From 958472c25144003d448768e092046f375c35a2b2 Mon Sep 17 00:00:00 2001 From: Mike Fairhurst Date: Sun, 24 Aug 2025 12:57:16 -0700 Subject: [PATCH 1/3] Upgrade to 0.0.3, correct for codeql-util breaking dense rank change. Previous publication didn't properly test modules with the latest codeql/util, thus missing a breaking change to `DenseRank` that affected some modules. Publish a fix to this as 0.0.3 -- fixes the codeql/util constraint, and adapts modules to the new `DenseRank` API. --- cpp/src/codeql-pack.lock.yml | 20 ++++---------------- cpp/src/qlpack.yml | 4 ++-- cpp/test/codeql-pack.lock.yml | 20 ++++---------------- csharp/src/codeql-pack.lock.yml | 20 ++++++++++---------- csharp/src/qlpack.yml | 4 ++-- csharp/test/codeql-pack.lock.yml | 20 ++++++++++---------- go/src/codeql-pack.lock.yml | 16 ++++++++-------- go/src/qlpack.yml | 4 ++-- go/test/codeql-pack.lock.yml | 16 ++++++++-------- java/src/codeql-pack.lock.yml | 28 ++++++++++++++++------------ java/src/qlpack.yml | 4 ++-- java/test/codeql-pack.lock.yml | 28 ++++++++++++++++------------ javascript/src/codeql-pack.lock.yml | 24 +++++++++++++----------- javascript/src/qlpack.yml | 4 ++-- javascript/test/codeql-pack.lock.yml | 24 +++++++++++++----------- python/src/codeql-pack.lock.yml | 24 +++++++++++++----------- python/src/qlpack.yml | 4 ++-- python/test/codeql-pack.lock.yml | 24 +++++++++++++----------- ruby/src/codeql-pack.lock.yml | 18 +++++------------- ruby/src/qlpack.yml | 2 +- ruby/test/codeql-pack.lock.yml | 18 +++++------------- src/qlpack.yml | 4 ++-- src/qtil/list/CondensedList.qll | 10 +++++----- swift/src/codeql-pack.lock.yml | 18 +++++++++--------- swift/src/qlpack.yml | 4 ++-- swift/test/codeql-pack.lock.yml | 18 +++++++++--------- test/codeql-pack.lock.yml | 20 ++++++++++---------- test/qlpack.yml | 2 +- test/qtil/list/CondensedListTest.ql | 2 +- 29 files changed, 190 insertions(+), 214 deletions(-) diff --git a/cpp/src/codeql-pack.lock.yml b/cpp/src/codeql-pack.lock.yml index ab9a39f..f4d780a 100644 --- a/cpp/src/codeql-pack.lock.yml +++ b/cpp/src/codeql-pack.lock.yml @@ -2,23 +2,11 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 2.1.1 - codeql/dataflow: - version: 1.1.6 - codeql/mad: - version: 1.0.12 - codeql/rangeanalysis: - version: 1.0.12 + version: 0.6.1 codeql/ssa: - version: 1.0.12 + version: 0.0.14 codeql/tutorial: - version: 1.0.12 - codeql/typeflow: - version: 1.0.12 - codeql/typetracking: - version: 1.0.12 + version: 0.0.7 codeql/util: - version: 1.0.12 - codeql/xml: - version: 1.0.12 + version: 2.0.16 compiled: false diff --git a/cpp/src/qlpack.yml b/cpp/src/qlpack.yml index 826fb15..1f51291 100644 --- a/cpp/src/qlpack.yml +++ b/cpp/src/qlpack.yml @@ -1,8 +1,8 @@ name: advanced-security/qtil-cpp library: true warnOnImplicitThis: false -version: 0.0.2 +version: 0.0.3 license: MIT dependencies: codeql/cpp-all: '>=0.0.1 <5.0.0' - advanced-security/qtil: 0.0.2 \ No newline at end of file + advanced-security/qtil: 0.0.3 \ No newline at end of file diff --git a/cpp/test/codeql-pack.lock.yml b/cpp/test/codeql-pack.lock.yml index ab9a39f..f4d780a 100644 --- a/cpp/test/codeql-pack.lock.yml +++ b/cpp/test/codeql-pack.lock.yml @@ -2,23 +2,11 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 2.1.1 - codeql/dataflow: - version: 1.1.6 - codeql/mad: - version: 1.0.12 - codeql/rangeanalysis: - version: 1.0.12 + version: 0.6.1 codeql/ssa: - version: 1.0.12 + version: 0.0.14 codeql/tutorial: - version: 1.0.12 - codeql/typeflow: - version: 1.0.12 - codeql/typetracking: - version: 1.0.12 + version: 0.0.7 codeql/util: - version: 1.0.12 - codeql/xml: - version: 1.0.12 + version: 2.0.16 compiled: false diff --git a/csharp/src/codeql-pack.lock.yml b/csharp/src/codeql-pack.lock.yml index d96ac38..6405cc3 100644 --- a/csharp/src/codeql-pack.lock.yml +++ b/csharp/src/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 1.0.12 + version: 2.0.13 codeql/csharp-all: - version: 3.1.1 + version: 5.2.2 codeql/dataflow: - version: 1.1.6 + version: 2.0.13 codeql/mad: - version: 1.0.12 + version: 1.0.29 codeql/ssa: - version: 1.0.12 + version: 2.0.5 codeql/threat-models: - version: 1.0.12 + version: 1.0.29 codeql/tutorial: - version: 1.0.12 + version: 1.0.29 codeql/typetracking: - version: 1.0.12 + version: 2.0.13 codeql/util: - version: 1.0.12 + version: 2.0.16 codeql/xml: - version: 1.0.12 + version: 1.0.29 compiled: false diff --git a/csharp/src/qlpack.yml b/csharp/src/qlpack.yml index 9c0833d..c43c39e 100644 --- a/csharp/src/qlpack.yml +++ b/csharp/src/qlpack.yml @@ -1,8 +1,8 @@ name: advanced-security/qtil-csharp library: true warnOnImplicitThis: false -version: 0.0.2 +version: 0.0.3 license: MIT dependencies: codeql/csharp-all: '>=0.0.1 <6.0.0' - advanced-security/qtil: 0.0.2 \ No newline at end of file + advanced-security/qtil: 0.0.3 \ No newline at end of file diff --git a/csharp/test/codeql-pack.lock.yml b/csharp/test/codeql-pack.lock.yml index d96ac38..6405cc3 100644 --- a/csharp/test/codeql-pack.lock.yml +++ b/csharp/test/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 1.0.12 + version: 2.0.13 codeql/csharp-all: - version: 3.1.1 + version: 5.2.2 codeql/dataflow: - version: 1.1.6 + version: 2.0.13 codeql/mad: - version: 1.0.12 + version: 1.0.29 codeql/ssa: - version: 1.0.12 + version: 2.0.5 codeql/threat-models: - version: 1.0.12 + version: 1.0.29 codeql/tutorial: - version: 1.0.12 + version: 1.0.29 codeql/typetracking: - version: 1.0.12 + version: 2.0.13 codeql/util: - version: 1.0.12 + version: 2.0.16 codeql/xml: - version: 1.0.12 + version: 1.0.29 compiled: false diff --git a/go/src/codeql-pack.lock.yml b/go/src/codeql-pack.lock.yml index dcde6c7..1818451 100644 --- a/go/src/codeql-pack.lock.yml +++ b/go/src/codeql-pack.lock.yml @@ -2,19 +2,19 @@ lockVersion: 1.0.0 dependencies: codeql/dataflow: - version: 1.1.6 + version: 2.0.13 codeql/go-all: - version: 2.1.3 + version: 4.3.2 codeql/mad: - version: 1.0.12 + version: 1.0.29 codeql/ssa: - version: 1.0.12 + version: 2.0.5 codeql/threat-models: - version: 1.0.12 + version: 1.0.29 codeql/tutorial: - version: 1.0.12 + version: 1.0.29 codeql/typetracking: - version: 1.0.12 + version: 2.0.13 codeql/util: - version: 1.0.12 + version: 2.0.16 compiled: false diff --git a/go/src/qlpack.yml b/go/src/qlpack.yml index 85532e4..e4da51b 100644 --- a/go/src/qlpack.yml +++ b/go/src/qlpack.yml @@ -1,8 +1,8 @@ name: advanced-security/qtil-go library: true warnOnImplicitThis: false -version: 0.0.2 +version: 0.0.3 license: MIT dependencies: codeql/go-all: '>=0.0.1 <5.0.0' - advanced-security/qtil: 0.0.2 \ No newline at end of file + advanced-security/qtil: 0.0.3 \ No newline at end of file diff --git a/go/test/codeql-pack.lock.yml b/go/test/codeql-pack.lock.yml index dcde6c7..1818451 100644 --- a/go/test/codeql-pack.lock.yml +++ b/go/test/codeql-pack.lock.yml @@ -2,19 +2,19 @@ lockVersion: 1.0.0 dependencies: codeql/dataflow: - version: 1.1.6 + version: 2.0.13 codeql/go-all: - version: 2.1.3 + version: 4.3.2 codeql/mad: - version: 1.0.12 + version: 1.0.29 codeql/ssa: - version: 1.0.12 + version: 2.0.5 codeql/threat-models: - version: 1.0.12 + version: 1.0.29 codeql/tutorial: - version: 1.0.12 + version: 1.0.29 codeql/typetracking: - version: 1.0.12 + version: 2.0.13 codeql/util: - version: 1.0.12 + version: 2.0.16 compiled: false diff --git a/java/src/codeql-pack.lock.yml b/java/src/codeql-pack.lock.yml index 74425af..50b5473 100644 --- a/java/src/codeql-pack.lock.yml +++ b/java/src/codeql-pack.lock.yml @@ -1,28 +1,32 @@ --- lockVersion: 1.0.0 dependencies: + codeql/controlflow: + version: 2.0.13 codeql/dataflow: - version: 1.1.6 + version: 2.0.13 codeql/java-all: - version: 4.2.1 + version: 7.6.0 codeql/mad: - version: 1.0.12 + version: 1.0.29 + codeql/quantum: + version: 0.0.7 codeql/rangeanalysis: - version: 1.0.12 + version: 1.0.29 codeql/regex: - version: 1.0.12 + version: 1.0.29 codeql/ssa: - version: 1.0.12 + version: 2.0.5 codeql/threat-models: - version: 1.0.12 + version: 1.0.29 codeql/tutorial: - version: 1.0.12 + version: 1.0.29 codeql/typeflow: - version: 1.0.12 + version: 1.0.29 codeql/typetracking: - version: 1.0.12 + version: 2.0.13 codeql/util: - version: 1.0.12 + version: 2.0.16 codeql/xml: - version: 1.0.12 + version: 1.0.29 compiled: false diff --git a/java/src/qlpack.yml b/java/src/qlpack.yml index 9364f00..796729b 100644 --- a/java/src/qlpack.yml +++ b/java/src/qlpack.yml @@ -1,8 +1,8 @@ name: advanced-security/qtil-java library: true warnOnImplicitThis: false -version: 0.0.2 +version: 0.0.3 license: MIT dependencies: codeql/java-all: '>=0.0.1 <8.0.0' - advanced-security/qtil: 0.0.2 \ No newline at end of file + advanced-security/qtil: 0.0.3 \ No newline at end of file diff --git a/java/test/codeql-pack.lock.yml b/java/test/codeql-pack.lock.yml index 74425af..50b5473 100644 --- a/java/test/codeql-pack.lock.yml +++ b/java/test/codeql-pack.lock.yml @@ -1,28 +1,32 @@ --- lockVersion: 1.0.0 dependencies: + codeql/controlflow: + version: 2.0.13 codeql/dataflow: - version: 1.1.6 + version: 2.0.13 codeql/java-all: - version: 4.2.1 + version: 7.6.0 codeql/mad: - version: 1.0.12 + version: 1.0.29 + codeql/quantum: + version: 0.0.7 codeql/rangeanalysis: - version: 1.0.12 + version: 1.0.29 codeql/regex: - version: 1.0.12 + version: 1.0.29 codeql/ssa: - version: 1.0.12 + version: 2.0.5 codeql/threat-models: - version: 1.0.12 + version: 1.0.29 codeql/tutorial: - version: 1.0.12 + version: 1.0.29 codeql/typeflow: - version: 1.0.12 + version: 1.0.29 codeql/typetracking: - version: 1.0.12 + version: 2.0.13 codeql/util: - version: 1.0.12 + version: 2.0.16 codeql/xml: - version: 1.0.12 + version: 1.0.29 compiled: false diff --git a/javascript/src/codeql-pack.lock.yml b/javascript/src/codeql-pack.lock.yml index d9fcb42..e2c921b 100644 --- a/javascript/src/codeql-pack.lock.yml +++ b/javascript/src/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.3 codeql/dataflow: - version: 1.1.6 + version: 2.0.13 codeql/javascript-all: - version: 2.1.1 + version: 2.6.9 codeql/mad: - version: 1.0.12 + version: 1.0.29 codeql/regex: - version: 1.0.12 + version: 1.0.29 codeql/ssa: - version: 1.0.12 + version: 2.0.5 codeql/threat-models: - version: 1.0.12 + version: 1.0.29 codeql/tutorial: - version: 1.0.12 + version: 1.0.29 codeql/typetracking: - version: 1.0.12 + version: 2.0.13 codeql/util: - version: 1.0.12 + version: 2.0.16 codeql/xml: - version: 1.0.12 + version: 1.0.29 codeql/yaml: - version: 1.0.12 + version: 1.0.29 compiled: false diff --git a/javascript/src/qlpack.yml b/javascript/src/qlpack.yml index 2404c7e..b3f5aca 100644 --- a/javascript/src/qlpack.yml +++ b/javascript/src/qlpack.yml @@ -1,8 +1,8 @@ name: advanced-security/qtil-javascript library: true warnOnImplicitThis: false -version: 0.0.2 +version: 0.0.3 license: MIT dependencies: codeql/javascript-all: '>=0.0.1 <3.0.0' - advanced-security/qtil: 0.0.2 \ No newline at end of file + advanced-security/qtil: 0.0.3 \ No newline at end of file diff --git a/javascript/test/codeql-pack.lock.yml b/javascript/test/codeql-pack.lock.yml index d9fcb42..e2c921b 100644 --- a/javascript/test/codeql-pack.lock.yml +++ b/javascript/test/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.3 codeql/dataflow: - version: 1.1.6 + version: 2.0.13 codeql/javascript-all: - version: 2.1.1 + version: 2.6.9 codeql/mad: - version: 1.0.12 + version: 1.0.29 codeql/regex: - version: 1.0.12 + version: 1.0.29 codeql/ssa: - version: 1.0.12 + version: 2.0.5 codeql/threat-models: - version: 1.0.12 + version: 1.0.29 codeql/tutorial: - version: 1.0.12 + version: 1.0.29 codeql/typetracking: - version: 1.0.12 + version: 2.0.13 codeql/util: - version: 1.0.12 + version: 2.0.16 codeql/xml: - version: 1.0.12 + version: 1.0.29 codeql/yaml: - version: 1.0.12 + version: 1.0.29 compiled: false diff --git a/python/src/codeql-pack.lock.yml b/python/src/codeql-pack.lock.yml index 501ac54..0359080 100644 --- a/python/src/codeql-pack.lock.yml +++ b/python/src/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.3 codeql/dataflow: - version: 1.1.6 + version: 2.0.13 codeql/mad: - version: 1.0.12 + version: 1.0.29 codeql/python-all: - version: 2.2.0 + version: 4.0.13 codeql/regex: - version: 1.0.12 + version: 1.0.29 codeql/ssa: - version: 1.0.12 + version: 2.0.5 codeql/threat-models: - version: 1.0.12 + version: 1.0.29 codeql/tutorial: - version: 1.0.12 + version: 1.0.29 codeql/typetracking: - version: 1.0.12 + version: 2.0.13 codeql/util: - version: 1.0.12 + version: 2.0.16 codeql/xml: - version: 1.0.12 + version: 1.0.29 codeql/yaml: - version: 1.0.12 + version: 1.0.29 compiled: false diff --git a/python/src/qlpack.yml b/python/src/qlpack.yml index 2add468..aba6e83 100644 --- a/python/src/qlpack.yml +++ b/python/src/qlpack.yml @@ -1,8 +1,8 @@ name: advanced-security/qtil-python library: true warnOnImplicitThis: false -version: 0.0.2 +version: 0.0.3 license: MIT dependencies: codeql/python-all: '>=0.0.1 <5.0.0' - advanced-security/qtil: 0.0.2 \ No newline at end of file + advanced-security/qtil: 0.0.3 \ No newline at end of file diff --git a/python/test/codeql-pack.lock.yml b/python/test/codeql-pack.lock.yml index 501ac54..0359080 100644 --- a/python/test/codeql-pack.lock.yml +++ b/python/test/codeql-pack.lock.yml @@ -1,26 +1,28 @@ --- lockVersion: 1.0.0 dependencies: + codeql/concepts: + version: 0.0.3 codeql/dataflow: - version: 1.1.6 + version: 2.0.13 codeql/mad: - version: 1.0.12 + version: 1.0.29 codeql/python-all: - version: 2.2.0 + version: 4.0.13 codeql/regex: - version: 1.0.12 + version: 1.0.29 codeql/ssa: - version: 1.0.12 + version: 2.0.5 codeql/threat-models: - version: 1.0.12 + version: 1.0.29 codeql/tutorial: - version: 1.0.12 + version: 1.0.29 codeql/typetracking: - version: 1.0.12 + version: 2.0.13 codeql/util: - version: 1.0.12 + version: 2.0.16 codeql/xml: - version: 1.0.12 + version: 1.0.29 codeql/yaml: - version: 1.0.12 + version: 1.0.29 compiled: false diff --git a/ruby/src/codeql-pack.lock.yml b/ruby/src/codeql-pack.lock.yml index e1bbdb2..b4969cf 100644 --- a/ruby/src/codeql-pack.lock.yml +++ b/ruby/src/codeql-pack.lock.yml @@ -1,22 +1,14 @@ --- lockVersion: 1.0.0 dependencies: - codeql/controlflow: - version: 1.0.12 - codeql/dataflow: - version: 1.1.6 - codeql/mad: - version: 1.0.12 codeql/regex: - version: 1.0.12 + version: 0.0.6 codeql/ruby-all: - version: 2.0.4 + version: 0.5.2 codeql/ssa: - version: 1.0.12 + version: 0.0.10 codeql/tutorial: - version: 1.0.12 - codeql/typetracking: - version: 1.0.12 + version: 0.0.3 codeql/util: - version: 1.0.12 + version: 2.0.16 compiled: false diff --git a/ruby/src/qlpack.yml b/ruby/src/qlpack.yml index 6811175..bffecd0 100644 --- a/ruby/src/qlpack.yml +++ b/ruby/src/qlpack.yml @@ -5,4 +5,4 @@ version: 0.0.2 license: MIT dependencies: codeql/ruby-all: '>=0.0.1 <5.0.0' - advanced-security/qtil: 0.0.2 \ No newline at end of file + advanced-security/qtil: 0.0.3 \ No newline at end of file diff --git a/ruby/test/codeql-pack.lock.yml b/ruby/test/codeql-pack.lock.yml index e1bbdb2..b4969cf 100644 --- a/ruby/test/codeql-pack.lock.yml +++ b/ruby/test/codeql-pack.lock.yml @@ -1,22 +1,14 @@ --- lockVersion: 1.0.0 dependencies: - codeql/controlflow: - version: 1.0.12 - codeql/dataflow: - version: 1.1.6 - codeql/mad: - version: 1.0.12 codeql/regex: - version: 1.0.12 + version: 0.0.6 codeql/ruby-all: - version: 2.0.4 + version: 0.5.2 codeql/ssa: - version: 1.0.12 + version: 0.0.10 codeql/tutorial: - version: 1.0.12 - codeql/typetracking: - version: 1.0.12 + version: 0.0.3 codeql/util: - version: 1.0.12 + version: 2.0.16 compiled: false diff --git a/src/qlpack.yml b/src/qlpack.yml index 73d13da..2bbc955 100644 --- a/src/qlpack.yml +++ b/src/qlpack.yml @@ -1,7 +1,7 @@ name: advanced-security/qtil library: true warnOnImplicitThis: false -version: 0.0.2 +version: 0.0.3 license: MIT dependencies: - codeql/util: ">=1.0.12 <3.0.0" \ No newline at end of file + codeql/util: ">2.0.0 <3.0.0" \ No newline at end of file diff --git a/src/qtil/list/CondensedList.qll b/src/qtil/list/CondensedList.qll index ce42fa6..10b6928 100644 --- a/src/qtil/list/CondensedList.qll +++ b/src/qtil/list/CondensedList.qll @@ -59,10 +59,10 @@ module CondenseList::Ret::pred/1 get */ module GroupBy::Ret::pred/1 getDivision> { private newtype TList = - THead(Item l, Division t) { denseRank(t, l) = 1 } or - TCons(ListEntry prev, Item l) { prev.getDenseIndex() = denseRank(prev.getDivision(), l) - 1 } + THead(Item l, Division t) { l = denseRank(t, 1) } or + TCons(ListEntry prev, Item l) { l = denseRank(prev.getDivision(), prev.getDenseIndex() + 1) } - private module DenseRankConfig implements DenseRankInputSig2 { + private module DenseRankConfig implements DenseRankInputSig1 { class Ranked = Item; class C = Division; @@ -70,7 +70,7 @@ module CondenseList::Ret::pred/1 get int getRank(Division d, Item i) { result = getSparseIndex(i) and d = getDivision(i) } } - private import DenseRank2 + private import DenseRank1 class ListEntry extends TList { Division getDivision() { @@ -87,7 +87,7 @@ module CondenseList::Ret::pred/1 get this = TCons(_, result) } - int getDenseIndex() { result = denseRank(getDivision(), getItem()) } + int getDenseIndex() { getItem() = denseRank(getDivision(), result) } ListEntry getPrev() { this = TCons(result, _) } diff --git a/swift/src/codeql-pack.lock.yml b/swift/src/codeql-pack.lock.yml index 2961dd2..9c806fe 100644 --- a/swift/src/codeql-pack.lock.yml +++ b/swift/src/codeql-pack.lock.yml @@ -2,21 +2,21 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 1.0.12 + version: 2.0.7 codeql/dataflow: - version: 1.1.6 + version: 2.0.7 codeql/mad: - version: 1.0.12 + version: 1.0.23 codeql/regex: - version: 1.0.12 + version: 1.0.23 codeql/ssa: - version: 1.0.12 + version: 1.1.2 codeql/swift-all: - version: 2.0.4 + version: 4.3.0 codeql/tutorial: - version: 1.0.12 + version: 1.0.23 codeql/typetracking: - version: 1.0.12 + version: 2.0.7 codeql/util: - version: 1.0.12 + version: 2.0.10 compiled: false diff --git a/swift/src/qlpack.yml b/swift/src/qlpack.yml index 2551cf5..498a1a4 100644 --- a/swift/src/qlpack.yml +++ b/swift/src/qlpack.yml @@ -1,8 +1,8 @@ name: advanced-security/qtil-swift library: true warnOnImplicitThis: false -version: 0.0.1 +version: 0.0.3 license: MIT dependencies: codeql/swift-all: '>=0.0.1 <5.0.0' - advanced-security/qtil: 0.0.1 \ No newline at end of file + advanced-security/qtil: 0.0.3 \ No newline at end of file diff --git a/swift/test/codeql-pack.lock.yml b/swift/test/codeql-pack.lock.yml index 2961dd2..9c806fe 100644 --- a/swift/test/codeql-pack.lock.yml +++ b/swift/test/codeql-pack.lock.yml @@ -2,21 +2,21 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 1.0.12 + version: 2.0.7 codeql/dataflow: - version: 1.1.6 + version: 2.0.7 codeql/mad: - version: 1.0.12 + version: 1.0.23 codeql/regex: - version: 1.0.12 + version: 1.0.23 codeql/ssa: - version: 1.0.12 + version: 1.1.2 codeql/swift-all: - version: 2.0.4 + version: 4.3.0 codeql/tutorial: - version: 1.0.12 + version: 1.0.23 codeql/typetracking: - version: 1.0.12 + version: 2.0.7 codeql/util: - version: 1.0.12 + version: 2.0.10 compiled: false diff --git a/test/codeql-pack.lock.yml b/test/codeql-pack.lock.yml index ab9a39f..a45ea8f 100644 --- a/test/codeql-pack.lock.yml +++ b/test/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 2.1.1 + version: 4.0.3 codeql/dataflow: - version: 1.1.6 + version: 2.0.3 codeql/mad: - version: 1.0.12 + version: 1.0.19 codeql/rangeanalysis: - version: 1.0.12 + version: 1.0.19 codeql/ssa: - version: 1.0.12 + version: 1.0.19 codeql/tutorial: - version: 1.0.12 + version: 1.0.19 codeql/typeflow: - version: 1.0.12 + version: 1.0.19 codeql/typetracking: - version: 1.0.12 + version: 2.0.3 codeql/util: - version: 1.0.12 + version: 2.0.6 codeql/xml: - version: 1.0.12 + version: 1.0.19 compiled: false diff --git a/test/qlpack.yml b/test/qlpack.yml index a35e4ae..320b466 100644 --- a/test/qlpack.yml +++ b/test/qlpack.yml @@ -5,5 +5,5 @@ version: 0.0.1 license: MIT dependencies: advanced-security/qtil: "*" - codeql/cpp-all: "2.1.1" + codeql/cpp-all: 4.0.3 extractor: cpp \ No newline at end of file diff --git a/test/qtil/list/CondensedListTest.ql b/test/qtil/list/CondensedListTest.ql index 2d8527e..a38c5a5 100644 --- a/test/qtil/list/CondensedListTest.ql +++ b/test/qtil/list/CondensedListTest.ql @@ -14,7 +14,7 @@ class TestFib2 extends Test, Case { x.getNext().getItem() = 3 ) then test.pass("Correct handling of fib 2") - else test.fail("Incorrect handling of fib 2)") + else test.fail("Incorrect handling of fib 2") } } From 98ca1ff1e4d1e0ca8753dc161fb8d418ce94d774 Mon Sep 17 00:00:00 2001 From: Mike Fairhurst Date: Sun, 24 Aug 2025 13:34:46 -0700 Subject: [PATCH 2/3] Ensure all packs are locked to codeql/util 2.0.0 for best testing. In the future, we should consider matrix tests to ensure we're compatible with the ranges that we declare -- both in package versions, and against various CLI versions. For the meantime, the best approach is to test the oldest versions, and assume forward compatibility. At least, that's what's best for codeql/util, if not for the language packs where our support spans multiple major revisions. --- cpp/src/codeql-pack.lock.yml | 2 +- cpp/test/codeql-pack.lock.yml | 2 +- csharp/src/codeql-pack.lock.yml | 20 ++++++++++---------- csharp/test/codeql-pack.lock.yml | 20 ++++++++++---------- go/src/codeql-pack.lock.yml | 16 ++++++++-------- go/test/codeql-pack.lock.yml | 16 ++++++++-------- java/src/codeql-pack.lock.yml | 28 ++++++++++++---------------- javascript/src/codeql-pack.lock.yml | 24 +++++++++++------------- python/src/codeql-pack.lock.yml | 24 +++++++++++------------- ruby/src/codeql-pack.lock.yml | 2 +- ruby/test/codeql-pack.lock.yml | 18 +++++++++++++----- src/codeql-pack.lock.yml | 2 +- src/qlpack.yml | 2 +- swift/src/codeql-pack.lock.yml | 18 +++++++++--------- swift/test/codeql-pack.lock.yml | 18 +++++++++--------- test/codeql-pack.lock.yml | 20 ++++++++++---------- test/qlpack.yml | 2 +- 17 files changed, 117 insertions(+), 117 deletions(-) diff --git a/cpp/src/codeql-pack.lock.yml b/cpp/src/codeql-pack.lock.yml index f4d780a..7e822b3 100644 --- a/cpp/src/codeql-pack.lock.yml +++ b/cpp/src/codeql-pack.lock.yml @@ -8,5 +8,5 @@ dependencies: codeql/tutorial: version: 0.0.7 codeql/util: - version: 2.0.16 + version: 2.0.0 compiled: false diff --git a/cpp/test/codeql-pack.lock.yml b/cpp/test/codeql-pack.lock.yml index f4d780a..7e822b3 100644 --- a/cpp/test/codeql-pack.lock.yml +++ b/cpp/test/codeql-pack.lock.yml @@ -8,5 +8,5 @@ dependencies: codeql/tutorial: version: 0.0.7 codeql/util: - version: 2.0.16 + version: 2.0.0 compiled: false diff --git a/csharp/src/codeql-pack.lock.yml b/csharp/src/codeql-pack.lock.yml index 6405cc3..ad1063c 100644 --- a/csharp/src/codeql-pack.lock.yml +++ b/csharp/src/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.13 + version: 1.0.13 codeql/csharp-all: - version: 5.2.2 + version: 4.0.0 codeql/dataflow: - version: 2.0.13 + version: 1.1.7 codeql/mad: - version: 1.0.29 + version: 1.0.13 codeql/ssa: - version: 2.0.5 + version: 1.0.13 codeql/threat-models: - version: 1.0.29 + version: 1.0.13 codeql/tutorial: - version: 1.0.29 + version: 1.0.13 codeql/typetracking: - version: 2.0.13 + version: 1.0.13 codeql/util: - version: 2.0.16 + version: 2.0.0 codeql/xml: - version: 1.0.29 + version: 1.0.13 compiled: false diff --git a/csharp/test/codeql-pack.lock.yml b/csharp/test/codeql-pack.lock.yml index 6405cc3..ad1063c 100644 --- a/csharp/test/codeql-pack.lock.yml +++ b/csharp/test/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.13 + version: 1.0.13 codeql/csharp-all: - version: 5.2.2 + version: 4.0.0 codeql/dataflow: - version: 2.0.13 + version: 1.1.7 codeql/mad: - version: 1.0.29 + version: 1.0.13 codeql/ssa: - version: 2.0.5 + version: 1.0.13 codeql/threat-models: - version: 1.0.29 + version: 1.0.13 codeql/tutorial: - version: 1.0.29 + version: 1.0.13 codeql/typetracking: - version: 2.0.13 + version: 1.0.13 codeql/util: - version: 2.0.16 + version: 2.0.0 codeql/xml: - version: 1.0.29 + version: 1.0.13 compiled: false diff --git a/go/src/codeql-pack.lock.yml b/go/src/codeql-pack.lock.yml index 1818451..a3cbfd5 100644 --- a/go/src/codeql-pack.lock.yml +++ b/go/src/codeql-pack.lock.yml @@ -2,19 +2,19 @@ lockVersion: 1.0.0 dependencies: codeql/dataflow: - version: 2.0.13 + version: 1.1.7 codeql/go-all: - version: 4.3.2 + version: 3.0.0 codeql/mad: - version: 1.0.29 + version: 1.0.13 codeql/ssa: - version: 2.0.5 + version: 1.0.13 codeql/threat-models: - version: 1.0.29 + version: 1.0.13 codeql/tutorial: - version: 1.0.29 + version: 1.0.13 codeql/typetracking: - version: 2.0.13 + version: 1.0.13 codeql/util: - version: 2.0.16 + version: 2.0.0 compiled: false diff --git a/go/test/codeql-pack.lock.yml b/go/test/codeql-pack.lock.yml index 1818451..a3cbfd5 100644 --- a/go/test/codeql-pack.lock.yml +++ b/go/test/codeql-pack.lock.yml @@ -2,19 +2,19 @@ lockVersion: 1.0.0 dependencies: codeql/dataflow: - version: 2.0.13 + version: 1.1.7 codeql/go-all: - version: 4.3.2 + version: 3.0.0 codeql/mad: - version: 1.0.29 + version: 1.0.13 codeql/ssa: - version: 2.0.5 + version: 1.0.13 codeql/threat-models: - version: 1.0.29 + version: 1.0.13 codeql/tutorial: - version: 1.0.29 + version: 1.0.13 codeql/typetracking: - version: 2.0.13 + version: 1.0.13 codeql/util: - version: 2.0.16 + version: 2.0.0 compiled: false diff --git a/java/src/codeql-pack.lock.yml b/java/src/codeql-pack.lock.yml index 50b5473..000afee 100644 --- a/java/src/codeql-pack.lock.yml +++ b/java/src/codeql-pack.lock.yml @@ -1,32 +1,28 @@ --- lockVersion: 1.0.0 dependencies: - codeql/controlflow: - version: 2.0.13 codeql/dataflow: - version: 2.0.13 + version: 1.1.7 codeql/java-all: - version: 7.6.0 + version: 5.0.0 codeql/mad: - version: 1.0.29 - codeql/quantum: - version: 0.0.7 + version: 1.0.13 codeql/rangeanalysis: - version: 1.0.29 + version: 1.0.13 codeql/regex: - version: 1.0.29 + version: 1.0.13 codeql/ssa: - version: 2.0.5 + version: 1.0.13 codeql/threat-models: - version: 1.0.29 + version: 1.0.13 codeql/tutorial: - version: 1.0.29 + version: 1.0.13 codeql/typeflow: - version: 1.0.29 + version: 1.0.13 codeql/typetracking: - version: 2.0.13 + version: 1.0.13 codeql/util: - version: 2.0.16 + version: 2.0.0 codeql/xml: - version: 1.0.29 + version: 1.0.13 compiled: false diff --git a/javascript/src/codeql-pack.lock.yml b/javascript/src/codeql-pack.lock.yml index e2c921b..d7abf44 100644 --- a/javascript/src/codeql-pack.lock.yml +++ b/javascript/src/codeql-pack.lock.yml @@ -1,28 +1,26 @@ --- lockVersion: 1.0.0 dependencies: - codeql/concepts: - version: 0.0.3 codeql/dataflow: - version: 2.0.13 + version: 1.1.7 codeql/javascript-all: - version: 2.6.9 + version: 2.2.0 codeql/mad: - version: 1.0.29 + version: 1.0.13 codeql/regex: - version: 1.0.29 + version: 1.0.13 codeql/ssa: - version: 2.0.5 + version: 1.0.13 codeql/threat-models: - version: 1.0.29 + version: 1.0.13 codeql/tutorial: - version: 1.0.29 + version: 1.0.13 codeql/typetracking: - version: 2.0.13 + version: 1.0.13 codeql/util: - version: 2.0.16 + version: 2.0.0 codeql/xml: - version: 1.0.29 + version: 1.0.13 codeql/yaml: - version: 1.0.29 + version: 1.0.13 compiled: false diff --git a/python/src/codeql-pack.lock.yml b/python/src/codeql-pack.lock.yml index 0359080..6a8f065 100644 --- a/python/src/codeql-pack.lock.yml +++ b/python/src/codeql-pack.lock.yml @@ -1,28 +1,26 @@ --- lockVersion: 1.0.0 dependencies: - codeql/concepts: - version: 0.0.3 codeql/dataflow: - version: 2.0.13 + version: 1.1.7 codeql/mad: - version: 1.0.29 + version: 1.0.13 codeql/python-all: - version: 4.0.13 + version: 3.0.0 codeql/regex: - version: 1.0.29 + version: 1.0.13 codeql/ssa: - version: 2.0.5 + version: 1.0.13 codeql/threat-models: - version: 1.0.29 + version: 1.0.13 codeql/tutorial: - version: 1.0.29 + version: 1.0.13 codeql/typetracking: - version: 2.0.13 + version: 1.0.13 codeql/util: - version: 2.0.16 + version: 2.0.0 codeql/xml: - version: 1.0.29 + version: 1.0.13 codeql/yaml: - version: 1.0.29 + version: 1.0.13 compiled: false diff --git a/ruby/src/codeql-pack.lock.yml b/ruby/src/codeql-pack.lock.yml index b4969cf..c41af83 100644 --- a/ruby/src/codeql-pack.lock.yml +++ b/ruby/src/codeql-pack.lock.yml @@ -10,5 +10,5 @@ dependencies: codeql/tutorial: version: 0.0.3 codeql/util: - version: 2.0.16 + version: 2.0.0 compiled: false diff --git a/ruby/test/codeql-pack.lock.yml b/ruby/test/codeql-pack.lock.yml index b4969cf..d03c93d 100644 --- a/ruby/test/codeql-pack.lock.yml +++ b/ruby/test/codeql-pack.lock.yml @@ -1,14 +1,22 @@ --- lockVersion: 1.0.0 dependencies: + codeql/controlflow: + version: 1.0.13 + codeql/dataflow: + version: 1.1.7 + codeql/mad: + version: 1.0.13 codeql/regex: - version: 0.0.6 + version: 1.0.13 codeql/ruby-all: - version: 0.5.2 + version: 3.0.0 codeql/ssa: - version: 0.0.10 + version: 1.0.13 codeql/tutorial: - version: 0.0.3 + version: 1.0.13 + codeql/typetracking: + version: 1.0.13 codeql/util: - version: 2.0.16 + version: 2.0.0 compiled: false diff --git a/src/codeql-pack.lock.yml b/src/codeql-pack.lock.yml index ae46ebf..b3cf870 100644 --- a/src/codeql-pack.lock.yml +++ b/src/codeql-pack.lock.yml @@ -2,5 +2,5 @@ lockVersion: 1.0.0 dependencies: codeql/util: - version: 2.0.16 + version: 2.0.0 compiled: false diff --git a/src/qlpack.yml b/src/qlpack.yml index 2bbc955..a4aa2d2 100644 --- a/src/qlpack.yml +++ b/src/qlpack.yml @@ -4,4 +4,4 @@ warnOnImplicitThis: false version: 0.0.3 license: MIT dependencies: - codeql/util: ">2.0.0 <3.0.0" \ No newline at end of file + codeql/util: ">=2.0.0 <3.0.0" \ No newline at end of file diff --git a/swift/src/codeql-pack.lock.yml b/swift/src/codeql-pack.lock.yml index 9c806fe..776a85a 100644 --- a/swift/src/codeql-pack.lock.yml +++ b/swift/src/codeql-pack.lock.yml @@ -2,21 +2,21 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.7 + version: 1.0.13 codeql/dataflow: - version: 2.0.7 + version: 1.1.7 codeql/mad: - version: 1.0.23 + version: 1.0.13 codeql/regex: - version: 1.0.23 + version: 1.0.13 codeql/ssa: - version: 1.1.2 + version: 1.0.13 codeql/swift-all: - version: 4.3.0 + version: 3.0.0 codeql/tutorial: - version: 1.0.23 + version: 1.0.13 codeql/typetracking: - version: 2.0.7 + version: 1.0.13 codeql/util: - version: 2.0.10 + version: 2.0.0 compiled: false diff --git a/swift/test/codeql-pack.lock.yml b/swift/test/codeql-pack.lock.yml index 9c806fe..776a85a 100644 --- a/swift/test/codeql-pack.lock.yml +++ b/swift/test/codeql-pack.lock.yml @@ -2,21 +2,21 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.7 + version: 1.0.13 codeql/dataflow: - version: 2.0.7 + version: 1.1.7 codeql/mad: - version: 1.0.23 + version: 1.0.13 codeql/regex: - version: 1.0.23 + version: 1.0.13 codeql/ssa: - version: 1.1.2 + version: 1.0.13 codeql/swift-all: - version: 4.3.0 + version: 3.0.0 codeql/tutorial: - version: 1.0.23 + version: 1.0.13 codeql/typetracking: - version: 2.0.7 + version: 1.0.13 codeql/util: - version: 2.0.10 + version: 2.0.0 compiled: false diff --git a/test/codeql-pack.lock.yml b/test/codeql-pack.lock.yml index a45ea8f..55116c2 100644 --- a/test/codeql-pack.lock.yml +++ b/test/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/cpp-all: - version: 4.0.3 + version: 3.0.0 codeql/dataflow: - version: 2.0.3 + version: 1.1.7 codeql/mad: - version: 1.0.19 + version: 1.0.13 codeql/rangeanalysis: - version: 1.0.19 + version: 1.0.13 codeql/ssa: - version: 1.0.19 + version: 1.0.13 codeql/tutorial: - version: 1.0.19 + version: 1.0.13 codeql/typeflow: - version: 1.0.19 + version: 1.0.13 codeql/typetracking: - version: 2.0.3 + version: 1.0.13 codeql/util: - version: 2.0.6 + version: 2.0.0 codeql/xml: - version: 1.0.19 + version: 1.0.13 compiled: false diff --git a/test/qlpack.yml b/test/qlpack.yml index 320b466..0f10031 100644 --- a/test/qlpack.yml +++ b/test/qlpack.yml @@ -5,5 +5,5 @@ version: 0.0.1 license: MIT dependencies: advanced-security/qtil: "*" - codeql/cpp-all: 4.0.3 + codeql/cpp-all: "*" extractor: cpp \ No newline at end of file From b5758d603277ec029be19860d84c1fd28cefd258 Mon Sep 17 00:00:00 2001 From: Mike Fairhurst Date: Sun, 24 Aug 2025 13:42:57 -0700 Subject: [PATCH 3/3] Fix version locks for java, js, python test packs. --- java/test/codeql-pack.lock.yml | 28 ++++++++++++---------------- javascript/test/codeql-pack.lock.yml | 24 +++++++++++------------- python/test/codeql-pack.lock.yml | 24 +++++++++++------------- 3 files changed, 34 insertions(+), 42 deletions(-) diff --git a/java/test/codeql-pack.lock.yml b/java/test/codeql-pack.lock.yml index 50b5473..000afee 100644 --- a/java/test/codeql-pack.lock.yml +++ b/java/test/codeql-pack.lock.yml @@ -1,32 +1,28 @@ --- lockVersion: 1.0.0 dependencies: - codeql/controlflow: - version: 2.0.13 codeql/dataflow: - version: 2.0.13 + version: 1.1.7 codeql/java-all: - version: 7.6.0 + version: 5.0.0 codeql/mad: - version: 1.0.29 - codeql/quantum: - version: 0.0.7 + version: 1.0.13 codeql/rangeanalysis: - version: 1.0.29 + version: 1.0.13 codeql/regex: - version: 1.0.29 + version: 1.0.13 codeql/ssa: - version: 2.0.5 + version: 1.0.13 codeql/threat-models: - version: 1.0.29 + version: 1.0.13 codeql/tutorial: - version: 1.0.29 + version: 1.0.13 codeql/typeflow: - version: 1.0.29 + version: 1.0.13 codeql/typetracking: - version: 2.0.13 + version: 1.0.13 codeql/util: - version: 2.0.16 + version: 2.0.0 codeql/xml: - version: 1.0.29 + version: 1.0.13 compiled: false diff --git a/javascript/test/codeql-pack.lock.yml b/javascript/test/codeql-pack.lock.yml index e2c921b..d7abf44 100644 --- a/javascript/test/codeql-pack.lock.yml +++ b/javascript/test/codeql-pack.lock.yml @@ -1,28 +1,26 @@ --- lockVersion: 1.0.0 dependencies: - codeql/concepts: - version: 0.0.3 codeql/dataflow: - version: 2.0.13 + version: 1.1.7 codeql/javascript-all: - version: 2.6.9 + version: 2.2.0 codeql/mad: - version: 1.0.29 + version: 1.0.13 codeql/regex: - version: 1.0.29 + version: 1.0.13 codeql/ssa: - version: 2.0.5 + version: 1.0.13 codeql/threat-models: - version: 1.0.29 + version: 1.0.13 codeql/tutorial: - version: 1.0.29 + version: 1.0.13 codeql/typetracking: - version: 2.0.13 + version: 1.0.13 codeql/util: - version: 2.0.16 + version: 2.0.0 codeql/xml: - version: 1.0.29 + version: 1.0.13 codeql/yaml: - version: 1.0.29 + version: 1.0.13 compiled: false diff --git a/python/test/codeql-pack.lock.yml b/python/test/codeql-pack.lock.yml index 0359080..6a8f065 100644 --- a/python/test/codeql-pack.lock.yml +++ b/python/test/codeql-pack.lock.yml @@ -1,28 +1,26 @@ --- lockVersion: 1.0.0 dependencies: - codeql/concepts: - version: 0.0.3 codeql/dataflow: - version: 2.0.13 + version: 1.1.7 codeql/mad: - version: 1.0.29 + version: 1.0.13 codeql/python-all: - version: 4.0.13 + version: 3.0.0 codeql/regex: - version: 1.0.29 + version: 1.0.13 codeql/ssa: - version: 2.0.5 + version: 1.0.13 codeql/threat-models: - version: 1.0.29 + version: 1.0.13 codeql/tutorial: - version: 1.0.29 + version: 1.0.13 codeql/typetracking: - version: 2.0.13 + version: 1.0.13 codeql/util: - version: 2.0.16 + version: 2.0.0 codeql/xml: - version: 1.0.29 + version: 1.0.13 codeql/yaml: - version: 1.0.29 + version: 1.0.13 compiled: false