From d17d44125cac4b2898a5f1093d4e7d068b634065 Mon Sep 17 00:00:00 2001
From: Tamas Vajk <tamasvajk@github.com>
Date: Mon, 7 Apr 2025 12:43:37 +0200
Subject: [PATCH 1/2] Java: add integration test for query suite contents

---
 .../java-code-quality.qls.expected            |  11 +
 .../java-code-scanning.qls.expected           |  79 ++++++
 .../java-security-and-quality.qls.expected    | 243 ++++++++++++++++++
 .../java-security-extended.qls.expected       | 123 +++++++++
 .../java/query-suite/test.py                  |  15 ++
 5 files changed, 471 insertions(+)
 create mode 100644 java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected
 create mode 100644 java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected
 create mode 100644 java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected
 create mode 100644 java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected
 create mode 100644 java/ql/integration-tests/java/query-suite/test.py

diff --git a/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected
new file mode 100644
index 000000000000..1b231590e6a3
--- /dev/null
+++ b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected
@@ -0,0 +1,11 @@
+/ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql
+/ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
+/ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
+/ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql
+/ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql
+/ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql
+/ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql
+/ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql
+/ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql
+/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql
+/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql
diff --git a/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected b/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected
new file mode 100644
index 000000000000..9f22d395c39d
--- /dev/null
+++ b/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected
@@ -0,0 +1,79 @@
+/ql/java/ql/src/Diagnostics/ExtractionErrors.ql
+/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql
+/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
+/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
+/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql
+/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
+/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
+/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
+/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
+/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
+/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
+/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
+/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
+/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
+/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
+/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
+/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
+/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
+/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
+/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql
+/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
+/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
+/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql
+/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
+/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
+/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
+/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
+/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql
+/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
+/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
+/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
+/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
+/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql
+/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql
+/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
+/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
+/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
+/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
+/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql
+/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql
+/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
+/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
+/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
+/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql
+/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
+/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql
+/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
+/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
+/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
+/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
+/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
+/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
+/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
+/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
+/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
+/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
+/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
+/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
+/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql
+/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
+/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql
+/ql/java/ql/src/Telemetry/ExtractorInformation.ql
+/ql/java/ql/src/Telemetry/SupportedExternalApis.ql
+/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql
+/ql/java/ql/src/Telemetry/SupportedExternalSources.ql
+/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql
+/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
diff --git a/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected b/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected
new file mode 100644
index 000000000000..7da7bc5119e3
--- /dev/null
+++ b/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected
@@ -0,0 +1,243 @@
+/ql/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql
+/ql/java/ql/src/Advisory/Deprecated Code/AvoidDeprecatedCallableAccess.ql
+/ql/java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql
+/ql/java/ql/src/Advisory/Documentation/SpuriousJavadocParam.ql
+/ql/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql
+/ql/java/ql/src/Compatibility/JDK9/UnderscoreIdentifier.ql
+/ql/java/ql/src/DeadCode/UselessParameter.ql
+/ql/java/ql/src/Diagnostics/ExtractionErrors.ql
+/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql
+/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
+/ql/java/ql/src/Language Abuse/ChainedInstanceof.ql
+/ql/java/ql/src/Language Abuse/IterableIterator.ql
+/ql/java/ql/src/Language Abuse/OverridePackagePrivate.ql
+/ql/java/ql/src/Language Abuse/TypeVarExtendsFinalType.ql
+/ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql
+/ql/java/ql/src/Language Abuse/UselessNullCheck.ql
+/ql/java/ql/src/Language Abuse/UselessTypeTest.ql
+/ql/java/ql/src/Language Abuse/WrappedIterator.ql
+/ql/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.ql
+/ql/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql
+/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
+/ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
+/ql/java/ql/src/Likely Bugs/Arithmetic/LShiftLargerThanTypeWidth.ql
+/ql/java/ql/src/Likely Bugs/Arithmetic/MultiplyRemainder.ql
+/ql/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql
+/ql/java/ql/src/Likely Bugs/Arithmetic/WhitespaceContradictsPrecedence.ql
+/ql/java/ql/src/Likely Bugs/Cloning/MissingCallToSuperClone.ql
+/ql/java/ql/src/Likely Bugs/Cloning/MissingMethodClone.ql
+/ql/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql
+/ql/java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql
+/ql/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql
+/ql/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
+/ql/java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql
+/ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
+/ql/java/ql/src/Likely Bugs/Comparison/CompareIdenticalValues.ql
+/ql/java/ql/src/Likely Bugs/Comparison/CovariantCompareTo.ql
+/ql/java/ql/src/Likely Bugs/Comparison/CovariantEquals.ql
+/ql/java/ql/src/Likely Bugs/Comparison/EqualsArray.ql
+/ql/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.ql
+/ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql
+/ql/java/ql/src/Likely Bugs/Comparison/InconsistentCompareTo.ql
+/ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql
+/ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql
+/ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql
+/ql/java/ql/src/Likely Bugs/Comparison/StringComparison.ql
+/ql/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql
+/ql/java/ql/src/Likely Bugs/Comparison/WrongNanComparison.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/CallsToConditionWait.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/DateFormatThreadUnsafe.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLocking.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/FutileSynchOnField.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/NotifyNotNotifyAll.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/SynchOnBoxedType.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/SynchSetUnsynchGet.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/SynchWriteObject.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql
+/ql/java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.ql
+/ql/java/ql/src/Likely Bugs/Frameworks/JUnit/BadSuiteMethod.ql
+/ql/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql
+/ql/java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql
+/ql/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql
+/ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql
+/ql/java/ql/src/Likely Bugs/Likely Typos/DangerousNonCircuitLogic.ql
+/ql/java/ql/src/Likely Bugs/Likely Typos/EqualsTypo.ql
+/ql/java/ql/src/Likely Bugs/Likely Typos/HashCodeTypo.ql
+/ql/java/ql/src/Likely Bugs/Likely Typos/MissingFormatArg.ql
+/ql/java/ql/src/Likely Bugs/Likely Typos/MissingSpaceTypo.ql
+/ql/java/ql/src/Likely Bugs/Likely Typos/SelfAssignment.ql
+/ql/java/ql/src/Likely Bugs/Likely Typos/StringBufferCharInit.ql
+/ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql
+/ql/java/ql/src/Likely Bugs/Likely Typos/ToStringTypo.ql
+/ql/java/ql/src/Likely Bugs/Likely Typos/UnusedFormatArg.ql
+/ql/java/ql/src/Likely Bugs/Nullness/NullAlways.ql
+/ql/java/ql/src/Likely Bugs/Nullness/NullExprDeref.ql
+/ql/java/ql/src/Likely Bugs/Nullness/NullMaybe.ql
+/ql/java/ql/src/Likely Bugs/Reflection/AnnotationPresentCheck.ql
+/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql
+/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseSql.ql
+/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql
+/ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql
+/ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql
+/ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.ql
+/ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorsOnSerializable.ql
+/ql/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql
+/ql/java/ql/src/Likely Bugs/Serialization/ReadResolveObject.ql
+/ql/java/ql/src/Likely Bugs/Statements/ContinueInFalseLoop.ql
+/ql/java/ql/src/Likely Bugs/Statements/MissingEnumInSwitch.ql
+/ql/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql
+/ql/java/ql/src/Likely Bugs/Statements/UseBraces.ql
+/ql/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql
+/ql/java/ql/src/Likely Bugs/Termination/SpinOnField.ql
+/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql
+/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
+/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
+/ql/java/ql/src/Performance/InefficientEmptyStringTest.ql
+/ql/java/ql/src/Performance/InefficientKeySetIterator.ql
+/ql/java/ql/src/Performance/InefficientOutputStream.ql
+/ql/java/ql/src/Performance/InefficientPrimConstructor.ql
+/ql/java/ql/src/Performance/InnerClassCouldBeStatic.ql
+/ql/java/ql/src/Performance/NewStringString.ql
+/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
+/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
+/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
+/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql
+/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
+/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql
+/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
+/ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql
+/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
+/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
+/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
+/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
+/ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql
+/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
+/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
+/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
+/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
+/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
+/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
+/ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql
+/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
+/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql
+/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
+/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
+/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
+/ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
+/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql
+/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql
+/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql
+/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
+/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
+/ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
+/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql
+/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
+/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
+/ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql
+/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
+/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
+/ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
+/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
+/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql
+/ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql
+/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
+/ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
+/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql
+/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql
+/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
+/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql
+/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql
+/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
+/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
+/ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
+/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql
+/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql
+/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
+/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
+/ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql
+/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
+/ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql
+/ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql
+/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
+/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql
+/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql
+/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
+/ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql
+/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
+/ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
+/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
+/ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql
+/ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
+/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql
+/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
+/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql
+/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
+/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
+/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
+/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
+/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
+/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
+/ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
+/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
+/ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
+/ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
+/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
+/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
+/ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql
+/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
+/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
+/ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql
+/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
+/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
+/ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
+/ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql
+/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql
+/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
+/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql
+/ql/java/ql/src/Telemetry/ExtractorInformation.ql
+/ql/java/ql/src/Telemetry/SupportedExternalApis.ql
+/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql
+/ql/java/ql/src/Telemetry/SupportedExternalSources.ql
+/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql
+/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
+/ql/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql
+/ql/java/ql/src/Violations of Best Practice/Dead Code/CreatesEmptyZip.ql
+/ql/java/ql/src/Violations of Best Practice/Dead Code/DeadRefTypes.ql
+/ql/java/ql/src/Violations of Best Practice/Dead Code/InterfaceCannotBeImplemented.ql
+/ql/java/ql/src/Violations of Best Practice/Dead Code/UnreadLocal.ql
+/ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedLabel.ql
+/ql/java/ql/src/Violations of Best Practice/Declarations/NoConstantsOnly.ql
+/ql/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql
+/ql/java/ql/src/Violations of Best Practice/Exception Handling/NumberFormatException.ql
+/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/AbstractToConcreteCollection.ql
+/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql
+/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/GetClassGetResource.ql
+/ql/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql
+/ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingMethodNames.ql
+/ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql
+/ql/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql
+/ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsFieldConfusing.ql
+/ql/java/ql/src/Violations of Best Practice/Naming Conventions/SameNameAsSuper.ql
+/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql
+/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql
+/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql
+/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql
+/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/PrintLnArray.ql
diff --git a/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected b/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected
new file mode 100644
index 000000000000..adcdc17c6c15
--- /dev/null
+++ b/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected
@@ -0,0 +1,123 @@
+/ql/java/ql/src/Diagnostics/ExtractionErrors.ql
+/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql
+/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
+/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
+/ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql
+/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql
+/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
+/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
+/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
+/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
+/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
+/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql
+/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
+/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql
+/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
+/ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql
+/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
+/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
+/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
+/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
+/ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql
+/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
+/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
+/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
+/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
+/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
+/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
+/ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql
+/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
+/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql
+/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
+/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
+/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
+/ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
+/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql
+/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql
+/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql
+/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
+/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
+/ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
+/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql
+/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
+/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
+/ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql
+/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
+/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
+/ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
+/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
+/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql
+/ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql
+/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
+/ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
+/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql
+/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql
+/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
+/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql
+/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql
+/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
+/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
+/ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
+/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql
+/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql
+/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
+/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
+/ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql
+/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
+/ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql
+/ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql
+/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
+/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql
+/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql
+/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
+/ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql
+/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
+/ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
+/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
+/ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql
+/ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
+/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql
+/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
+/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql
+/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
+/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
+/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
+/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
+/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
+/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
+/ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
+/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
+/ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
+/ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
+/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
+/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
+/ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql
+/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
+/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
+/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
+/ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql
+/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
+/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
+/ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
+/ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql
+/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql
+/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
+/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql
+/ql/java/ql/src/Telemetry/ExtractorInformation.ql
+/ql/java/ql/src/Telemetry/SupportedExternalApis.ql
+/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql
+/ql/java/ql/src/Telemetry/SupportedExternalSources.ql
+/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql
+/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
diff --git a/java/ql/integration-tests/java/query-suite/test.py b/java/ql/integration-tests/java/query-suite/test.py
new file mode 100644
index 000000000000..9a95a8089989
--- /dev/null
+++ b/java/ql/integration-tests/java/query-suite/test.py
@@ -0,0 +1,15 @@
+import runs_on
+
+@runs_on.linux
+def test(codeql, java, cwd, expected_files, semmle_code_dir):
+    query_suites = ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls']
+
+    for query_suite in query_suites:
+        actual = codeql.resolve.queries(query_suite, _capture=True).strip()
+        actual = sorted(actual.split('\n'))
+        print(semmle_code_dir)
+        index = len(str(semmle_code_dir))
+        actual = [line[index:] for line in actual]
+        actual_file_name = query_suite + '.actual'
+        expected_files.add(actual_file_name)
+        (cwd / actual_file_name).write_text('\n'.join(actual)+'\n')

From ffcf6d6e581185d22f499cd7735d33e429c30b4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tam=C3=A1s=20Vajk?= <tamasvajk@github.com>
Date: Mon, 7 Apr 2025 14:31:24 +0200
Subject: [PATCH 2/2] Apply suggestions from code review

Co-authored-by: Paolo Tranquilli <redsun82@github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .../java-code-quality.qls.expected            |  22 +-
 .../java-code-scanning.qls.expected           | 158 +++---
 .../java-security-and-quality.qls.expected    | 486 +++++++++---------
 .../java-security-extended.qls.expected       | 246 ++++-----
 .../java/query-suite/test.py                  |  14 +-
 5 files changed, 462 insertions(+), 464 deletions(-)

diff --git a/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected
index 1b231590e6a3..6f396573aa16 100644
--- a/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected
+++ b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected
@@ -1,11 +1,11 @@
-/ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql
-/ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
-/ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
-/ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql
-/ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql
-/ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql
-/ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql
-/ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql
-/ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql
-/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql
-/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql
+ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql
+ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
+ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
+ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql
+ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql
+ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql
+ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql
+ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql
+ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql
+ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql
+ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql
diff --git a/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected b/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected
index 9f22d395c39d..a8ce00aca6c5 100644
--- a/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected
+++ b/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected
@@ -1,79 +1,79 @@
-/ql/java/ql/src/Diagnostics/ExtractionErrors.ql
-/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql
-/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
-/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
-/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql
-/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
-/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
-/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
-/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
-/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
-/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
-/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
-/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
-/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
-/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
-/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
-/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
-/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
-/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
-/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql
-/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
-/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
-/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql
-/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
-/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
-/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
-/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
-/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql
-/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
-/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
-/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
-/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
-/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql
-/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql
-/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
-/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
-/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
-/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
-/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql
-/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql
-/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
-/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
-/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
-/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql
-/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
-/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql
-/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
-/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
-/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
-/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
-/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
-/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
-/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
-/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
-/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
-/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
-/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
-/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
-/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql
-/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
-/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql
-/ql/java/ql/src/Telemetry/ExtractorInformation.ql
-/ql/java/ql/src/Telemetry/SupportedExternalApis.ql
-/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql
-/ql/java/ql/src/Telemetry/SupportedExternalSources.ql
-/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql
-/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
+ql/java/ql/src/Diagnostics/ExtractionErrors.ql
+ql/java/ql/src/Diagnostics/ExtractionWarnings.ql
+ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
+ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
+ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql
+ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
+ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
+ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
+ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
+ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
+ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
+ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
+ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
+ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
+ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
+ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
+ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
+ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
+ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
+ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
+ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
+ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
+ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql
+ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
+ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
+ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql
+ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
+ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
+ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
+ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
+ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql
+ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
+ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
+ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
+ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
+ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql
+ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql
+ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
+ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
+ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
+ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
+ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
+ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql
+ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql
+ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
+ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
+ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
+ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql
+ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
+ql/java/ql/src/Security/CWE/CWE-611/XXE.ql
+ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
+ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
+ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
+ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
+ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
+ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
+ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
+ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
+ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
+ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
+ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
+ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
+ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
+ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
+ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
+ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql
+ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
+ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql
+ql/java/ql/src/Telemetry/ExtractorInformation.ql
+ql/java/ql/src/Telemetry/SupportedExternalApis.ql
+ql/java/ql/src/Telemetry/SupportedExternalSinks.ql
+ql/java/ql/src/Telemetry/SupportedExternalSources.ql
+ql/java/ql/src/Telemetry/SupportedExternalTaint.ql
+ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
diff --git a/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected b/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected
index 7da7bc5119e3..85d7e7d0960d 100644
--- a/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected
+++ b/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected
@@ -1,243 +1,243 @@
-/ql/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql
-/ql/java/ql/src/Advisory/Deprecated Code/AvoidDeprecatedCallableAccess.ql
-/ql/java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql
-/ql/java/ql/src/Advisory/Documentation/SpuriousJavadocParam.ql
-/ql/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql
-/ql/java/ql/src/Compatibility/JDK9/UnderscoreIdentifier.ql
-/ql/java/ql/src/DeadCode/UselessParameter.ql
-/ql/java/ql/src/Diagnostics/ExtractionErrors.ql
-/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql
-/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
-/ql/java/ql/src/Language Abuse/ChainedInstanceof.ql
-/ql/java/ql/src/Language Abuse/IterableIterator.ql
-/ql/java/ql/src/Language Abuse/OverridePackagePrivate.ql
-/ql/java/ql/src/Language Abuse/TypeVarExtendsFinalType.ql
-/ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql
-/ql/java/ql/src/Language Abuse/UselessNullCheck.ql
-/ql/java/ql/src/Language Abuse/UselessTypeTest.ql
-/ql/java/ql/src/Language Abuse/WrappedIterator.ql
-/ql/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.ql
-/ql/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql
-/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
-/ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
-/ql/java/ql/src/Likely Bugs/Arithmetic/LShiftLargerThanTypeWidth.ql
-/ql/java/ql/src/Likely Bugs/Arithmetic/MultiplyRemainder.ql
-/ql/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql
-/ql/java/ql/src/Likely Bugs/Arithmetic/WhitespaceContradictsPrecedence.ql
-/ql/java/ql/src/Likely Bugs/Cloning/MissingCallToSuperClone.ql
-/ql/java/ql/src/Likely Bugs/Cloning/MissingMethodClone.ql
-/ql/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql
-/ql/java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql
-/ql/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql
-/ql/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
-/ql/java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql
-/ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
-/ql/java/ql/src/Likely Bugs/Comparison/CompareIdenticalValues.ql
-/ql/java/ql/src/Likely Bugs/Comparison/CovariantCompareTo.ql
-/ql/java/ql/src/Likely Bugs/Comparison/CovariantEquals.ql
-/ql/java/ql/src/Likely Bugs/Comparison/EqualsArray.ql
-/ql/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.ql
-/ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql
-/ql/java/ql/src/Likely Bugs/Comparison/InconsistentCompareTo.ql
-/ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql
-/ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql
-/ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql
-/ql/java/ql/src/Likely Bugs/Comparison/StringComparison.ql
-/ql/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql
-/ql/java/ql/src/Likely Bugs/Comparison/WrongNanComparison.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/CallsToConditionWait.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/DateFormatThreadUnsafe.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLocking.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/FutileSynchOnField.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/NotifyNotNotifyAll.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/SynchOnBoxedType.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/SynchSetUnsynchGet.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/SynchWriteObject.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql
-/ql/java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.ql
-/ql/java/ql/src/Likely Bugs/Frameworks/JUnit/BadSuiteMethod.ql
-/ql/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql
-/ql/java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql
-/ql/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql
-/ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql
-/ql/java/ql/src/Likely Bugs/Likely Typos/DangerousNonCircuitLogic.ql
-/ql/java/ql/src/Likely Bugs/Likely Typos/EqualsTypo.ql
-/ql/java/ql/src/Likely Bugs/Likely Typos/HashCodeTypo.ql
-/ql/java/ql/src/Likely Bugs/Likely Typos/MissingFormatArg.ql
-/ql/java/ql/src/Likely Bugs/Likely Typos/MissingSpaceTypo.ql
-/ql/java/ql/src/Likely Bugs/Likely Typos/SelfAssignment.ql
-/ql/java/ql/src/Likely Bugs/Likely Typos/StringBufferCharInit.ql
-/ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql
-/ql/java/ql/src/Likely Bugs/Likely Typos/ToStringTypo.ql
-/ql/java/ql/src/Likely Bugs/Likely Typos/UnusedFormatArg.ql
-/ql/java/ql/src/Likely Bugs/Nullness/NullAlways.ql
-/ql/java/ql/src/Likely Bugs/Nullness/NullExprDeref.ql
-/ql/java/ql/src/Likely Bugs/Nullness/NullMaybe.ql
-/ql/java/ql/src/Likely Bugs/Reflection/AnnotationPresentCheck.ql
-/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql
-/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseSql.ql
-/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql
-/ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql
-/ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql
-/ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.ql
-/ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorsOnSerializable.ql
-/ql/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql
-/ql/java/ql/src/Likely Bugs/Serialization/ReadResolveObject.ql
-/ql/java/ql/src/Likely Bugs/Statements/ContinueInFalseLoop.ql
-/ql/java/ql/src/Likely Bugs/Statements/MissingEnumInSwitch.ql
-/ql/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql
-/ql/java/ql/src/Likely Bugs/Statements/UseBraces.ql
-/ql/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql
-/ql/java/ql/src/Likely Bugs/Termination/SpinOnField.ql
-/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql
-/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
-/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
-/ql/java/ql/src/Performance/InefficientEmptyStringTest.ql
-/ql/java/ql/src/Performance/InefficientKeySetIterator.ql
-/ql/java/ql/src/Performance/InefficientOutputStream.ql
-/ql/java/ql/src/Performance/InefficientPrimConstructor.ql
-/ql/java/ql/src/Performance/InnerClassCouldBeStatic.ql
-/ql/java/ql/src/Performance/NewStringString.ql
-/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
-/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
-/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
-/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql
-/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
-/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql
-/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
-/ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql
-/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
-/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
-/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
-/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
-/ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql
-/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
-/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
-/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
-/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
-/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
-/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
-/ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql
-/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
-/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql
-/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
-/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
-/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
-/ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
-/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql
-/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql
-/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql
-/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
-/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
-/ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
-/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql
-/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
-/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
-/ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql
-/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
-/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
-/ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
-/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
-/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql
-/ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql
-/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
-/ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
-/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql
-/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql
-/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
-/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql
-/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql
-/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
-/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
-/ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
-/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql
-/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql
-/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
-/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
-/ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql
-/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
-/ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql
-/ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql
-/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
-/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql
-/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql
-/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
-/ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql
-/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
-/ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
-/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
-/ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql
-/ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
-/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql
-/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
-/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql
-/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
-/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
-/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
-/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
-/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
-/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
-/ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
-/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
-/ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
-/ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
-/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
-/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
-/ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql
-/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
-/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
-/ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql
-/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
-/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
-/ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
-/ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql
-/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql
-/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
-/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql
-/ql/java/ql/src/Telemetry/ExtractorInformation.ql
-/ql/java/ql/src/Telemetry/SupportedExternalApis.ql
-/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql
-/ql/java/ql/src/Telemetry/SupportedExternalSources.ql
-/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql
-/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
-/ql/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql
-/ql/java/ql/src/Violations of Best Practice/Dead Code/CreatesEmptyZip.ql
-/ql/java/ql/src/Violations of Best Practice/Dead Code/DeadRefTypes.ql
-/ql/java/ql/src/Violations of Best Practice/Dead Code/InterfaceCannotBeImplemented.ql
-/ql/java/ql/src/Violations of Best Practice/Dead Code/UnreadLocal.ql
-/ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedLabel.ql
-/ql/java/ql/src/Violations of Best Practice/Declarations/NoConstantsOnly.ql
-/ql/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql
-/ql/java/ql/src/Violations of Best Practice/Exception Handling/NumberFormatException.ql
-/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/AbstractToConcreteCollection.ql
-/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql
-/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/GetClassGetResource.ql
-/ql/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql
-/ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingMethodNames.ql
-/ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql
-/ql/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql
-/ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsFieldConfusing.ql
-/ql/java/ql/src/Violations of Best Practice/Naming Conventions/SameNameAsSuper.ql
-/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql
-/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql
-/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql
-/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql
-/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/PrintLnArray.ql
+ql/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql
+ql/java/ql/src/Advisory/Deprecated Code/AvoidDeprecatedCallableAccess.ql
+ql/java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql
+ql/java/ql/src/Advisory/Documentation/SpuriousJavadocParam.ql
+ql/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql
+ql/java/ql/src/Compatibility/JDK9/UnderscoreIdentifier.ql
+ql/java/ql/src/DeadCode/UselessParameter.ql
+ql/java/ql/src/Diagnostics/ExtractionErrors.ql
+ql/java/ql/src/Diagnostics/ExtractionWarnings.ql
+ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
+ql/java/ql/src/Language Abuse/ChainedInstanceof.ql
+ql/java/ql/src/Language Abuse/IterableIterator.ql
+ql/java/ql/src/Language Abuse/OverridePackagePrivate.ql
+ql/java/ql/src/Language Abuse/TypeVarExtendsFinalType.ql
+ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql
+ql/java/ql/src/Language Abuse/UselessNullCheck.ql
+ql/java/ql/src/Language Abuse/UselessTypeTest.ql
+ql/java/ql/src/Language Abuse/WrappedIterator.ql
+ql/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.ql
+ql/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql
+ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
+ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
+ql/java/ql/src/Likely Bugs/Arithmetic/LShiftLargerThanTypeWidth.ql
+ql/java/ql/src/Likely Bugs/Arithmetic/MultiplyRemainder.ql
+ql/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql
+ql/java/ql/src/Likely Bugs/Arithmetic/WhitespaceContradictsPrecedence.ql
+ql/java/ql/src/Likely Bugs/Cloning/MissingCallToSuperClone.ql
+ql/java/ql/src/Likely Bugs/Cloning/MissingMethodClone.ql
+ql/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql
+ql/java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql
+ql/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql
+ql/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
+ql/java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql
+ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
+ql/java/ql/src/Likely Bugs/Comparison/CompareIdenticalValues.ql
+ql/java/ql/src/Likely Bugs/Comparison/CovariantCompareTo.ql
+ql/java/ql/src/Likely Bugs/Comparison/CovariantEquals.ql
+ql/java/ql/src/Likely Bugs/Comparison/EqualsArray.ql
+ql/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.ql
+ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql
+ql/java/ql/src/Likely Bugs/Comparison/InconsistentCompareTo.ql
+ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql
+ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql
+ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql
+ql/java/ql/src/Likely Bugs/Comparison/StringComparison.ql
+ql/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql
+ql/java/ql/src/Likely Bugs/Comparison/WrongNanComparison.ql
+ql/java/ql/src/Likely Bugs/Concurrency/CallsToConditionWait.ql
+ql/java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql
+ql/java/ql/src/Likely Bugs/Concurrency/DateFormatThreadUnsafe.ql
+ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLocking.ql
+ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql
+ql/java/ql/src/Likely Bugs/Concurrency/FutileSynchOnField.ql
+ql/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql
+ql/java/ql/src/Likely Bugs/Concurrency/NotifyNotNotifyAll.ql
+ql/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql
+ql/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql
+ql/java/ql/src/Likely Bugs/Concurrency/SynchOnBoxedType.ql
+ql/java/ql/src/Likely Bugs/Concurrency/SynchSetUnsynchGet.ql
+ql/java/ql/src/Likely Bugs/Concurrency/SynchWriteObject.ql
+ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql
+ql/java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.ql
+ql/java/ql/src/Likely Bugs/Frameworks/JUnit/BadSuiteMethod.ql
+ql/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql
+ql/java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql
+ql/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql
+ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql
+ql/java/ql/src/Likely Bugs/Likely Typos/DangerousNonCircuitLogic.ql
+ql/java/ql/src/Likely Bugs/Likely Typos/EqualsTypo.ql
+ql/java/ql/src/Likely Bugs/Likely Typos/HashCodeTypo.ql
+ql/java/ql/src/Likely Bugs/Likely Typos/MissingFormatArg.ql
+ql/java/ql/src/Likely Bugs/Likely Typos/MissingSpaceTypo.ql
+ql/java/ql/src/Likely Bugs/Likely Typos/SelfAssignment.ql
+ql/java/ql/src/Likely Bugs/Likely Typos/StringBufferCharInit.ql
+ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql
+ql/java/ql/src/Likely Bugs/Likely Typos/ToStringTypo.ql
+ql/java/ql/src/Likely Bugs/Likely Typos/UnusedFormatArg.ql
+ql/java/ql/src/Likely Bugs/Nullness/NullAlways.ql
+ql/java/ql/src/Likely Bugs/Nullness/NullExprDeref.ql
+ql/java/ql/src/Likely Bugs/Nullness/NullMaybe.ql
+ql/java/ql/src/Likely Bugs/Reflection/AnnotationPresentCheck.ql
+ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql
+ql/java/ql/src/Likely Bugs/Resource Leaks/CloseSql.ql
+ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql
+ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql
+ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql
+ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.ql
+ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorsOnSerializable.ql
+ql/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql
+ql/java/ql/src/Likely Bugs/Serialization/ReadResolveObject.ql
+ql/java/ql/src/Likely Bugs/Statements/ContinueInFalseLoop.ql
+ql/java/ql/src/Likely Bugs/Statements/MissingEnumInSwitch.ql
+ql/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql
+ql/java/ql/src/Likely Bugs/Statements/UseBraces.ql
+ql/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql
+ql/java/ql/src/Likely Bugs/Termination/SpinOnField.ql
+ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql
+ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
+ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
+ql/java/ql/src/Performance/InefficientEmptyStringTest.ql
+ql/java/ql/src/Performance/InefficientKeySetIterator.ql
+ql/java/ql/src/Performance/InefficientOutputStream.ql
+ql/java/ql/src/Performance/InefficientPrimConstructor.ql
+ql/java/ql/src/Performance/InnerClassCouldBeStatic.ql
+ql/java/ql/src/Performance/NewStringString.ql
+ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
+ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
+ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
+ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql
+ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
+ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
+ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
+ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql
+ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
+ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql
+ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
+ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
+ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
+ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
+ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql
+ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
+ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
+ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
+ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
+ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
+ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
+ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
+ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql
+ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql
+ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
+ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql
+ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
+ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
+ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
+ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
+ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql
+ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql
+ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql
+ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
+ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
+ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
+ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql
+ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
+ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
+ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql
+ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
+ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
+ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
+ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
+ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql
+ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql
+ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
+ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
+ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql
+ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql
+ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
+ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql
+ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql
+ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
+ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
+ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
+ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql
+ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql
+ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
+ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
+ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql
+ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
+ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql
+ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql
+ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
+ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
+ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql
+ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql
+ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
+ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql
+ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
+ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
+ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
+ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql
+ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
+ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql
+ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
+ql/java/ql/src/Security/CWE/CWE-611/XXE.ql
+ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
+ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
+ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
+ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
+ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
+ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
+ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
+ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
+ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
+ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
+ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
+ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
+ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
+ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
+ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql
+ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
+ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
+ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
+ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql
+ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
+ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
+ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
+ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql
+ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql
+ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
+ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql
+ql/java/ql/src/Telemetry/ExtractorInformation.ql
+ql/java/ql/src/Telemetry/SupportedExternalApis.ql
+ql/java/ql/src/Telemetry/SupportedExternalSinks.ql
+ql/java/ql/src/Telemetry/SupportedExternalSources.ql
+ql/java/ql/src/Telemetry/SupportedExternalTaint.ql
+ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
+ql/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql
+ql/java/ql/src/Violations of Best Practice/Dead Code/CreatesEmptyZip.ql
+ql/java/ql/src/Violations of Best Practice/Dead Code/DeadRefTypes.ql
+ql/java/ql/src/Violations of Best Practice/Dead Code/InterfaceCannotBeImplemented.ql
+ql/java/ql/src/Violations of Best Practice/Dead Code/UnreadLocal.ql
+ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedLabel.ql
+ql/java/ql/src/Violations of Best Practice/Declarations/NoConstantsOnly.ql
+ql/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql
+ql/java/ql/src/Violations of Best Practice/Exception Handling/NumberFormatException.ql
+ql/java/ql/src/Violations of Best Practice/Implementation Hiding/AbstractToConcreteCollection.ql
+ql/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql
+ql/java/ql/src/Violations of Best Practice/Implementation Hiding/GetClassGetResource.ql
+ql/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql
+ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingMethodNames.ql
+ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql
+ql/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql
+ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsFieldConfusing.ql
+ql/java/ql/src/Violations of Best Practice/Naming Conventions/SameNameAsSuper.ql
+ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql
+ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql
+ql/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql
+ql/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql
+ql/java/ql/src/Violations of Best Practice/Undesirable Calls/PrintLnArray.ql
diff --git a/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected b/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected
index adcdc17c6c15..d5f4cbf1ccc4 100644
--- a/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected
+++ b/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected
@@ -1,123 +1,123 @@
-/ql/java/ql/src/Diagnostics/ExtractionErrors.ql
-/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql
-/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
-/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
-/ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql
-/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql
-/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
-/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
-/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
-/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
-/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
-/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql
-/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
-/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql
-/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
-/ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql
-/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
-/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
-/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
-/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
-/ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql
-/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
-/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
-/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
-/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
-/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
-/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
-/ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql
-/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
-/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql
-/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
-/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
-/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
-/ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
-/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql
-/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql
-/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql
-/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
-/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
-/ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
-/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql
-/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
-/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
-/ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql
-/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
-/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
-/ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
-/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
-/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql
-/ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql
-/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
-/ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
-/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql
-/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql
-/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
-/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql
-/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql
-/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
-/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
-/ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
-/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql
-/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql
-/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
-/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
-/ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql
-/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
-/ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql
-/ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql
-/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
-/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql
-/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql
-/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
-/ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql
-/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
-/ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
-/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
-/ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql
-/ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
-/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql
-/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
-/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql
-/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
-/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
-/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
-/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
-/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
-/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
-/ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
-/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
-/ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
-/ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
-/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
-/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
-/ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql
-/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
-/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
-/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
-/ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql
-/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
-/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
-/ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
-/ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql
-/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql
-/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
-/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql
-/ql/java/ql/src/Telemetry/ExtractorInformation.ql
-/ql/java/ql/src/Telemetry/SupportedExternalApis.ql
-/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql
-/ql/java/ql/src/Telemetry/SupportedExternalSources.ql
-/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql
-/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
+ql/java/ql/src/Diagnostics/ExtractionErrors.ql
+ql/java/ql/src/Diagnostics/ExtractionWarnings.ql
+ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
+ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
+ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql
+ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql
+ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
+ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
+ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
+ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
+ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
+ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql
+ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
+ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
+ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
+ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql
+ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
+ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql
+ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
+ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
+ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
+ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
+ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql
+ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
+ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
+ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
+ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
+ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
+ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
+ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
+ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
+ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql
+ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql
+ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
+ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql
+ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
+ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
+ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
+ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
+ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql
+ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql
+ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql
+ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
+ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
+ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
+ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql
+ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
+ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
+ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql
+ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
+ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
+ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
+ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
+ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql
+ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql
+ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
+ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
+ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql
+ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql
+ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
+ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql
+ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql
+ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
+ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
+ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
+ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql
+ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql
+ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
+ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
+ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql
+ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
+ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql
+ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql
+ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
+ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
+ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql
+ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql
+ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
+ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql
+ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
+ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
+ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
+ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql
+ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
+ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql
+ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
+ql/java/ql/src/Security/CWE/CWE-611/XXE.ql
+ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
+ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
+ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
+ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
+ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
+ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
+ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
+ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
+ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
+ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
+ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
+ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
+ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
+ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
+ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql
+ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
+ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
+ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
+ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql
+ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
+ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
+ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
+ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql
+ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql
+ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
+ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql
+ql/java/ql/src/Telemetry/ExtractorInformation.ql
+ql/java/ql/src/Telemetry/SupportedExternalApis.ql
+ql/java/ql/src/Telemetry/SupportedExternalSinks.ql
+ql/java/ql/src/Telemetry/SupportedExternalSources.ql
+ql/java/ql/src/Telemetry/SupportedExternalTaint.ql
+ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
diff --git a/java/ql/integration-tests/java/query-suite/test.py b/java/ql/integration-tests/java/query-suite/test.py
index 9a95a8089989..c829eb9ffa01 100644
--- a/java/ql/integration-tests/java/query-suite/test.py
+++ b/java/ql/integration-tests/java/query-suite/test.py
@@ -1,15 +1,13 @@
+import os
 import runs_on
+import pytest
 
 @runs_on.linux
-def test(codeql, java, cwd, expected_files, semmle_code_dir):
-    query_suites = ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls']
-
-    for query_suite in query_suites:
+@pytest.mark.parametrize("query_suite", ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls'])
+def test(codeql, java, cwd, expected_files, semmle_code_dir, query_suite):
         actual = codeql.resolve.queries(query_suite, _capture=True).strip()
-        actual = sorted(actual.split('\n'))
-        print(semmle_code_dir)
-        index = len(str(semmle_code_dir))
-        actual = [line[index:] for line in actual]
+        actual = sorted(actual.splitlines())
+        actual = [os.path.relpath(q, semmle_code_dir) for q in actual]
         actual_file_name = query_suite + '.actual'
         expected_files.add(actual_file_name)
         (cwd / actual_file_name).write_text('\n'.join(actual)+'\n')