
+ *
+ * For more information about locations see [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+ */
+abstract class LocationImpl extends TLocation {
+  /** Gets the file for this location. */
+  abstract File getFile();
+
+  /** Gets the 1-based line number (inclusive) where this location starts. */
+  abstract int getStartLine();
+
+  /** Gets the 1-based column number (inclusive) where this location starts. */
+  abstract int getStartColumn();
+
+  /** Gets the 1-based line number (inclusive) where this location ends. */
+  abstract int getEndLine();
+
+  /** Gets the 1-based column number (inclusive) where this location ends. */
+  abstract int getEndColumn();
+
+  /** Gets the number of lines covered by this location. */
+  int getNumLines() { result = this.getEndLine() - this.getStartLine() + 1 }
+
+  /** Gets a textual representation of this element. */
+  string toString() {
+    exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
+      this.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
+      result = filepath + "@" + startline + ":" + startcolumn + ":" + endline + ":" + endcolumn
+    )
+  }
+
+  /**
+   * Holds if this element is at the specified location.
+   * The location spans column `startcolumn` of line `startline` to
+   * column `endcolumn` of line `endline` in file `filepath`.
+   * For more information, see
+   * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+   */
+  abstract predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  );
+}
+
+class DbLocationImpl extends LocationImpl instanceof DbLocation {
+  private @location loc;
+
+  DbLocationImpl() { this = TDbLocation(loc) }
+
+  override File getFile() { result = DbLocation.super.getFile() }
+
+  override int getStartLine() { result = DbLocation.super.getStartLine() }
+
+  override int getStartColumn() { result = DbLocation.super.getStartColumn() }
+
+  override int getEndLine() { result = DbLocation.super.getEndLine() }
+
+  override int getEndColumn() { result = DbLocation.super.getEndColumn() }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    DbLocation.super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
+}
+
+class SynthLocationImpl extends LocationImpl, TSynthLocation {
+  override File getFile() { synthLocationInfo(this, result.getAbsolutePath(), _, _, _, _) }
+
+  override int getStartLine() { synthLocationInfo(this, _, result, _, _, _) }
+
+  override int getStartColumn() { synthLocationInfo(this, _, _, result, _, _) }
+
+  override int getEndLine() { synthLocationInfo(this, _, _, _, result, _) }
+
+  override int getEndColumn() { synthLocationInfo(this, _, _, _, _, result) }
+
+  override predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    synthLocationInfo(this, filepath, startline, startcolumn, endline, endcolumn)
+  }
+}
+
+cached
+private module Cached {
+  cached
+  DbLocation getLocatableLocation(@locatable l) {
+    exists(@location loc |
+      has_location(l, loc) or
+      xmllocations(l, loc)
+    |
+      result = TDbLocation(loc)
+    )
+  }
+
+  cached
+  DbLocation getDiagnosticLocation(@diagnostic d) {
+    exists(@location loc |
+      diagnostics(d, _, _, _, _, loc) and
+      result = TDbLocation(loc)
+    )
+  }
+
+  cached
+  predicate dbLocationInfo(
+    DbLocation l, File f, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    exists(@location loc |
+      l = TDbLocation(loc) and
+      locations_default(loc, f, startline, startcolumn, endline, endcolumn)
+    )
+  }
+}
+
+import Cached
+
+cached
+private predicate synthLocationInfo(
+  SynthLocationImpl l, string filepath, int startline, int startcolumn, int endline, int endcolumn
+) {
+  l = TSynthLocation(filepath, startline, startcolumn, endline, endcolumn)
+}

go/ql/src/InconsistentCode/WhitespaceContradictsPrecedence.ql

@@ -72,14 +72,11 @@ predicate interestingNesting(BinaryExpr inner, BinaryExpr outer) {
 
 /** Gets the number of whitespace characters around the operator `op` of `be`. */
 int getWhitespaceAroundOperator(BinaryExpr be, string op) {
-  exists(Location left, Location right |
-    be.getLeftOperand().getLocation() = left and
-    be.getRightOperand().getLocation() = right and
-    left.getFile() = right.getFile() and
-    left.getStartLine() = right.getStartLine()
-  |
+  exists(string file, int line, int left, int right |
+    be.getLeftOperand().hasLocationInfo(file, _, _, line, left) and
+    be.getRightOperand().hasLocationInfo(file, line, right, _, _) and
     op = be.getOperator() and
-    result = (right.getStartColumn() - left.getEndColumn() - op.length() - 1) / 2
+    result = (right - left - op.length() - 1) / 2
   )
 }
 

go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombTest.ql

@@ -10,7 +10,8 @@ module TestDecompressionBombs implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "hasValueFlow" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = "\"" + sink.toString() + "\""
     )

go/ql/test/experimental/frameworks/CleverGo/HeaderWrite.ql

@@ -8,7 +8,8 @@ module HttpHeaderWriteTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     // Dynamic key-value header:
     exists(Http::HeaderWrite hw |
-      hw.getLocation() = location and
+      hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       (
         element = hw.getName().toString() and
         value = hw.getName().toString() and
@@ -22,7 +23,8 @@ module HttpHeaderWriteTest implements TestSig {
     or
     // Static key, dynamic value header:
     exists(Http::HeaderWrite hw |
-      hw.getLocation() = location and
+      hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       (
         element = hw.getHeaderName().toString() and
         value = hw.getHeaderName() and
@@ -36,7 +38,8 @@ module HttpHeaderWriteTest implements TestSig {
     or
     // Static key, static value header:
     exists(Http::HeaderWrite hw |
-      hw.getLocation() = location and
+      hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       (
         element = hw.getHeaderName().toString() and
         value = hw.getHeaderName() and

go/ql/test/experimental/frameworks/CleverGo/HttpRedirect.ql

@@ -8,7 +8,8 @@ module HttpRedirectTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "redirectUrl" and
     exists(Http::Redirect rd |
-      rd.getLocation() = location and
+      rd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = rd.getUrl().toString() and
       value = rd.getUrl().toString()
     )

go/ql/test/experimental/frameworks/CleverGo/HttpResponseBody.ql

@@ -7,7 +7,8 @@ module HttpResponseBodyTest implements TestSig {
 
   predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(Http::ResponseBody rd |
-      rd.getLocation() = location and
+      rd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       (
         element = rd.getAContentType().toString() and
         value = rd.getAContentType().toString() and

go/ql/test/experimental/frameworks/CleverGo/RemoteSources.ql

@@ -14,7 +14,8 @@ module RemoteFlowSourceTest implements TestSig {
     |
       element = arg.toString() and
       value = "" and
-      arg.getLocation() = location
+      arg.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn())
     )
   }
 }

go/ql/test/experimental/frameworks/Fiber/HeaderWrite.ql

@@ -8,7 +8,8 @@ module HttpHeaderWriteTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     // Dynamic key-value header:
     exists(Http::HeaderWrite hw |
-      hw.getLocation() = location and
+      hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       (
         element = hw.getName().toString() and
         value = hw.getName().toString() and
@@ -22,7 +23,8 @@ module HttpHeaderWriteTest implements TestSig {
     or
     // Static key, dynamic value header:
     exists(Http::HeaderWrite hw |
-      hw.getLocation() = location and
+      hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       (
         element = hw.getHeaderName().toString() and
         value = hw.getHeaderName() and
@@ -36,7 +38,8 @@ module HttpHeaderWriteTest implements TestSig {
     or
     // Static key, static value header:
     exists(Http::HeaderWrite hw |
-      hw.getLocation() = location and
+      hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       (
         element = hw.getHeaderName().toString() and
         value = hw.getHeaderName() and

go/ql/test/experimental/frameworks/Fiber/Redirect.ql

@@ -8,7 +8,8 @@ module HttpRedirectTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "redirectUrl" and
     exists(Http::Redirect rd |
-      rd.getLocation() = location and
+      rd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = rd.getUrl().toString() and
       value = rd.getUrl().toString()
     )

go/ql/test/experimental/frameworks/Fiber/RemoteFlowSources.ql

@@ -14,7 +14,8 @@ module RemoteFlowSourceTest implements TestSig {
     |
       element = arg.toString() and
       value = "" and
-      arg.getLocation() = location
+      arg.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn())
     )
   }
 }

go/ql/test/experimental/frameworks/Fiber/ResponseBody.ql

@@ -7,7 +7,8 @@ module HttpResponseBodyTest implements TestSig {
 
   predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(Http::ResponseBody rd |
-      rd.getLocation() = location and
+      rd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       (
         element = rd.getAContentType().toString() and
         value = rd.getAContentType().toString() and

go/ql/test/extractor-tests/diagnostics/Diagnostics.ql

@@ -1,4 +1,5 @@
 import go
+private import semmle.go.internal.Locations
 
 bindingset[path]
 string baseName(string path) { result = path.regexpCapture(".*(/|\\\\)([^/\\\\]+)(/|\\\\)?$", 2) }
@@ -30,7 +31,12 @@ class Diagnostic extends @diagnostic {
     diagnostic_for(this, c, fileNum, idx)
   }
 
-  Location getLocation() { diagnostics(this, _, _, _, _, result) }
+  DbLocation getLocation() {
+    exists(@location loc |
+      diagnostics(this, _, _, _, _, loc) and
+      result = TDbLocation(loc)
+    )
+  }
 
   // string getTag() {
   //   diagnostics(this, _, result, _, _, _)

go/ql/test/library-tests/semmle/go/Function/TypeParamType.ql

@@ -1,7 +1,7 @@
 import go
 
 query predicate numberOfTypeParameters(TypeParamParentEntity parent, int n) {
-  exists(parent.getLocation().getFile()) and
+  exists(string file | file != "" | parent.hasLocationInfo(file, _, _, _, _)) and
   n = strictcount(TypeParamType tpt | tpt.getParent() = parent)
 }
 

go/ql/test/library-tests/semmle/go/Function/isVariadic.ql

@@ -7,7 +7,8 @@ module FunctionIsVariadicTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(CallExpr ce |
       ce.getTarget().isVariadic() and
-      ce.getLocation() = location and
+      ce.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = ce.toString() and
       value = "" and
       tag = "isVariadic"

go/ql/test/library-tests/semmle/go/GoModExpr/GoModExprs.ql

@@ -5,9 +5,9 @@ import go
  * that contains the substring "`kind`,`dep`,`ver`".
  */
 predicate metadata(Locatable l, string kind, string mod, string dep, string ver) {
-  exists(Comment c, string text |
-    l.getFile() = c.getFile() and
-    l.getLocation().getStartLine() = c.getLocation().getStartLine()
+  exists(string f, int line, Comment c, string text |
+    l.hasLocationInfo(f, line, _, _, _) and
+    c.hasLocationInfo(f, line, _, _, _)
   |
     text = c.getText().regexpFind("\\b([^,\\s]+,[^,]+,[^,]+,[^,\\s]+)", _, _) and
     kind = text.regexpCapture("([^,]+),([^,]+),([^,]+),([^,]+)", 1) and
@@ -19,27 +19,27 @@ predicate metadata(Locatable l, string kind, string mod, string dep, string ver)
 
 query predicate missingRequire(string mod, string dep, string ver, int line) {
   exists(Locatable l | metadata(l, "RequireLine", mod, dep, ver) |
-    line = l.getLocation().getStartLine()
+    l.hasLocationInfo(_, line, _, _, _)
   ) and
   not exists(GoModRequireLine req |
     req.getModulePath() = mod and
     req.getPath() = dep and
     req.getVersion() = ver and
     metadata(req, "RequireLine", mod, dep, ver) and
-    line = req.getLocation().getStartLine()
+    req.hasLocationInfo(_, line, _, _, _)
   )
 }
 
 query predicate missingExclude(string mod, string dep, string ver, int line) {
   exists(Locatable l | metadata(l, "ExcludeLine", mod, dep, ver) |
-    line = l.getLocation().getStartLine()
+    l.hasLocationInfo(_, line, _, _, _)
   ) and
   not exists(GoModExcludeLine exc |
     exc.getModulePath() = mod and
     exc.getPath() = dep and
     exc.getVersion() = ver and
     metadata(exc, "ExcludeLine", mod, dep, ver) and
-    line = exc.getLocation().getStartLine()
+    exc.hasLocationInfo(_, line, _, _, _)
   )
 }
 
@@ -48,9 +48,9 @@ query predicate missingExclude(string mod, string dep, string ver, int line) {
  * that contains the substring "ReplaceLine,`mod`,`dep`,`dver`,`rep`,`rver`".
  */
 predicate repmetadata(Locatable l, string mod, string dep, string dver, string rep, string rver) {
-  exists(Comment c, string text |
-    l.getFile() = c.getFile() and
-    l.getLocation().getStartLine() = c.getLocation().getStartLine()
+  exists(string f, int line, Comment c, string text |
+    l.hasLocationInfo(f, line, _, _, _) and
+    c.hasLocationInfo(f, line, _, _, _)
   |
     text = c.getText().regexpFind("\\b(ReplaceLine,[^,]*,[^,]*,[^,]*,[^,]*,[^,\\s]*)", _, _) and
     mod = text.regexpCapture("ReplaceLine,([^,]*),([^,]*),([^,]*),([^,]*),([^,]*)", 1) and
@@ -65,7 +65,7 @@ query predicate missingReplace(
   string mod, string dep, string dver, string rep, string rver, int line
 ) {
   exists(Locatable l | repmetadata(l, mod, dep, dver, rep, rver) |
-    line = l.getLocation().getStartLine()
+    l.hasLocationInfo(_, line, _, _, _)
   ) and
   not exists(GoModReplaceLine repl |
     (
@@ -85,6 +85,6 @@ query predicate missingReplace(
     repl.getOriginalPath() = dep and
     repl.getReplacementPath() = rep and
     repmetadata(repl, mod, dep, dver, rep, rver) and
-    line = repl.getLocation().getStartLine()
+    repl.hasLocationInfo(_, line, _, _, _)
   )
 }

go/ql/test/library-tests/semmle/go/Types/Aliases.ql

@@ -5,16 +5,17 @@ int countDecls(Entity e) { result = count(Ident decl | decl = e.getDeclaration()
 query predicate entities(string fp, Entity e, int c, Type ty) {
   c = countDecls(e) and
   ty = e.getType() and
-  exists(Location loc |
+  exists(DbLocation loc |
     loc = e.getDeclaration().getLocation() and
     fp = loc.getFile().getBaseName() and
     fp = "aliases.go"
   )
 }
 
-from FuncDecl decl, SignatureType sig
+from string fp, FuncDecl decl, SignatureType sig
 where
-  decl.getFile().getAbsolutePath().matches("%aliases.go%") and
+  decl.hasLocationInfo(fp, _, _, _, _) and
   decl.getName() = ["F", "G", "H"] and
-  sig = decl.getType()
+  sig = decl.getType() and
+  fp.matches("%aliases.go%")
 select decl.getName(), sig.pp()

go/ql/test/library-tests/semmle/go/Types/ImplementsComparable.ql

@@ -11,7 +11,8 @@ module ImplementsComparableTest implements TestSig {
       ts.getName().matches("testComparable%") and
       ts.getATypeParameterDecl().getTypeConstraint().implementsComparable()
     |
-      ts.getLocation() = location and
+      ts.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = ts.getName() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/Types/SignatureType_isVariadic.ql

@@ -7,7 +7,8 @@ module SignatureTypeIsVariadicTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(FuncDef fd |
       fd.isVariadic() and
-      fd.getLocation() = location and
+      fd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = fd.toString() and
       value = "" and
       tag = "isVariadic"

go/ql/test/library-tests/semmle/go/aliases/MethodDefs/test.ql

@@ -11,7 +11,11 @@ class EntityWithDeclInfo extends TEntityWithDeclInfo {
 
   string toString() { result = e.toString() + " (" + nDecls + " declaration sites)" }
 
-  Location getLocation() { result = e.getLocation() }
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    e.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
 }
 
 query predicate distinctDefinedFs(int ct) { ct = count(DeclaredFunction e | e.toString() = "F") }

go/ql/test/library-tests/semmle/go/aliases/defsuses/test.ql

@@ -11,7 +11,11 @@ class EntityWithDeclInfo extends TEntityWithDeclInfo {
     result = e.toString() + " (" + count(e.getDeclaration()) + " declaration sites)"
   }
 
-  Location getLocation() { result = e.getLocation() }
+  predicate hasLocationInfo(
+    string filepath, int startline, int startcolumn, int endline, int endcolumn
+  ) {
+    e.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+  }
 }
 
 query predicate lowLevelDefs(Ident i, EntityWithDeclInfo ewrapped) {

go/ql/test/library-tests/semmle/go/concepts/HTTP/Handler.ql

@@ -9,7 +9,8 @@ module HttpHandler implements TestSig {
     exists(Http::RequestHandler h, DataFlow::Node check |
       element = h.toString() and value = check.toString()
     |
-      h.getLocation() = location and
+      h.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       h.guardedBy(check)
     )
   }

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/LoggerCall.ql

@@ -8,7 +8,8 @@ module LoggerTest implements TestSig {
 
   predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(LoggerCall log |
-      log.getLocation() = location and
+      log.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = log.toString() and
       value = log.getAMessageComponent().toString() and
       tag = "logger"

go/ql/test/library-tests/semmle/go/dataflow/CallGraph/getACallee.ql

@@ -5,9 +5,9 @@ import go
  * that contains the substring `key: val`.
  */
 string metadata(Locatable l, string key) {
-  exists(Comment c, string kv |
-    l.getFile() = c.getFile() and
-    l.getLocation().getStartLine() = c.getLocation().getStartLine() and
+  exists(string f, int line, Comment c, string kv |
+    l.hasLocationInfo(f, line, _, _, _) and
+    c.hasLocationInfo(f, line, _, _, _) and
     kv = c.getText().regexpFind("\\b(\\w+: \\S+)", _, _) and
     key = kv.regexpCapture("(\\w+): (\\S+)", 1) and
     result = kv.regexpCapture("(\\w+): (\\S+)", 2)

go/ql/test/library-tests/semmle/go/dataflow/CallGraph/viableCallee.ql

@@ -6,9 +6,9 @@ import semmle.go.dataflow.internal.DataFlowDispatch
  * that contains the substring `key: val`.
  */
 string metadata(Locatable l, string key) {
-  exists(Comment c, string kv |
-    l.getFile() = c.getFile() and
-    l.getLocation().getStartLine() = c.getLocation().getStartLine() and
+  exists(string f, int line, Comment c, string kv |
+    l.hasLocationInfo(f, line, _, _, _) and
+    c.hasLocationInfo(f, line, _, _, _) and
     kv = c.getText().regexpFind("\\b(\\w+: \\S+)", _, _) and
     key = kv.regexpCapture("(\\w+): (\\S+)", 1) and
     result = kv.regexpCapture("(\\w+): (\\S+)", 2)

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I1_subtypes_false.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "I1[f]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I1_subtypes_true.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "I1[t]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I2_subtypes_false.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "I2[f]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I2_subtypes_true.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "I2[t]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_IEmbedI1_subtypes_true.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "IEmbedI1[t]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_IEmbedI2_subtypes_true.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "IEmbedI2[t]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_PImplEmbedI1_subtypes_true.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "PImplEmbedI1[t]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_PImplEmbedI2_subtypes_true.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "PImplEmbedI2[t]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_S1_subtypes_false.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "S1[f]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_S1_subtypes_true.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "S1[t]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedI1_subtypes_true.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "SEmbedI1[t]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedI2_subtypes_true.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "SEmbedI2[t]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedP1_subtypes_true.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "SEmbedP1[t]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedP2_subtypes_true.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "SEmbedP2[t]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_SEmbedPtrP1_subtypes_true.ql

@@ -17,7 +17,8 @@ module FlowTest implements TestSig {
   predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "SEmbedPtrP1[t]" and
     exists(DataFlow::Node sink | Flow::flowTo(sink) |
-      sink.getLocation() = location and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
       element = sink.toString() and
       value = ""
     )