Squashed commit of the following:

commit 45380ce25e235945819b6da1bb61aff25b6a927b
Author: Diego Garbervetsky <[email protected]>
Date:   Sun Oct 18 14:29:13 2020 +0000

    adjustments to run Path queries

commit 671614da4b5123e95332bbe98b9a1aa6df68cb6f
Merge: 6eafd8bb6 a6c3f6969
Author: garbervetsky <[email protected]>
Date:   Fri Oct 16 14:50:08 2020 -0300

    Merge pull request #5 from garbervetsky/merge_github_main

    Merge github/codeql:main into dev-msr

commit a6c3f69699a826738bcb8ee2ff0de13540a322d7
Author: Pablo Balbi <[email protected]>
Date:   Fri Oct 16 15:03:02 2020 +0000

    Squashed commit of the following:

    commit 1d9b0ce05914baa8c9d213265122f934bf3ab983
    Merge: 2b19a4803 4100ab291
    Author: CodeQL CI <[email protected]>
    Date:   Fri Oct 16 05:05:29 2020 -0700

        Merge pull request #4460 from max-schaefer/js/unsafe-shell-command-construction-infeasible-paths

        Approved by asgerf

    commit 2b19a480307728438d4a7270ebfe49c98a266550
    Merge: a92a701c3 27fc610c0
    Author: Anders Schack-Mulligen <[email protected]>
    Date:   Fri Oct 16 13:54:35 2020 +0200

        Merge pull request #3880 from hvitved/dataflow/precise-aps

        Data flow: Precise access paths

    commit 27fc610c0d99dc76e186efc5b9042f7875392021
    Author: Tom Hvitved <[email protected]>
    Date:   Mon Sep 21 11:26:59 2020 +0200

        Python: Update expected test output

    commit 5f01fda1ef78e5f8b65fd4be94247e61879d34b6
    Author: Tom Hvitved <[email protected]>
    Date:   Mon Sep 21 10:29:00 2020 +0200

        Data flow: Sync files

    commit 82e56d4ebb26f255055814c92538c59029a07f46
    Author: Tom Hvitved <[email protected]>
    Date:   Mon Sep 21 10:27:38 2020 +0200

        Data flow: Simplify `pathStep` and `pathIntoCallable`

    commit 94f110f739cae6ef1adf451b1f2c1d4618797837
    Author: Anders Schack-Mulligen <[email protected]>
    Date:   Thu Sep 17 10:50:14 2020 +0200

        Sync.

    commit b4ecfaeda3b1bb1b45f159e3a558d92aa573c445
    Author: Anders Schack-Mulligen <[email protected]>
    Date:   Thu Sep 17 10:19:04 2020 +0200

        Dataflow: Remove inconsistent AccessPath.getType().

    commit d88c551f640dfe6e1b9a82257b8ec5ebe224ff20
    Author: Anders Schack-Mulligen <[email protected]>
    Date:   Thu Sep 17 10:09:56 2020 +0200

        Dataflow: qldoc fix

    commit 98f10b29b85d007c1943d0f9d16dbfac6ffde927
    Author: Anders Schack-Mulligen <[email protected]>
    Date:   Fri Sep 11 10:54:24 2020 +0200

        Dataflow: Simplify SCC: remove some apa params.

    commit 4e2f7860403f270e7633433cd53df367cb75310c
    Author: Anders Schack-Mulligen <[email protected]>
    Date:   Thu Sep 10 16:30:24 2020 +0200

        Dataflow: Precalculate AccessPath to avoid massive recursion.

    commit ca534ccb03b3a635bb14266d482a796f84f68d25
    Author: Mathias Vorreiter Pedersen <[email protected]>
    Date:   Fri Aug 21 11:24:47 2020 +0200

        C++: Update inline expectation comments

    commit 570b624eb705f9e9c2dd442e5545b2ae69c91f14
    Author: Tom Hvitved <[email protected]>
    Date:   Thu Jul 2 15:47:43 2020 +0200

        C++: Update expected test output

    commit d48a6a55552e7f758fa6305ab07ca7f888bcf414
    Author: Tom Hvitved <[email protected]>
    Date:   Thu Jul 2 15:47:33 2020 +0200

        C#: Update expected test output

    commit d608138c0c4f43c1c584d7337dd7408bf23abb38
    Author: Tom Hvitved <[email protected]>
    Date:   Fri Aug 21 10:28:19 2020 +0200

        Data flow: Sync files

    commit a35a178080d5807f39524039f6bcfd76a5ef00d3
    Author: Tom Hvitved <[email protected]>
    Date:   Wed Jul 29 13:17:27 2020 +0200

        Data flow: Precise access paths

    commit 0dc066c5157588dc213da73d4b4f431e8da6f412
    Author: Tom Hvitved <[email protected]>
    Date:   Wed Jul 29 13:17:09 2020 +0200

        Data flow: Rename `AccessPath` to `AccessPathApprox`

    commit a92a701c353ef04072c79311371f47e2c1420ce5
    Merge: da9e33a72 a10c0138e
    Author: Aditya Sharad <[email protected]>
    Date:   Thu Oct 15 10:19:25 2020 -0700

        Merge pull request #4479 from github/lgtm.com

        Merge lgtm.com back into main

    commit da9e33a72ce96db08ea748801bfe9514b87e7f33
    Merge: 5142bfaf0 f32a7be87
    Author: Mathias Vorreiter Pedersen <[email protected]>
    Date:   Thu Oct 15 17:38:16 2020 +0200

        Merge pull request #4477 from dbartol/dbartol/PrintIRLocalFlow

        C++: Add ability to dump local dataflow info in IR dumps

    commit 5142bfaf017cfef5c7ca5075af0854014dfa003d
    Merge: 58baec5b0 89f535232
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Thu Oct 15 17:26:31 2020 +0200

        Merge pull request #4453 from yoff/python-port-unsafe-deserialization

        Python: port unsafe deserialization

    commit 58baec5b067b995f3709d9e4a052f142ff59c291
    Merge: 388f60f81 9c8e968cb
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Thu Oct 15 17:10:59 2020 +0200

        Merge pull request #4364 from yoff/SharedDataflow_ArgumentPassing

        Python: Shared dataflow, argument passing

    commit 388f60f818112b679f82d006d3e28efa081f2581
    Merge: b05cc2eaf b2a2412f1
    Author: Joe Farebrother <[email protected]>
    Date:   Thu Oct 15 16:05:38 2020 +0100

        Merge pull request #4430 from joefarebrother/tainttrackingutils-refactor

        Java: Refactor part of TaintTrackingUtil.qll

    commit 89f5352324ceb2e4adfdd00e8e1f305d5c9041ac
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Thu Oct 15 16:41:41 2020 +0200

        Python: fix QL format

    commit f32a7be8747c5466b7ff945687f1e4a7ac99ea79
    Author: Dave Bartolomeo <[email protected]>
    Date:   Thu Oct 15 10:16:13 2020 -0400

        Fix formatting

    commit ef32488596d0394d2e9078f823b0827fefbc459b
    Merge: cc7d32c27 b05cc2eaf
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Thu Oct 15 15:45:35 2020 +0200

        Merge branch 'main' of github.com:github/codeql into python-port-unsafe-deserialization

    commit b05cc2eafd099d56655765803cc664430c739884
    Merge: ab7d28b3f fb05f0248
    Author: James Fletcher <[email protected]>
    Date:   Thu Oct 15 14:39:52 2020 +0100

        Merge pull request #4475 from github/banner-template

        [CodeQL docs] Update footer in Sphinx template

    commit fb05f0248982d1c32280975b7999e48f6e878840
    Author: James Fletcher <[email protected]>
    Date:   Thu Oct 15 14:24:28 2020 +0100

        Apply suggestions from code review

        Co-authored-by: Shati Patel <[email protected]>

    commit ab7d28b3fb04027f77cbc07cb9a32d5f0e9a15be
    Merge: 1b8d14077 43cee8567
    Author: CodeQL CI <[email protected]>
    Date:   Thu Oct 15 06:15:55 2020 -0700

        Merge pull request #4482 from RasmusWL/promote-script

        Approved by tausbn

    commit 1b8d14077a79c35ec56fa4176dfdccce860c5bfa
    Merge: e62c9b138 7848c5f54
    Author: Geoffrey White <[email protected]>
    Date:   Thu Oct 15 13:00:33 2020 +0100

        Merge pull request #4481 from rvermeulen/patch-1

        C++: Fix qldoc for getIncludeText

    commit 43cee8567c402a4ac1ad9916b579cb0110154163
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Mon Sep 28 11:59:26 2020 +0200

        Python: Add script to promote experimental security queries

    commit cc7d32c27c3765734f50633ad491357339739ebe
    Merge: 172e05843 c36ad7dd9
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Thu Oct 15 13:01:38 2020 +0200

        Merge branch 'python-port-unsafe-deserialization' of github.com:yoff/codeql into python-port-unsafe-deserialization

    commit 172e0584387f686285086d14edc967a995e27808
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Thu Oct 15 12:56:29 2020 +0200

        Python: `unsafe` -> `mayExecuteInput`

    commit 00566f0eee88f7d6682b463672f0cc4150d43b1a
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Thu Oct 15 12:40:16 2020 +0200

        Python: Extend DataFlow::CfgNode when appropriate

    commit c36ad7dd9b345da1431227c6bf04cd22178d452c
    Author: yoff <[email protected]>
    Date:   Thu Oct 15 12:35:21 2020 +0200

        Apply suggestions from code review

        Co-authored-by: Taus <[email protected]>

    commit e62c9b1382340d82cc6dfd0277640073b18d30e1
    Merge: 36f6e97ca 5a91736b7
    Author: Tamás Vajk <[email protected]>
    Date:   Thu Oct 15 12:16:53 2020 +0200

        Merge pull request #4472 from tamasvajk/feature/cleanup-3

        C#: Change public fields to properties

    commit 36f6e97cad146f9c2be23bfcdffe5f27fdd28a78
    Merge: c8b93148a 872801732
    Author: Tom Hvitved <[email protected]>
    Date:   Thu Oct 15 11:56:32 2020 +0200

        Merge pull request #4371 from hvitved/csharp/library-flow-refactor

        C#: Reimplement flow-summary compilation

    commit 7848c5f54dcea11d1ec31cdbb9c3f8ddf1de6e8f
    Author: Remco Vermeulen <[email protected]>
    Date:   Thu Oct 15 11:49:18 2020 +0200

        Fix qldoc for getIncludeText

        The '<' was HTML encoded for some reason.

    commit 9c8e968cba7998af6955c3ea3ba3bfd685948a37
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Thu Oct 15 11:47:34 2020 +0200

        Python: Fix bad merge

    commit c8b93148a2418f2d632b7978d722555d01db8d2e
    Merge: 60ce02ac1 ce967e124
    Author: Taus <[email protected]>
    Date:   Thu Oct 15 10:52:43 2020 +0200

        Merge pull request #4424 from RasmusWL/python-model-python2-specific-command-execution

        Python: model Python 2 specific command execution

    commit 60ce02ac188dc387eaf636e22281b8966208594e
    Merge: c5810d623 fc71ca747
    Author: Anders Schack-Mulligen <[email protected]>
    Date:   Thu Oct 15 10:46:35 2020 +0200

        Merge pull request #4469 from JLLeitschuh/additional-file-taint

        Java: Track taint through java.io.File::toPath & java.nio.file.Path::toFile

    commit 872801732869f2618712f4cf19856287c9cd2ad0
    Author: Tom Hvitved <[email protected]>
    Date:   Thu Oct 15 10:40:19 2020 +0200

        C#: Increase `fieldFlowBranchLimit` in test

        68014fd3bf662453f1cd9a44a8b05008e79474e2 means that more accessors are properly
        extracted, and consequently the calls to `get_Item` in the test have more dispatch
        targets. Increasing `fieldFlowBranchLimit` makes the test pass again.

    commit c5810d623b9a3b3d2b261b882bab74fa37865d62
    Merge: 466c22f4a f8190feef
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Thu Oct 15 10:29:33 2020 +0200

        Merge pull request #4474 from tausbn/python-fix-tostring-divergence

        Python: Fix divergence in tuple/subscripted type `toString`

    commit a10c0138e90e96be3b1309794c7f1ba8250f4365
    Merge: 535c8cc87 78c58c241
    Author: Arthur Baars <[email protected]>
    Date:   Thu Oct 15 10:00:43 2020 +0200

        Merge commit '78c58c24158e3ee4fd78318194d56591af90da69' into lgtm.com

    commit ce967e124932557f18609c991b09e6676ed99d28
    Merge: 680a6eb2a 466c22f4a
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Thu Oct 15 09:58:20 2020 +0200

        Merge branch 'main' into python-model-python2-specific-command-execution

    commit 0766eef49b10b2fb7b501af2ec5479bb95d87976
    Merge: d2b90662a 466c22f4a
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Thu Oct 15 09:49:21 2020 +0200

        Merge branch 'main' of github.com:github/codeql into SharedDataflow_ArgumentPassing

    commit dfb687fd47ba8f0145633f790c396c7a7e97026e
    Author: Dave Bartolomeo <[email protected]>
    Date:   Wed Oct 14 18:02:45 2020 -0400

        C++: Add ability to dump local dataflow info in IR dumps

        This change adds a new module, `PrintIRLocalFlow.qll`, which can be imported into any query that uses both `PrintIR.qll` and the IR dataflow library. The IR dump printed by `PrintIR.qll` will be annotated with information about how each operand and instruction participates in dataflow.

        For each operand and instruction, the following propeties are displayed:
        - `flow`: Which local operands/instructions have flow to this node, and which local operands/instruction this node has flow to.
        - `source`: `true` if this node is a source
        - `sink`: `true` if this node is a sink
        - `barrier`: Lists which kinds of barrier this node is. Can be zero or more of `full`, `in`, `out`, and `guard`. If the node is a guard barrier, the IR of the guarding instruction is also printed.

        We already had a way to print additional properties for instructions and blocks, but not for operands. I added support for operand properties to `IRPropertyProvider`. These are now printed in a curly-brace-enclosed list immediately after the corresponding operand.

        When printing flow, instructions are identified by their result ID (e.g., `m128`). Operands are identified by both the result ID of their instruction and their kind (e.g., `r145.left`). For flow from an operand to its use instruction, it just prints `result` at the operand, and prints only the operand kind on the instruction.

        Example output:
        ```
        ```
        The `+` annotations indicate when the flow came from `isAdditionalFlowStep()`, rather than built-in local flow.

    commit 98d8ec488e43632865b8045f9ee534522310da55
    Author: james <[email protected]>
    Date:   Wed Oct 14 15:41:24 2020 +0100

        add banner to sphinx template

    commit d2b90662a3c2bdc9cac1a477e9e2c546168a038b
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Wed Oct 14 17:31:13 2020 +0200

        Python: implement ToString on mappings

    commit 466c22f4a8d805dc464f76360fbe927002d4996c
    Merge: 5f6f85c99 5db4f906d
    Author: Taus <[email protected]>
    Date:   Wed Oct 14 16:41:42 2020 +0200

        Merge pull request #4435 from RasmusWL/python-port-code-injection

        Python: port code injection query

    commit 6a3aed337f858ab3441bea55ddf72761ef3cbb3c
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Wed Oct 14 16:35:43 2020 +0200

        Python `self` -> `range`

    commit 352418cb5d20923c9b2b9378c88d41e9ba4ce920
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Wed Oct 14 16:33:55 2020 +0200

        Python: track safe loaders

    commit f8190feef27dc591d8a6b0806e4c86be0643fa57
    Author: Taus Brock-Nannestad <[email protected]>
    Date:   Wed Oct 14 15:21:22 2020 +0200

        Python: Fix divergence in tuple/subscripted type `toString`

        A slightly more complicated version of the situation in
        https://github.com/github/codeql/pull/2507 could cause the `toString`
        calculation to diverge. Although the previous PR took tuples nested
        inside tuples into account (and subscripted types cannot be nested
        inside each other in our modelling), it did not account for having
        this nesting be interleaved, and this is what caused the divergence.

        I have not done the usual "test case first to show the problem
        exists", since this would also diverge and take forever to fail. The
        instance observed in `scipy` was likely caused by something akin to

        ```python
        x = ()
        while True:
            x = x[(x,)]
        ```

        Finally, to prevent this from happening with other types, I went
        through and checked each instance where the string representation of
        an `ObjectInternal` might potentially contain a reference to
        itself (and thus explode). I encapsulated this in a
        `bounded_toString` helper predicate, and used this in all the cases
        where I was able to determine that the above _could_ happen.

    commit 5f6f85c9982f4736d978be13765020f30e6882cf
    Merge: 92ccb795f fdb489fc9
    Author: yoff <[email protected]>
    Date:   Wed Oct 14 15:37:39 2020 +0200

        Merge pull request #4465 from tausbn/python-remove-essa-flow

        Python: Remove flow between ESSA variables

    commit b8cba381cf1ec148ae3b6b920b96a935afa7e51b
    Merge: 3a281a1bd 92ccb795f
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Wed Oct 14 15:01:30 2020 +0200

        Merge branch 'main' of github.com:github/codeql into python-port-unsafe-deserialization

    commit 5a91736b7aa19baf2c35ea3ae47ccbf108c764f5
    Author: Tamas Vajk <[email protected]>
    Date:   Wed Oct 14 14:08:48 2020 +0200

        C#: Change public fields to properties

    commit 3a281a1bd6682815cb6344048f836426f908dd02
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Wed Oct 14 14:40:11 2020 +0200

        Python: Adjust comments and tests

    commit 5db4f906d015b44cff56b4b2ae4b6092b16b0d9f
    Merge: 1fde477a8 92ccb795f
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 14:22:02 2020 +0200

        Merge branch 'main' into python-port-code-injection

    commit 91806da2fa696e08993a04e17dfdce9a34875b8e
    Author: Tom Hvitved <[email protected]>
    Date:   Wed Oct 14 09:38:45 2020 +0200

        C#: Address review comments

    commit 5d1a5920c719e7569ae25ba6fc07eb26d1a5ec38
    Author: Tom Hvitved <[email protected]>
    Date:   Fri Sep 25 10:40:09 2020 +0200

        C#: Reimplement flow-summary compilation

    commit 444e607338965f218690dc99577bed68579453f4
    Author: Tom Hvitved <[email protected]>
    Date:   Wed Oct 7 11:57:13 2020 +0200

        C#: Add missing flow through library code using `params` arguments

    commit f2dc2d912a93744acfbacb180aa28dca7e81f60b
    Author: Tom Hvitved <[email protected]>
    Date:   Wed Oct 7 14:00:34 2020 +0200

        C#: Add inter-procedural data-flow test for `StringBuilder`

    commit ffe79f688d67349d1884708d7d9d7200785f9d18
    Author: yoff <[email protected]>
    Date:   Wed Oct 14 14:08:16 2020 +0200

        Apply suggestions from code review

        Co-authored-by: Rasmus Wriedt Larsen <[email protected]>

    commit 92ccb795fde5decdc60f370c1a4c3350f90f9745
    Merge: 61ecec7d1 74bd04548
    Author: Taus <[email protected]>
    Date:   Wed Oct 14 13:29:51 2020 +0200

        Merge pull request #4415 from RasmusWL/python-flask-routed-parameter

        Python: Add support for routed parameters in flask

    commit 1fde477a8fc445e3b310b101c70d9949530d65e6
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 13:22:35 2020 +0200

        Python: Refactor argument matching

    commit 680a6eb2a61e5006fafd9bf37ae78f7173c1ce4a
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 13:21:04 2020 +0200

        Python: Refactor argument matching (more)

    commit 61ecec7d1791b8d4e36a75deae3666826aab2aa0
    Merge: 27f474f0e f3c07e384
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 13:08:57 2020 +0200

        Merge pull request #4467 from tausbn/python-fix-import-type-tracking

        Python: Fix unwanted module type tracking

    commit 27f474f0e999aa582699e0b23deefd11bf564310
    Merge: 8127d9b93 4d9d2155f
    Author: yoff <[email protected]>
    Date:   Wed Oct 14 12:13:35 2020 +0200

        Merge pull request #4429 from RasmusWL/python-model-invoke

        Python: model invoke library

    commit dc7e7890f09e6f9ea977d41db8e522ebafdc48e4
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Wed Oct 14 12:03:05 2020 +0200

        Python: Clearer naming and comments (I hope)

    commit f3c07e3849a05d74add9e333f3ebaec646f11ff4
    Author: Taus Brock-Nannestad <[email protected]>
    Date:   Wed Oct 14 11:58:14 2020 +0200

        Python: Fix up import helper tests

    commit 4100ab2919cd42874019e20ac4a41701e912c509
    Author: Max Schaefer <[email protected]>
    Date:   Wed Oct 14 10:03:27 2020 +0100

        JavaScript: Add another test to show that flow through functions still works.

    commit 1c04c07f07045ec3cfbdcdf729032b385eaa3820
    Author: Max Schaefer <[email protected]>
    Date:   Mon Oct 12 14:52:23 2020 +0100

        JavaScript: Eliminate source of false positives in UnsafeShellCommandConstruction.

    commit 8127d9b93e2bab133758577f67bd4326a3de7655
    Merge: b49aa677d ce9624e61
    Author: Tamás Vajk <[email protected]>
    Date:   Wed Oct 14 11:02:40 2020 +0200

        Merge pull request #4404 from tamasvajk/feature/cleanup-2

        C# extractor code cleanup

    commit b0cfa1d92df1d460c4f17e9302323fadf89cf71d
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 10:53:18 2020 +0200

        Python: Make "..Call" modeling classes extend DataFlow::CfgNode

    commit bfa5d18476cd55ecbe85a48cf7f5c4967496fc3e
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 10:49:38 2020 +0200

        Python: Use new importNode

    commit 7d600e4e8e0eb1ead82f263ed4236de62d155d4d
    Merge: 0b0763953 83937baca
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 10:48:38 2020 +0200

        Merge branch 'main' into python-port-code-injection

    commit 4d9d2155fc36eed3e53a71b0d6ec0a79bf0af863
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 10:44:58 2020 +0200

        Python: Make "..Call" modeling classes extend DataFlow::CfgNode

    commit b0e79890e688a6f4d69e764052d4ebc3e03f95a4
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 10:43:22 2020 +0200

        Python: Use new importNode

    commit 4597ba64d07bdf3204519700ef1f542f5ae9f746
    Merge: 662235bad 83937baca
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 10:41:37 2020 +0200

        Merge branch 'main' into python-model-invoke

    commit eff47457bfbaf68c11501c88a61e14f9371626c4
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 10:35:37 2020 +0200

        Python: Refactor argument matching

    commit 2ea71f574cfa71e8e2b1cbda49364d0d3d0e2604
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 10:33:03 2020 +0200

        Python: Make "..Call" modeling classes extend DataFlow::CfgNode

    commit 2e30f58aa2f16e9447e22ffe4e061a189ad1c224
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 10:27:56 2020 +0200

        Python: Use new importNode

    commit ecf70c5f303d6c123de118df82c1cd3c2b105aff
    Merge: dcd103ea7 83937baca
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 10:36:43 2020 +0200

        Merge branch 'main' into python-model-python2-specific-command-execution

    commit 74bd045488572fca673e3694f55fa0f747ca6cd9
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 10:24:46 2020 +0200

        Python: Make "..Call" modeling classes extend DataFlow::CfgNode

    commit ba158f33171daa3fdac231b0376e02ef5e9d1344
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 10:17:35 2020 +0200

        Python: Use new importNode

    commit 49d2e68d1202fcebd0c9c1850a08db80354b11d4
    Merge: ce85ac3ce 83937baca
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Wed Oct 14 10:16:00 2020 +0200

        Merge branch 'main' into python-flask-routed-parameter

    commit b0ebb5b6d1b1323c7f4aa6f9916fb4489b29dbec
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Wed Oct 14 09:51:24 2020 +0200

        Python: Adjust tag format

    commit 93383747bd4ef2ea741fd3be04316fc88168040a
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Wed Oct 14 09:28:58 2020 +0200

        Python: Use more common name for concept

    commit a76d276b489c5076cf907dbf33a7a1f27926b8a0
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Wed Oct 14 08:44:04 2020 +0200

        Python: Adjust `getARelevantTag`

    commit 3b9ea3a958542f3485d9e2335f498c693f714724
    Author: yoff <[email protected]>
    Date:   Wed Oct 14 08:24:26 2020 +0200

        Apply suggestions from code review

        Co-authored-by: Rasmus Wriedt Larsen <[email protected]>

    commit fc71ca747d1082cff7371ed279eee5cb9b13b770
    Author: Jonathan Leitschuh <[email protected]>
    Date:   Tue Oct 13 21:15:09 2020 -0400

        Java: Track taint through java.io.File::toPath & java.nio.file.Path::toFile

    commit 7d86b53b710822be514f0821b3f32d9373b7ff59
    Author: Taus Brock-Nannestad <[email protected]>
    Date:   Tue Oct 13 22:47:57 2020 +0200

        Python: Fix unwanted module type tracking

    commit 76e5b59dab05aae5e80e30c24c40f8ab1a99e1bf
    Author: Taus Brock-Nannestad <[email protected]>
    Date:   Tue Oct 13 22:47:03 2020 +0200

        Python: Add test case for unwanted module type tracking

    commit b49aa677d0f84512013fd8683d19121cc7b58bf9
    Merge: 83937baca 58727cb8a
    Author: Robert Marsh <[email protected]>
    Date:   Tue Oct 13 15:17:54 2020 -0400

        Merge pull request #4459 from geoffw0/setex

        C++: Additional taint flows through std::set

    commit 1f2390455c5edc7386e34c0a103d4687e8f997dd
    Author: yoff <[email protected]>
    Date:   Tue Oct 13 19:15:33 2020 +0200

        Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll

        Co-authored-by: Taus <[email protected]>

    commit 5d66c485d50e56dbb5e36f3695f7b460769ab6c7
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Tue Oct 13 19:12:52 2020 +0200

        Python: IPA type for arguemnt mappings
        Not sure how arg2 in line 118 is achieved

    commit 83937bacae35fdf41f3e0ec761bdeb5f497c6c1a
    Merge: b895641a8 2c5996f69
    Author: Taus <[email protected]>
    Date:   Tue Oct 13 18:08:07 2020 +0200

        Merge pull request #4448 from RasmusWL/python-simplify-import-modeling

        Python: simplify import modeling

    commit 2c5996f6944a6ecc7f06d1caeea070365c41cbbd
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Tue Oct 13 17:21:21 2020 +0200

        Python: Refactor subprocess_attr type-tracker

        Co-authored-by: Taus <[email protected]>

    commit fdb489fc934f161b22f82fe89985fe01bc71ac2d
    Author: Taus Brock-Nannestad <[email protected]>
    Date:   Tue Oct 13 16:35:41 2020 +0200

        Python: Remove flow between ESSA variables

        This required a minor change in the type tracker implementation, but
        apart from that no other changes appear to be needed. Seems to clean
        up the test output quite a bit.

    commit 05b744701e1ccd12cf06514b28278c5358d0a9e2
    Author: yoff <[email protected]>
    Date:   Tue Oct 13 15:31:50 2020 +0200

        Apply suggestions from code review

        Co-authored-by: Taus <[email protected]>

    commit b895641a8398deb9675b33d8001745bba9bae221
    Merge: 83d6d6041 182912623
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Tue Oct 13 15:08:28 2020 +0200

        Merge pull request #4464 from tausbn/python-remove-dataflowcfgnode

        Python: Get rid of `DataFlowCfgNode`

    commit 76c9b8c49fcd17e38598e01684527f5b6a98e5b7
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Fri Oct 9 14:37:23 2020 +0200

        Python: Expose importNode instead of importModule/importMember

        Since predicate name `import` is not allowed, I adopted `importNode` as it sort
        of matches what `exprNode` does.

        ---

        Due to only using `importMember` in `os_attr` we previously didn't handle
        `import os.path as alias` :|

        I did creat a hotfix for this (https://github.com/github/codeql/pull/4446), but
        in doing so I realized the core of the problem: We're exposing ourselves to
        making these kinds of mistakes by having BOTH importModule and importMember, and
        we don't really gain anything from doing this!

        We do loose the ability to easily only modeling `from mod import val` and not
        `import mod.val`, but I don't think that will ever be relevant.

        This change will also make us to recognize some invalid code, for example in

            import os.system as runtime_error

        we would now model that `runtime_error` is a reference to the `os.system`
        function (although the actual import would result in a runtime error).

        Overall these are tradeoffs I'm willing to make, as it does makes things simpler
        from a QL modeling point of view, and THAT sounds nice :+1:

    commit ce9624e61d8aff64168ecd29e894f09905ccffb8
    Author: Tamas Vajk <[email protected]>
    Date:   Tue Oct 13 14:50:46 2020 +0200

        C#: Remove unneeded vscode settings from settings.json

    commit 4bfd55f1af6338689bbac86bb3b933bae75f8397
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Fri Oct 9 14:00:25 2020 +0200

        Python: Show problem with os.path modeling

        This is not a very good test for showing that we don't handle direct imports,
        but it was the best I had available without inventing something new. It's very
        fragile, since any of these would propagate taint (due to handling all `join`
        calls as if the qualifier was a string):

            ospath_alias.join(ts)
            ospath_alias.join(ts, "foo", "bar")

        But this test DOES serve the purpose of illustrating that my fix works :D

    commit ce793c357f8bb9f374148cb43b0004cbffa6eff0
    Author: Tamas Vajk <[email protected]>
    Date:   Tue Oct 13 14:16:28 2020 +0200

        C#: Adjust parameters of DefinitionField ctor

    commit ea53ea0994ba808221a7e250ac31a138de86fa70
    Author: Tamas Vajk <[email protected]>
    Date:   Mon Oct 5 14:04:48 2020 +0200

        C#: Prefer keywords over type names

    commit 8afac251209cf0940d5338993bbc26394a5098ce
    Author: Tamas Vajk <[email protected]>
    Date:   Mon Oct 5 14:02:16 2020 +0200

        C#: Add params modifier on override

    commit 63e173198d5ae4605c135911d7bbaad2b5ff142d
    Author: Tamas Vajk <[email protected]>
    Date:   Mon Oct 5 14:01:49 2020 +0200

        C#: Make static member on generic class private

    commit 6cf20d569da284a055db538af9c859814a51934b
    Author: Tamas Vajk <[email protected]>
    Date:   Mon Oct 5 13:59:32 2020 +0200

        C#: Remove overrides that do nothing

    commit 9b349eb84458a17bfc5247b9746659186fbecd17
    Author: Tamas Vajk <[email protected]>
    Date:   Mon Oct 5 13:43:49 2020 +0200

        C#: Use Contains instead of IndexOf

    commit 5b33f43b78edf9498501e5a010747919db06c25b
    Author: Tamas Vajk <[email protected]>
    Date:   Mon Oct 5 13:35:52 2020 +0200

        C#: Use nameof

    commit f84669904bd3617ff6cc90fbd7f31b1760a87e55
    Author: Tamas Vajk <[email protected]>
    Date:   Mon Oct 5 11:05:46 2020 +0200

        C#: Fix typo

    commit 7075c6f8cae59663aca958646d05122c9fdf04d8
    Author: Tamas Vajk <[email protected]>
    Date:   Mon Oct 5 11:01:33 2020 +0200

        C#: Fix public property naming

    commit a4fec39c110bca9d8982c21a9e019259733af66d
    Author: Tamas Vajk <[email protected]>
    Date:   Mon Oct 5 10:52:45 2020 +0200

        C#: Move fields to locals where possible

    commit b07aceff6b30240111db93c6da5d3c3bd5e0d684
    Author: Tamas Vajk <[email protected]>
    Date:   Mon Oct 5 10:46:56 2020 +0200

        C#: Fix exception throwing

    commit 6dfe90e479bca519f14c5d49086255265decd16e
    Author: Tamas Vajk <[email protected]>
    Date:   Mon Oct 5 10:33:02 2020 +0200

        C#: Change array-returning properties

    commit 7721c7bba7af1e8efb27c286a9abf666ca8009d2
    Author: Tamas Vajk <[email protected]>
    Date:   Mon Oct 5 10:23:19 2020 +0200

        C#: Remove redundant conditions

    commit cbdd13127e960d3652caf45d6606aa8f5f4e6ee0
    Author: Tamas Vajk <[email protected]>
    Date:   Mon Oct 5 10:21:06 2020 +0200

        C#: Convert publicly visible fields to properties

    commit d5382f2cfdaa1c75a1ffaf7ebd11484504c0e668
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 17:04:37 2020 +0200

        C#: Fix modifier orders

    commit fbc128fcc794a7ecab60dbc9dcf9ffe78fcadce6
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 17:02:49 2020 +0200

        C#: Fix type parameter names

    commit 2e350caf9f4df1eab37f8e87adabc653f06ba8e1
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 15:45:48 2020 +0200

        C#: Fix private field and local variable naming

    commit ecb29a267b5a2d58ea6d0bebb4f2b03d77b51f8e
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 14:33:10 2020 +0200

        C#: Add editor config naming rules

    commit baf6f59bfc7d0cd93d46f03c65d84f4a950f5356
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 14:27:27 2020 +0200

        C#: Add braces to multiline block statements

    commit 28694513a13c233e02f7731ba58f2d59db75ec61
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 14:23:04 2020 +0200

        C#: Use pattern matching

    commit 155453d9cb38d1a62f766aa74f8d09b127548501
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 14:07:01 2020 +0200

        C#: Format single line if statements

    commit aec4481cfb0880b997f77ed2dad038563fbf722b
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 13:45:38 2020 +0200

        C#: Use var everywhere

    commit 7d544e34afac03d4ef9d819d8dcf26a031b27d05
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 13:41:22 2020 +0200

        C#: Add declaration visibility modifiers

    commit 466e0cf08543ba2756c71b6a29aed8af1dc9a81d
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 13:40:49 2020 +0200

        C#: Remove naming styles from editor config, add IDE diagnostic severities

    commit ec6ed90c497679864a69a7f86c9df9cbb91a7fe1
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 13:09:25 2020 +0200

        C#: Add final new line to files

    commit 2e215640327973e8f99485640873fdacaab9e8e9
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 13:06:03 2020 +0200

        C#: Fix formatting with 'dotnet format'

    commit 7f86768a4930de584a6e267586ecd3feb477b000
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 12:46:45 2020 +0200

        C#: Reformat LINQ extension method call-chains

    commit 115a216ea9a61ac0e900ae604f0e9cd938e954b3
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 12:25:54 2020 +0200

        C#: Format nested ternary operators

    commit c38bf5ee5b1f49046b35ddb206df3ec5cc48acd1
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 11:56:50 2020 +0200

        C#: Reduce nesting and fix some formatting

    commit e73ced2275fa8e1f3690f1941ea02906ef685eb1
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 11:49:35 2020 +0200

        C#: Add sealed modifier to classes to fix dispose-pattern, remove explicit IDisposable implementations

    commit 397be7e98ffbd33dc1e15d76693448df3586bdfe
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 11:42:10 2020 +0200

        C#: Change constructor visibility to protected in abstract classes

    commit 71faa512709e812523c73e2c95cc97c6c06d1b5b
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 11:36:42 2020 +0200

        C#: Dispose IDisposables

    commit e208f3d21d67e867cc3b4096a564920c0517118d
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 11:29:28 2020 +0200

        C#: Simplify null checks with pattern matching, ??, and ?:

    commit 504f56adeb46219065e77fb81c0afe712da8a45d
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 11:17:12 2020 +0200

        C#: Simplify object initialization

    commit b793af571ee0102bb316a264bfe00bb6b874b74a
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 11:14:46 2020 +0200

        C#: Remove unnecessary usings

    commit ec63acfb0cbf02167ccb1cf9553ca573f593efbd
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 11:04:25 2020 +0200

        C#: Inline out variable declarations

    commit f2e6b42aa45c4a2f2ce96d8da78b3ddb21de9471
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 10:52:13 2020 +0200

        C#: Add type parameter in/out

    commit 33672a4058415bed35c6cdffa88b6abe0506e5fe
    Author: Tamas Vajk <[email protected]>
    Date:   Tue Oct 6 13:59:19 2020 +0200

        C#: Simplify using statements

    commit 412b87c5c71bdf08c0b1350d51c90372a602fed0
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 10:37:38 2020 +0200

        C#: Fix loop that iterates only once

    commit 79eff0682863ed98c5f8c418361976f812f2d4d7
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 10:29:09 2020 +0200

        C#: Remove unused out argument

    commit 921d3eeaec9000cc81902235c349e41b07f0c390
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 10:24:18 2020 +0200

        C#: Mark members static (remove unused members)

    commit 68a45e7e9dda451335e36f0996c1ce24d8545af4
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 10:10:50 2020 +0200

        C: Remove unused fields

    commit 0c9aaa3dce5b0d9e3f8b63578664a8a61b701506
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 10:00:27 2020 +0200

        C#: Remove unused parameters

    commit 93c6d5ea584a6a8870b9087a0b3b728101958246
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 09:52:40 2020 +0200

        C#: Fix empty array creation

    commit 2d3985742fe084d009bb4f337671f302fd097a76
    Author: Tamas Vajk <[email protected]>
    Date:   Fri Oct 2 09:48:58 2020 +0200

        C#: Fix length/emptiness checks

    commit b7e8b48e9e6e43760da6c1218bb7da98f9fe5239
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Tue Oct 13 13:06:47 2020 +0200

        Python: Move concept tests out
        These tests should be fleshed out at some point, but currently
        they test all that we model.

    commit 1829126230a615ca5ba5950590e2c28be474d6fb
    Author: Taus Brock-Nannestad <[email protected]>
    Date:   Tue Oct 13 13:04:59 2020 +0200

        Python: Get rid of `DataFlowCfgNode`

        Should make modelling data flow nodes that are also specific
        subclasses of `ControlFlowNode` a bit smoother.

    commit 83d6d6041ac9930070d3421e0529573c3e1c4c00
    Merge: d3f8fb5e5 96db3459d
    Author: Erik Krogh Kristensen <[email protected]>
    Date:   Tue Oct 13 12:50:00 2020 +0200

        Merge pull request #4462 from erik-krogh/strayTodo

        JS: remove stray todo

    commit b2a2412f1d9395e92685d415cc570a239372c34e
    Author: Joe Farebrother <[email protected]>
    Date:   Tue Oct 13 11:30:02 2020 +0100

        Java: Clean up the constructor flow steps

    commit 4685f2d5f2f61d2606c34544fddf2ab751497e52
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Tue Oct 13 12:03:23 2020 +0200

        Python: Address many review comments
        still need to move concept tests

    commit 662235bad804c8df85b66f9538e1bd592a2f7092
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Tue Oct 13 11:56:21 2020 +0200

        Python: Use classRef instead of class_

        Discussed offline with Taus

    commit d3f8fb5e53b5ed64ca76c41efb664ca63eeec046
    Merge: e2b0c6062 3288cf1a7
    Author: CodeQL CI <[email protected]>
    Date:   Tue Oct 13 02:56:21 2020 -0700

        Merge pull request #4423 from tausbn/python-add-attribute-access-interface

        Approved by RasmusWL

    commit 96db3459d0257571252d2e5468f7b00ef5454fed
    Author: Erik Krogh Kristensen <[email protected]>
    Date:   Tue Oct 13 11:48:06 2020 +0200

        remove stray todo

    commit dcd103ea7329a5adaf29d106117397be3f118f9b
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Tue Oct 13 10:31:35 2020 +0200

        Python: Fix grammar

        Co-authored-by: Taus <[email protected]>

    commit ce85ac3ce12fe446ae0ae780d625da6fcbfc2fdb
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Tue Oct 13 10:15:03 2020 +0200

        Python: Remove solved TODO

    commit 2e430325be5e9d20fac6a98a1be581455ca3bf2b
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Tue Oct 13 10:05:35 2020 +0200

        Python: Refactor argument matching to use set literals

        Co-authored-by: Taus <[email protected]>

    commit e2b0c60627201f7938d2b5050e634863f361431a
    Merge: 3b7cf7fd2 9ac70e304
    Author: CodeQL CI <[email protected]>
    Date:   Mon Oct 12 11:41:21 2020 -0700

        Merge pull request #4449 from max-schaefer/js/api-graphs-type-handling-improvements

        Approved by erik-krogh

    commit 3b7cf7fd27f1f6caacaa3702947c154969802444
    Merge: fc4a3426a c63f7cb40
    Author: Robert Marsh <[email protected]>
    Date:   Mon Oct 12 14:17:17 2020 -0400

        Merge pull request #4439 from geoffw0/mapex

        C++: Additional taint flows through std::map

    commit 9ac70e3044908ba728cd5f1f3123894baf49c2c7
    Author: Max Schaefer <[email protected]>
    Date:   Mon Oct 12 16:29:11 2020 +0100

        JavaScript: Clarify the relationship between `MkCanonicalName{Def,Use}` with an upper-case `M` and `mkCanonicalName{Def,Use}` with a lower-case `m`.

    commit aa8bacb72402e061a925ecb919b29c56f0af06d8
    Author: Joe Farebrother <[email protected]>
    Date:   Mon Oct 12 15:36:14 2020 +0100

        Java: Update test output

    commit 3416911ac6942fd3a59c531ce1ec5e38bbdd185c
    Author: Joe Farebrother <[email protected]>
    Date:   Mon Oct 12 15:23:01 2020 +0100

        Java: Refector out StringBuilder and Number taint preserving callables

    commit eafde05a55be693e376fe4831043809ae61791fa
    Author: Joe Farebrother <[email protected]>
    Date:   Mon Oct 12 14:43:21 2020 +0100

        Java: Expand flow step refactoring to Callables
        Also add some missing flow steps for StringBuilder

    commit 7e2c49fadd80e50aa4b5d9bf84e5ce6a99739639
    Author: Joe Farebrother <[email protected]>
    Date:   Mon Oct 12 14:05:50 2020 +0100

        Java: Fix a couple of flow step issues

        Co-authored-by: Anders Schack-Mulligen <[email protected]>

    commit 4a8b7f64e860acc84301fdef0c937b07a47e17e6
    Author: Joe Farebrother <[email protected]>
    Date:   Fri Oct 9 12:20:09 2020 +0100

        Java: Rename returnsTaint to returnsTaintFrom

    commit ca9038350cff194e0536f5c97889c748fc48c16d
    Author: Joe Farebrother <[email protected]>
    Date:   Fri Oct 9 11:30:30 2020 +0100

        Java: Add `this.` and fix mistake

    commit 5d487b97da8a7336bed12029a3d790eb03c41ef9
    Author: Joe Farebrother <[email protected]>
    Date:   Thu Oct 8 17:02:49 2020 +0100

        Java: Merge `TaintPreservingMethod` with `TaintTransferringMethod`

    commit a510f5886528864cc27b1cb052a80132ad0c4df7
    Author: Joe Farebrother <[email protected]>
    Date:   Thu Oct 8 16:34:04 2020 +0100

        Java: Implement code review changes

    commit 91ce02aad46fba33ba74bc83266984299c51f665
    Author: Joe Farebrother <[email protected]>
    Date:   Thu Oct 8 11:32:28 2020 +0100

        Java: Fix bug involving varadic parameters

    commit 79209af9c0b2fc1299a9c5e5f83cf71274ce14ed
    Author: Joe Farebrother <[email protected]>
    Date:   Wed Oct 7 12:58:11 2020 +0100

        Java: Refactor out flow steps for more frameworks.

    commit 92fd8c4128f50667ab8a78de371513b10af9e7be
    Author: Joe Farebrother <[email protected]>
    Date:   Tue Oct 6 17:37:01 2020 +0100

        Java: Move new definitions to new file

    commit 60a7666105309176686bfbe0742b14036e18ce25
    Author: Joe Farebrother <[email protected]>
    Date:   Tue Oct 6 16:50:44 2020 +0100

        Java: Refactor Android SQLite flow steps

    commit ca60f2cc18097f16abdb3dad6332cc1ca870555c
    Author: Joe Farebrother <[email protected]>
    Date:   Tue Oct 6 13:49:02 2020 +0100

        Java: Fix failing tests

    commit ff6c5c219c84c1a765f48cdbea25c8f0fd94be4b
    Author: Joe Farebrother <[email protected]>
    Date:   Tue Oct 6 11:11:24 2020 +0100

        Java: Start TaintTrackingUtils refactor

    commit 551d86c6eae8c2ff5e89509a4e449ab058970d98
    Author: Joe Farebrother <[email protected]>
    Date:   Mon Oct 5 11:33:12 2020 +0100

        Java: Define classes for taint propagation methods

    commit fc4a3426acee036a5a7ba97b49d2a361324ba78e
    Merge: 24da4cc34 0c70be145
    Author: Arthur Baars <[email protected]>
    Date:   Mon Oct 12 16:42:11 2020 +0200

        Merge pull request #4457 from daniel-beck/file-taint

        Java: Track taint through java.io.File constructor and #toURI; URI#toURL

    commit 3288cf1a75a1d19817821a02ce9732e580ac68af
    Author: Taus Brock-Nannestad <[email protected]>
    Date:   Mon Oct 12 16:38:21 2020 +0200

        Python: Hopefully final changes to documentation.

    commit cd33d358aa43a108eac202971a09af4817a6674d
    Author: Max Schaefer <[email protected]>
    Date:   Mon Oct 12 14:50:47 2020 +0100

        JavaScript: Add a test showing a false positive from UnsafeShellCommandConstruction due to infeasible paths.

        The path from the API entry point to the sink contains a "return" step. A client of the library cannot match that step, resulting in an infeasible path.

    commit 24da4cc34446a7ec1802d1f6ca7c310a1b0ec16e
    Merge: 8eb84b259 0459248b9
    Author: Jonas Jensen <[email protected]>
    Date:   Mon Oct 12 15:38:13 2020 +0200

        Merge pull request #4421 from jbj/SimpleRangeAnalysis-guard-overflow

        C++: Demonstrate overflowing guard bounds

    commit 433a36225b7451e72783c3d88a80a26282757036
    Author: yoff <[email protected]>
    Date:   Mon Oct 12 15:26:53 2020 +0200

        Apply suggestions from code review

        Co-authored-by: Rasmus Wriedt Larsen <[email protected]>

    commit 0459248b9fb11de4f9c22c7e089a59350af069c0
    Merge: 30b9d13a4 6d1634ef8
    Author: Jonas Jensen <[email protected]>
    Date:   Mon Oct 12 14:29:09 2020 +0200

        Merge remote-tracking branch 'upstream/main' into SimpleRangeAnalysis-guard-overflow

    commit 8eb84b25996343939fb9dd191ffb0e87dab699e8
    Merge: 6d1634ef8 98ab38a63
    Author: CodeQL CI <[email protected]>
    Date:   Mon Oct 12 05:26:53 2020 -0700

        Merge pull request #4391 from max-schaefer/js/api-graph-reexport

        Approved by asgerf

    commit 6d1634ef8f6a08f54ad6a74995045b1d73b37cc7
    Merge: 35985a918 a0cbeb609
    Author: CodeQL CI <[email protected]>
    Date:   Mon Oct 12 05:23:29 2020 -0700

        Merge pull request #4329 from erik-krogh/DVSA

        Approved by esbena

    commit b07c7abacc34b71d4426cd12cb55853d565277da
    Author: Taus Brock-Nannestad <[email protected]>
    Date:   Mon Oct 12 13:49:08 2020 +0200

        Python: Clear up attribute name access QLDoc

    commit 35985a9189f395cf5595a486f5af930f02bf0a61
    Merge: 6440db786 9d1f64d35
    Author: Tom Hvitved <[email protected]>
    Date:   Mon Oct 12 13:01:39 2020 +0200

        Merge pull request #4452 from hvitved/csharp/ssa/overlapping-captured-defs

        C#: Avoid overlapping SSA definitions for `ref`/`out` captured variables

    commit 6440db786dee4af0f295d525c302b9ffceb3c9c0
    Merge: 725194a3b 9b12ceae8
    Author: Geoffrey White <[email protected]>
    Date:   Mon Oct 12 11:20:09 2020 +0100

        Merge pull request #4420 from jbj/SimpleRangeAnalysis-widen-Expr

        C++: SimpleRangeAnalysis: widen recursive *, +, -

    commit 58727cb8ad20ec39d77ec751624135f9f9e2b520
    Author: Geoffrey White <[email protected]>
    Date:   Mon Oct 12 10:52:50 2020 +0100

        C++: Update change note.

    commit 4363f08b45df19caf464fa33f4e906cf893bb185
    Author: Geoffrey White <[email protected]>
    Date:   Mon Oct 12 10:47:08 2020 +0100

        C++: Model std::set::emplace and emplace_hint.

    commit 30b9d13a4524c345443df33c32f162b7fd1a43f1
    Author: Jonas Jensen <[email protected]>
    Date:   Mon Oct 12 11:25:38 2020 +0200

        C++: Correct annotation in test

    commit 5d87117dc792bd16cbf6001f513c273d4a021289
    Author: Geoffrey White <[email protected]>
    Date:   Mon Oct 12 10:10:40 2020 +0100

        C++: Model std::set::lower_bound, upper_bound, equal_range.

    commit 9b12ceae8d69165c1746372af19f4a370240b6c0
    Author: Jonas Jensen <[email protected]>
    Date:   Tue Oct 6 13:28:07 2020 +0200

        C++: SimpleRangeAnalysis: widen recursive *, +, -

        The number of candidate bounds during the main `SimpleRangeAnalysis`
        recursion was in principle always exponential in the size of the
        program, but in practice it did not get out of hand when only `+` and
        `-` operations were supported. Now that `*` is also supported, the range
        analysis started timing out on the SinaMostafanejad/OpenRDM project. The
        problematic expressions in that project are of the form

            a*x*x*x + b*x*x + c*x + d

        where most of the variables involved are recursive definitions and are
        therefore likely to have a large number of candidate bounds.

        The fix here is to identify those few binary operations that are most
        likely to cause an explosion in the number of bounds and apply widening
        to them. Previously, widening was only applied at definitions.

    commit bbeea452e1ca5f352553264d86d9ec1a5ca0661f
    Author: Jonas Jensen <[email protected]>
    Date:   Mon Oct 12 11:06:54 2020 +0200

        C++: Add test with widening of binary Expr

    commit fc19bba0bdbde5f3e693a604a1f722f5f0747759
    Author: Geoffrey White <[email protected]>
    Date:   Mon Oct 12 10:01:57 2020 +0100

        C++: Model std::set::merge and correct test annotations.

    commit 9d1f64d35d27321a4c50976ebd712f04f7d243e4
    Author: Tom Hvitved <[email protected]>
    Date:   Fri Oct 9 15:47:05 2020 +0200

        C#: Avoid overlapping SSA definitions for `ref`/`out` captured variables

    commit 725194a3b8c8d09786c2758604b5c31deb021ded
    Merge: c8cacb9fe 091e3a293
    Author: Anders Schack-Mulligen <[email protected]>
    Date:   Mon Oct 12 08:56:19 2020 +0200

        Merge pull request #4447 from aschackmull/dataflow/postupdate-flow-consistency

        Dataflow: Introduce consistency check for flow targeting PostUpdateNodes

    commit 0c70be145f366446fc593b1617268b4bd9728693
    Author: Daniel Beck <[email protected]>
    Date:   Sat Oct 10 20:29:01 2020 +0200

        Track taint through java.io.File constructor and #toURI; URI#toURL

    commit c63f7cb409ecc76d157a69093074f082155ddcb1
    Author: Geoffrey White <[email protected]>
    Date:   Fri Oct 9 16:33:54 2020 +0100

        C++: Taint through emplace from qualifier to return value.

    commit 270517d3797d1e2e8b58ed8cb3030e93d905447e
    Author: Geoffrey White <[email protected]>
    Date:   Fri Oct 9 16:05:56 2020 +0100

        C++: Revise model of emplace and emplace_hint.  Note that 2 of the 3 taint regressions we shouldn't be getting because we don't yet do taint through keys.

    commit 49c121d370007c76eddabbfd07c266b6627e56b0
    Author: Geoffrey White <[email protected]>
    Date:   Fri Oct 9 15:56:06 2020 +0100

        C++: More test cases covering other std::pair constructors.

    commit 091e3a2931d43bdcf35f8763f9301193d58ad5c7
    Author: Anders Schack-Mulligen <[email protected]>
    Date:   Fri Oct 9 16:25:14 2020 +0200

        Dataflow: Adjust test output.

    commit 4bd56fdbe44bc4d0ae09ee47200c3b1ee94322e8
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Fri Oct 9 16:13:47 2020 +0200

        Python: Implement framework sinks

    commit 0d8bd01e10549c5ee2f4db76d8d74775c02d4b19
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Fri Oct 9 16:11:37 2020 +0200

        Python: Port query and add test

    commit 723699a58422bd61b6fb0bb12733b76acdda01b0
    Author: Tom Hvitved <[email protected]>
    Date:   Fri Oct 9 15:38:37 2020 +0200

        C#: Add SSA test for overlapping captured variable definitions

    commit c8cacb9fee0a66c589f0f24406d1f5210842959d
    Merge: 4c9ffcec2 42ee13630
    Author: James Fletcher <[email protected]>
    Date:   Fri Oct 9 14:47:39 2020 +0100

        Merge pull request #4451 from github/jf205-patch-2

        Fix typo in CodeQL docs template

    commit 61a78e28acf01617ecd325dd98dd13a792d3fe90
    Author: Geoffrey White <[email protected]>
    Date:   Fri Oct 9 14:46:17 2020 +0100

        C++: Fix map::merge.

    commit 42ee136306e3c462768cc6bdef9e31339ceca2d1
    Author: James Fletcher <[email protected]>
    Date:   Fri Oct 9 14:33:45 2020 +0100

        Update layout.html

    commit a0cbeb6093536da08f6e18781f44965dcb5ed1b9
    Author: Erik Krogh Kristensen <[email protected]>
    Date:   Fri Oct 9 14:54:34 2020 +0200

        add change note

    commit 2fb19f0b117b422d1047af50a0cc969175dd25b9
    Author: Erik Krogh Kristensen <[email protected]>
    Date:   Fri Oct 9 14:50:16 2020 +0200

        refactor into a single regular expression with two capture groups

    commit f6f8bbd1d8657395de8eb65ab0f3704b294ccb01
    Author: Erik Krogh Kristensen <[email protected]>
    Date:   Fri Oct 9 14:46:31 2020 +0200

        Update javascript/ql/src/semmle/javascript/frameworks/ServerLess.qll

        Co-authored-by: Esben Sparre Andreasen <[email protected]>

    commit 1c043447e8be5802c3c0b9910e8ce4786125bc49
    Author: Anders Schack-Mulligen <[email protected]>
    Date:   Fri Oct 9 14:29:52 2020 +0200

        Dataflow: Introduce consistency check for flow targeting PostUpdateNodes.

    commit 4c9ffcec2714424f72569123441b91ac90adc1bf
    Merge: 2436c5625 493b80c44
    Author: Jonas Jensen <[email protected]>
    Date:   Fri Oct 9 13:30:05 2020 +0200

        Merge pull request #4396 from geoffw0/stringsets

        C++: Use [, ...] syntax more widely.

    commit 2436c5625888e94f30734bdbab7d34ca08dc2c8d
    Merge: b0d01cfe8 6d78c7b46
    Author: James Fletcher <[email protected]>
    Date:   Fri Oct 9 11:40:47 2020 +0100

        Merge pull request #4444 from github/codeql-style-updates

        [CodeQL docs] First pass at style updates for docs microsite

    commit b0d01cfe8d317fb15839488dc9369079f7e2fa96
    Merge: 412524103 3af3d87ec
    Author: Alexander Eyers-Taylor <[email protected]>
    Date:   Fri Oct 9 10:45:11 2020 +0100

        Merge pull request #4370 from jbj/range-analysis-mega-change-note

        C++: Change note for several range-analysis PRs

    commit 6d78c7b46e97b023169548f7d212bb06868baa2f
    Author: james <[email protected]>
    Date:   Fri Oct 9 10:04:39 2020 +0100

        fix path to primer.css in template

    commit 1f1be3bf9a76893179e42e419985ae54f8db2457
    Author: Geoffrey White <[email protected]>
    Date:   Fri Oct 9 10:04:22 2020 +0100

        C++: Block try_emplace arg 0.

    commit de429067855224fd9dc18ca99a393362873139a7
    Author: james <[email protected]>
    Date:   Fri Oct 9 10:00:41 2020 +0100

        hide header text on small screens and fix body width

    commit 2fe986eb7940022a885e286f996b2c13714f2963
    Author: james <[email protected]>
    Date:   Thu Oct 8 14:22:49 2020 +0100

        add local primer.css

    commit 8786fe1ab82c7a74155361f509f615c2166ba17a
    Author: Geoffrey White <[email protected]>
    Date:   Fri Oct 9 09:55:50 2020 +0100

        C++: Add test missing test case involving tainted key.

    commit 412524103c4f96570b181db5dca015d34d38b09c
    Merge: 3894ecf77 ca4e5014a
    Author: Tom Hvitved <[email protected]>
    Date:   Fri Oct 9 10:54:56 2020 +0200

        Merge pull request #4437 from hvitved/csharp/cfg/compiler-generated-array-lengths

        C#: Include compiler-generated array lengths in the CFG

    commit 3894ecf7792ec8c52fb02711c6232ff4a3ecc6d3
    Merge: f42cbcbea 4bf6f6ac7
    Author: CodeQL CI <[email protected]>
    Date:   Fri Oct 9 00:37:38 2020 -0700

        Merge pull request #4441 from max-schaefer/js/add-negative-api-graphs-test

        Approved by erik-krogh

    commit 3b328baaef479e6d34fa2cfbde4cfbf58c6e2906
    Author: Erik Krogh Kristensen <[email protected]>
    Date:   Thu Oct 8 21:54:23 2020 +0200

        changes based on review

    commit 65b90c411c88502f694c326c4d314b1ac8173977
    Author: Erik Krogh Kristensen <[email protected]>
    Date:   Thu Oct 8 21:28:50 2020 +0200

        Update javascript/ql/src/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll

        Co-authored-by: Esben Sparre Andreasen <[email protected]>

    commit 4bf6f6ac7ca3a899af3bc2a20d4ac9dd5dbd01a0
    Author: Max Schaefer <[email protected]>
    Date:   Thu Oct 8 19:53:23 2020 +0100

        JavaScript: Add a negative test for API graphs.

        The test ensures that flow summarization won't label property `f` of the first parameter of `assertNotNull` as a sink, which would be very imprecise.

    commit 493b80c44d81c4c764a199794dabfab0c59880c3
    Author: Geoffrey White <[email protected]>
    Date:   Thu Oct 8 17:46:50 2020 +0100

        C++: Fix incorrect translations to hasQualifiedName.

    commit f42cbcbeae99d8fe309b80205af27331f0d82c7d
    Merge: b409cf6ce f3f908383
    Author: Tamás Vajk <[email protected]>
    Date:   Thu Oct 8 18:23:12 2020 +0200

        Merge pull request #4428 from tamasvajk/feature/force-nuget-single-restore

        C#: Add '-DisableParallelProcessing' flag to nuget restore in Autobuilder

    commit 60eec7b1363c0182d54c567b4495a48646b993ca
    Author: Taus <[email protected]>
    Date:   Thu Oct 8 18:14:20 2020 +0200

        Python: Update python/ql/src/experimental/dataflow/internal/Attributes.qll

        Co-authored-by: Rasmus Wriedt Larsen <[email protected]>

    commit d46453caaa6dd28ab0ed5a183fa077e4e17f4c61
    Author: Taus Brock-Nannestad <[email protected]>
    Date:   Thu Oct 8 18:08:55 2020 +0200

        Python: Support named imports as attribute reads

        Required a small change in `DataFlow::importModule` to get the desired
        behaviour (cf. the type trackers defined in `moduleattr.ql`, but this
        should be harmless. The node that is added doesn't have any flow
        anywhere.

    commit c555cfa22af4d03c8479f54509044001720eab9e
    Author: Geoffrey White <[email protected]>
    Date:   Thu Oct 8 16:55:45 2020 +0100

        C++: Replace isParameterDeref(_).

    commit f3f908383b4fc900d355ee78411f19f707e12dd2
    Author: Tamas Vajk <[email protected]>
    Date:   Thu Oct 8 17:07:40 2020 +0200

        C#: Adjust autobuilder tests for added nuget.exe flag

    commit 522f41377ffad825525636d78f577c950bb53c06
    Author: Tamas Vajk <[email protected]>
    Date:   Wed Oct 7 12:20:14 2020 +0200

        C#: Add '-DisableParallelProcessing' flag to nuget restore in Autobuilder

    commit e01e4b5bdedee58785c6b02858f542f9e5e8c16c
    Author: Geoffrey White <[email protected]>
    Date:   Thu Oct 8 14:29:08 2020 +0100

        C++: Fix QLDoc comments.

    commit 5c1a510e4a2b7463b3f73556bb1bd24f32995ae7
    Author: Geoffrey White <[email protected]>
    Date:   Wed Oct 7 12:17:13 2020 +0100

        C++: Model map::lower_bound, upper_bound and equal_range.

    commit ef9a7c8cdb05cc3138abe61f9f3a9be667e02b28
    Author: Geoffrey White <[email protected]>
    Date:   Wed Oct 7 11:55:46 2020 +0100

        C++: Model map::merge.

    commit b7ab89c892282c7a670cfcb6ea514a06af4554b9
    Author: Geoffrey White <[email protected]>
    Date:   Wed Oct 7 11:48:16 2020 +0100

        C++: Model map::emplace, emplace_hint and map::try_emplace.

    commit b409cf6cea7d0e6645e39a97c4ee3e012d315c0c
    Merge: f179e7ebf 662736eb2
    Author: Jonas Jensen <[email protected]>
    Date:   Thu Oct 8 15:18:15 2020 +0200

        Merge pull request #4389 from gsingh93/bitwise-and

        Improve range analysis for bitwise and

    commit 6394b1b478bca1a51bba47c1cdf96629131fdf60
    Author: Geoffrey White <[email protected]>
    Date:   Thu Oct 8 13:46:00 2020 +0100

        C++: Additional test cases for emplace.

    commit df447c0af9ec7d62b428ebdfb5d21efcad2c1203
    Author: Taus Brock-Nannestad <[email protected]>
    Date:   Thu Oct 8 15:01:24 2020 +0200

        Python: Remove flow from `getAttributeName`

    commit ceb249680ec909086ef8e841489315583134cb20
    Author: Taus Brock-Nannestad <[email protected]>
    Date:   Thu Oct 8 15:00:14 2020 +0200

        Python: Reuse existing `node` fields

        Also changes `x = TCfgNode(y)` to `x.asCfgNode() = y` where applicable.

    commit 31596ef56988d1f97fcc13bf551bc84bde5e0af7
    Author: Taus Brock-Nannestad <[email protected]>
    Date:   Thu Oct 8 14:55:27 2020 +0200

        Python: Clean up and extend built-in call node classes

    commit e9ecc00b370ba137ae550f86ea7483401367e6e5
    Author: Taus Brock-Nannestad <[email protected]>
    Date:   Thu Oct 8 14:53:54 2020 +0200

        Python: Implement and use `mayHaveAttributeName`

    commit 61d5372d077d92959ee6f2f03678baa4556e1a29
    Author: Geoffrey White <[email protected]>
    Date:   Thu Oct 8 13:43:49 2020 +0100

        C++: Test spacing.

    commit 4c4dd0c9590e3aefb5533cc3f3afd2e0f7987c67
    Author: Geoffrey White <[email protected]>
    Date:   Wed Oct 7 12:06:28 2020 +0100

        C++: Fix a bug in the tests.

    commit f179e7ebf491484b3b7e4bc81f96dfd3668efe5c
    Merge: ce8567c64 396f35339
    Author: CodeQL CI <[email protected]>
    Date:   Thu Oct 8 03:09:38 2020 -0700

        Merge pull request #4291 from asgerf/js/lean-dependency-installation-plainjava

        Approved by erik-krogh

    commit 0b0763953ea093facbf3d4b88ca9c06c79bd9a62
    Author: Rasmus Wriedt Larsen <[email protected]>
    Date:   Thu Oct 8 11:15:36 2020 +0200

        Python: Update description of CodeInjection

        Co-authored-by: intrigus-lgtm <[email protected]>

    commit 7d086b23ffe6f1806368a95783cd5e25a21c308c
    Author: yoff <[email protected]>
    Date:   Thu Oct 8 10:53:52 2020 +0200

        Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll

        Co-authored-by: Rasmus Wriedt Larsen <[email protected]>

    commit ca4e5014ae16b2a50ea2cc358771eb29d31cce64
    Author: Tom Hvitved <[email protected]>
    Date:   Thu Oct 8 10:12:17 2020 +0200

        C#: Include compiler-generated array lengths in the CFG

    commit 19796a4c9c93cafb8e8be9d427fd9b3c1e588b3d
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Thu Oct 8 10:35:01 2020 +0200

        Python: Improve tests and make `validTest` happy

    commit ce8567c64a5ebc856352a8891c0ffbe169c1c8db
    Merge: b70f5bc95 af36718dc
    Author: Tom Hvitved <[email protected]>
    Date:   Thu Oct 8 10:32:13 2020 +0200

        Merge pull request #4293 from hvitved/csharp/cfg/assertions

        C#: Model assertions in the CFG

    commit cc0661bce17c28a3ce3ce43f9eda20ae77bcb3db
    Author: Rasmus Lerchedahl Petersen <[email protected]>
    Date:   Thu Oct 8 10:11:00 2020 +0200

        Python: More/better comments

    commit b70f5bc95435ce9735d010e0bcd1b30ac8eb5147
    Merge: cb00f8bcc 31816af11
    Author: Tom Hvitved <[email protected]>
    Date:   Thu Oct 8 09:13:43 2020 +0200

        Merge pull request #4433 from hvitved/csharp/dataflow/switch-expr

        C#: Add missing data-flow for switch expressions

    commit cb00f8bcc4dd0b1c50c2222657847f6af6aaef86
    Merge: 06f1c898d 94dc11c45
    Author: Anders Schack-Mulligen <[email protected]>
    Date:   Thu Oct 8 09:10:04 2020 +0200

        Merge pull request #4362 from tamasvajk/feature/sign-analysis-cleanup

        Sign analysis cleanup

    commit 662736eb2d8d522eb384221d29a34268c147cc99
    Author: Gulshan Singh <[email protected]>
    Date:   Wed Oct 7 12:45:08 2020 -0700

        Fix compiler error after removing getLOp/getROp

    commit 06f1c898dcd6d1945559d710dceb21c9b30e4041
    Merge: a9bb7b526 4df6a4161
    Author: Tamás Vajk <[email protected]>
    Date:   Wed Oct 7 21:21:20 2020 +0200

        Merge pull request #4349 from tamasvajk/feature/modulus-analysis

        ModulusAnalysis shared between C# and Java

    commit 46ec7fbf6e3428b62284aec7b440917a9b860c59
    Author: Rasmus Wriedt Larsen <ras…

.codeqlmanifest.json

@@ -1,5 +1,6 @@
 { "provide": [ "*/ql/src/qlpack.yml",
                "*/ql/test/qlpack.yml",
+               "*/ql/examples/qlpack.yml",
                "*/upgrades/qlpack.yml",
                "misc/legacy-support/*/qlpack.yml",
                "misc/suite-helpers/qlpack.yml" ] }

.devcontainer/devcontainer.json

@@ -4,6 +4,6 @@
     "slevesque.vscode-zipexplorer"
   ],
   "settings": {
-    "codeQL.experimentalBqrsParsing": true
+    "codeQL.runningQueries.memory": 2048
   }
 }

.github/codeql/codeql-config.yml

@@ -0,0 +1,11 @@
+name: "CodeQL config"
+
+queries:
+  - uses: security-and-quality
+
+paths-ignore:
+  - '/cpp/'
+  - '/java/'
+  - '/python/'
+  - '/javascript/ql/test'
+  - '/javascript/extractor/tests'

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,52 @@
+name: "Code scanning - action"
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 9 * * 1'
+
+jobs:
+  CodeQL-Build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      # Override language selection by uncommenting this and choosing your languages
+      with:
+        languages: csharp
+        config-file: ./.github/codeql/codeql-config.yml
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/labeler.yml

@@ -0,0 +1,11 @@
+name: "Pull Request Labeler"
+on:
+- pull_request_target
+
+jobs:
+  triage:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v2
+      with:
+        repo-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/query-list.yml

@@ -0,0 +1,49 @@
+name: Build code scanning query list
+
+on:
+  push:
+    branches:
+     - main
+     - 'rc/**'
+  pull_request:
+    paths:
+      - '.github/workflows/query-list.yml'
+      - 'misc/scripts/generate-code-scanning-query-list.py'
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Clone self (github/codeql)
+      uses: actions/checkout@v2
+      with:
+        path: codeql 
+    - name: Clone github/codeql-go
+      uses: actions/checkout@v2
+      with:
+        repository: 'github/codeql-go'
+        path: codeql-go
+    - name: Set up Python 3.8
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.8
+    - name: Download CodeQL CLI
+      uses: dsaltares/fetch-gh-release-asset@aa37ae5c44d3c9820bc12fe675e8670ecd93bd1c
+      with:
+        repo: "github/codeql-cli-binaries"
+        version: "latest"
+        file: "codeql-linux64.zip"
+        token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Unzip CodeQL CLI
+      run: unzip -d codeql-cli codeql-linux64.zip
+    - name: Build code scanning query list
+      run: |
+        PATH="$PATH:codeql-cli/codeql" python codeql/misc/scripts/generate-code-scanning-query-list.py > code-scanning-query-list.csv
+    - name: Upload code scanning query list
+      uses: actions/upload-artifact@v2
+      with:
+        name: code-scanning-query-list
+        path: code-scanning-query-list.csv
+

.vscode/extensions.json

@@ -3,8 +3,8 @@
     // Extension identifier format: ${publisher}.${name}. Example: vscode.csharp
     // List of extensions which should be recommended for users of this workspace.
     "recommendations": [
-        "github.vscode-codeql"
+        "GitHub.vscode-codeql"
     ],
     // List of extensions recommended by VS Code that should not be recommended for users of this workspace.
     "unwantedRecommendations": []
-}
+}

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "omnisharp.autoStart": false
+}

CONTRIBUTING.md

@@ -53,14 +53,6 @@ After the experimental query is merged, we welcome pull requests to improve it.
 
 ## Using your personal data
 
-If you contribute to this project, we will record your name and email
-address (as provided by you with your contributions) as part of the code
-repositories, which are public. We might also use this information
-to contact you in relation to your contributions, as well as in the
-normal course of software development. We also store records of your
-CLA agreements. Under GDPR legislation, we do this
-on the basis of our legitimate interest in creating the CodeQL product.
-
-Please do get in touch ([email protected]) if you have any questions about
-this or our data protection policies.
+If you contribute to this project, we will record your name and email address (as provided by you with your contributions) as part of the code repositories, which are public. We might also use this information to contact you in relation to your contributions, as well as in the normal course of software development. We also store records of CLA agreements signed in the past, but no longer require contributors to sign a CLA. Under GDPR legislation, we do this on the basis of our legitimate interest in creating the CodeQL product. 
 
+Please do get in touch ([email protected]) if you have any questions about this or our data protection policies.

README.md

@@ -9,7 +9,7 @@ You can use the [interactive query console](https://lgtm.com/help/lgtm/using-que
 
 ## Contributing
 
-We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our [contributing guidelines](CONTRIBUTING.md). You can also consult our [style guides](https://github.com/github/codeql/tree/master/docs) to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.
+We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our [contributing guidelines](CONTRIBUTING.md). You can also consult our [style guides](https://github.com/github/codeql/tree/main/docs) to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.
 
 ## License
 

change-notes/1.25/analysis-cpp.md

@@ -13,6 +13,8 @@ The following changes in version 1.25 affect C/C++ analysis in all applications.
 
 | **Query**                  | **Expected impact**    | **Change**                                                       |
 |----------------------------|------------------------|------------------------------------------------------------------|
+| Uncontrolled format string (`cpp/tainted-format-string`) |  | This query is now displayed by default on LGTM. |
+| Uncontrolled format string (through global variable) (`cpp/tainted-format-string-through-global`) |  | This query is now displayed by default on LGTM. |
 
 ## Changes to libraries
 

change-notes/1.25/analysis-csharp.md

@@ -28,27 +28,51 @@ The following changes in version 1.25 affect C# analysis in all applications.
   such as `A<int>.B`, no longer are considered unbound generics. (Such nested types do,
   however, still have relevant `.getSourceDeclaration()`s, for example `A<>.B`.)
 * The data-flow library has been improved, which affects most security queries by potentially
-  adding more results. Flow through methods now takes nested field reads/writes into account.
-  For example, the library is able to track flow from `"taint"` to `Sink()` via the method
-  `GetF2F1()` in
-  ```csharp
-  class C1
-  {
-      string F1;
-  }
-
-  class C2
-  {
-      C1 F2;
-
-      string GetF2F1() => F2.F1; // Nested field read
-
-      void M()
-      {
-          F2 = new C1() { F1 = "taint" };
-          Sink(GetF2F1()); // NEW: "taint" reaches here
-      }
-  }
-  ```
+  adding more results:
+  - Flow through methods now takes nested field reads/writes into account.
+    For example, the library is able to track flow from `"taint"` to `Sink()` via the method
+    `GetF2F1()` in
+    ```csharp
+    class C1
+    {
+        string F1;
+    }
+
+    class C2
+    {
+        C1 F2;
+
+        string GetF2F1() => F2.F1; // Nested field read
+
+        void M()
+        {
+            F2 = new C1() { F1 = "taint" };
+            Sink(GetF2F1()); // NEW: "taint" reaches here
+        }
+    }
+    ```
+  - Flow through collections is now modeled precisely. For example, instead of modeling an array
+    store `a[i] = x` as a taint-step from `x` to `a`, we now model it as a data-flow step that
+    stores `x` into `a`. To get the value back out, a matching read step must be taken.
+
+    For source-code based data-flow analysis, the following constructs are modeled as stores into
+    collections:
+    - Direct array assignments, `a[i] = x`.
+    - Array initializers, `new [] { x }`.
+    - C# 6-style array initializers, `new C() { Array = { [i] = x } }`.
+    - Call arguments that match a `params` parameter, where the C# compiler creates an array under-the-hood.
+    - `yield return` statements.
+
+    The following source-code constructs read from a collection:
+    - Direct array reads, `a[i]`.
+    - `foreach` statements.
+
+    For calls out to library code, existing flow summaries have been refined to precisely
+    capture how they interact with collection contents. For example, a call to
+    `System.Collections.Generic.List<T>.Add(T)` stores the value of the argument into the
+    qualifier, and a call to `System.Collections.Generic.List<T>.get_Item(int)` (that is, an
+    indexer call) reads contents out of the qualifier. Moreover, the effect of
+    collection-clearing methods such as `System.Collections.Generic.List<T>.Clear()` is now
+    also modeled.
 
 ## Changes to autobuilder

change-notes/1.25/analysis-java.md

@@ -4,20 +4,26 @@ The following changes in version 1.25 affect Java analysis in all applications.
 
 ## General improvements
 
-## New queries
-
-| **Query**                   | **Tags**  | **Purpose**                                                        |
-|-----------------------------|-----------|--------------------------------------------------------------------|
-
+The Java autobuilder has been improved to detect more Gradle Java versions.
 
 ## Changes to existing queries
 
 | **Query**                    | **Expected impact**    | **Change**                        |
 |------------------------------|------------------------|-----------------------------------|
-
+| Hard-coded credential in API call (`java/hardcoded-credential-api-call`) | More results | The query now recognizes the `BasicAWSCredentials` class of the Amazon client SDK library with hardcoded access key/secret key. |
+| Deserialization of user-controlled data (`java/unsafe-deserialization`) | Fewer false positive results | The query no longer reports results using `org.apache.commons.io.serialization.ValidatingObjectInputStream`. |
+| Use of a broken or risky cryptographic algorithm (`java/weak-cryptographic-algorithm`) | More results | The query now recognizes the `MessageDigest.getInstance` method. |
+| Use of a potentially broken or risky cryptographic algorithm (`java/potentially-weak-cryptographic-algorithm`) | More results | The query now recognizes the `MessageDigest.getInstance` method. |
+| Reading from a world writable file (`java/world-writable-file-read`) | More results | The query now recognizes more JDK file operations. |
 
 ## Changes to libraries
 
+* The data-flow library has been improved with more taint flow modeling for the
+  Collections framework and other classes of the JDK. This affects all security
+  queries using data flow and can yield additional results.
+* The data-flow library has been improved with more taint flow modeling for the
+  Spring framework. This affects all security queries using data flow and can
+  yield additional results on project that rely on the Spring framework.
 * The data-flow library has been improved, which affects most security queries by potentially
   adding more results. Flow through methods now takes nested field reads/writes into account.
   For example, the library is able to track flow from `"taint"` to `sink()` via the method
@@ -39,3 +45,5 @@ The following changes in version 1.25 affect Java analysis in all applications.
     }
   }
   ```
+* The library has been extended with more support for Java 14 features
+  (`switch` expressions and pattern-matching for `instanceof`).