Merge branch 'rc/1.24' into mergeback

Author: Shati Patel

CONTRIBUTING.md

@@ -20,7 +20,7 @@ If you have an idea for a query that you would like to share with other CodeQL u
       * Python: `python/ql/src`
 
     Each language-specific directory contains further subdirectories that group queries based on their `@tags` or purpose.
-    - Experimental queries and libraries are stored in the `experimental` subdirectory within each language-specific directory in the [CodeQL repository](https://github.com/Semmle/ql). For example, experimental Java queries and libraries are stored in `java/ql/src/experimental` and any corresponding tests in `java/ql/test/experimental`.
+    - Experimental queries and libraries are stored in the `experimental` subdirectory within each language-specific directory in the [CodeQL repository](https://github.com/github/codeql). For example, experimental Java queries and libraries are stored in `java/ql/src/experimental` and any corresponding tests in `java/ql/test/experimental`.
     - The structure of an `experimental` subdirectory mirrors the structure of its parent directory.
     - Select or create an appropriate directory in `experimental` based on the existing directory structure of `experimental` or its parent directory.
 
@@ -36,7 +36,7 @@ If you have an idea for a query that you would like to share with other CodeQL u
 
 3. **Formatting**
 
-    - The queries and libraries must be [autoformatted](https://help.semmle.com/codeql/codeql-for-vscode/reference/editor.html#autoformatting).
+    - The queries and libraries must be autoformatted, for example using the "Format Document" command in [CodeQL for Visual Studio Code](https://help.semmle.com/codeql/codeql-for-vscode/procedures/about-codeql-for-vscode.html).
 
 4. **Compilation**
 

README.md

@@ -9,7 +9,7 @@ You can use the [interactive query console](https://lgtm.com/help/lgtm/using-que
 
 ## Contributing
 
-We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our [contributing guidelines](CONTRIBUTING.md). You can also consult our [style guides](https://github.com/Semmle/ql/tree/master/docs) to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.
+We welcome contributions to our standard library and standard checks. Do you have an idea for a new check, or how to improve an existing query? Then please go ahead and open a pull request! Before you do, though, please take the time to read our [contributing guidelines](CONTRIBUTING.md). You can also consult our [style guides](https://github.com/github/codeql/tree/master/docs) to learn how to format your code for consistency and clarity, how to write query metadata, and how to write query help documentation for your query.
 
 ## License
 

cpp/ql/src/Likely Bugs/Underspecified Functions/MistypedFunctionArguments.qll

@@ -6,6 +6,7 @@
 
 import cpp
 
+pragma[inline]
 private predicate arithTypesMatch(Type arg, Type parm) {
   arg = parm
   or

cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql

@@ -28,5 +28,5 @@ where
   // is probably a mistake.
   addWithSizeof(e, sizeofExpr, _) and not isCharSzPtrExpr(e)
 select sizeofExpr,
-  "Suspicious sizeof offset in a pointer arithmetic expression. " + "The type of the pointer is " +
-    e.getFullyConverted().getType().toString() + "."
+  "Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@.",
+  e.getFullyConverted().getType() as t, t.toString()

cpp/ql/src/semmle/code/cpp/Declaration.qll

@@ -25,7 +25,7 @@ private import semmle.code.cpp.internal.QualifiedName as Q
  * `DeclarationEntry`, because they always have a unique source location.
  * `EnumConstant` and `FriendDecl` are both examples of this.
  */
-abstract class Declaration extends Locatable, @declaration {
+class Declaration extends Locatable, @declaration {
   /**
    * Gets the innermost namespace which contains this declaration.
    *

cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected

@@ -1,7 +1,7 @@
-| test.cpp:6:30:6:40 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is int *. |
-| test.cpp:14:30:14:40 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is int *. |
-| test.cpp:22:25:22:35 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is int *. |
-| test.cpp:30:25:30:35 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is int *. |
-| test.cpp:38:30:38:40 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is int *. |
-| test.cpp:61:27:61:37 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is int *. |
-| test.cpp:89:43:89:55 | sizeof(MyABC) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is myInt *const. |
+| test.cpp:6:30:6:40 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * |
+| test.cpp:14:30:14:40 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * |
+| test.cpp:22:25:22:35 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * |
+| test.cpp:30:25:30:35 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * |
+| test.cpp:38:30:38:40 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * |
+| test.cpp:61:27:61:37 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * |
+| test.cpp:89:43:89:55 | sizeof(MyABC) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | myInt *const | myInt *const |

docs/language/README.rst

@@ -104,7 +104,7 @@ generates html slide shows in the ``<slides-output>`` directory when run from
 the ``ql-training`` source directory.
 
 For more information about creating slides for QL training and variant analysis 
-examples, see the `template slide deck <https://github.com/Semmle/ql/blob/master/docs/language/ql-training/template.rst>`__.
+examples, see the `template slide deck <https://github.com/github/codeql/blob/master/docs/language/ql-training/template.rst>`__.
 
 Viewing the current version of the CodeQL documentation
 *******************************************************

docs/language/global-sphinx-files/qllexer.py

@@ -44,9 +44,9 @@ class QLLexer(RegexLexer):
                 'max', 'min', 'module', 'newtype', 'not', 'none', 'or', 'order', 
                 'predicate', 'rank', 'result', 'select', 'strictconcat', 
                 'strictcount', 'strictsum', 'sum', 'super', 'then', 'this', 
-                'true', 'where'), prefix=r'\b', suffix=r'\b'),
+                'true', 'unique', 'where'), prefix=r'\b', suffix=r'\b'),
              Keyword),
             # Identifiers
             (r'@?\w', Name),
         ]
-    }
+    }

docs/language/learn-ql/cpp/dataflow.rst

@@ -139,6 +139,10 @@ Global data flow
 
 Global data flow tracks data flow throughout the entire program, and is therefore more powerful than local data flow. However, global data flow is less precise than local data flow, and the analysis typically requires significantly more time and memory to perform.
 
+.. pull-quote:: Note
+
+   .. include:: ../../reusables/path-problem.rst
+
 Using global data flow
 ~~~~~~~~~~~~~~~~~~~~~~
 

docs/language/learn-ql/csharp/dataflow.rst

@@ -137,6 +137,10 @@ Global data flow
 
 Global data flow tracks data flow throughout the entire program, and is therefore more powerful than local data flow. However, global data flow is less precise than local data flow, and the analysis typically requires significantly more time and memory to perform.
 
+.. pull-quote:: Note
+
+   .. include:: ../../reusables/path-problem.rst
+
 Using global data flow
 ~~~~~~~~~~~~~~~~~~~~~~